libselinux-3.9-5.fc44

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1]
libselinux-3.9/src/audit2why.c:59:37: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(sepol_bool_get_name(boolean))’
libselinux-3.9/src/audit2why.c:58:35: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:59:37: danger: ‘strdup(sepol_bool_get_name(boolean))’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   57|   	boollist[boolcnt] = malloc(sizeof(struct boolean_t));
#   58|   	boollist[boolcnt]->name = strdup(sepol_bool_get_name(boolean));
#   59|-> 	boollist[boolcnt]->active = sepol_bool_get_value(boolean);
#   60|   	boolcnt++;
#   61|   	return 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
libselinux-3.9/src/audit2why.c:82:22: warning[-Wanalyzer-malloc-leak]: leak of ‘foundlist’
libselinux-3.9/src/audit2why.c:74:26: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:75:12: branch_false: following ‘false’ branch (when ‘foundlist’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/audit2why.c:79:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:80:38: branch_true: ...to here
libselinux-3.9/src/audit2why.c:82:22: danger: ‘foundlist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   80|   		char *name = boollist[i]->name;
#   81|   		int active = boollist[i]->active;
#   82|-> 		rc = sepol_bool_key_create(avc->handle, name, &key);
#   83|   		if (rc < 0) {
#   84|   			PyErr_SetString( PyExc_RuntimeError, 

Error: GCC_ANALYZER_WARNING (CWE-401): [#def3]
libselinux-3.9/src/audit2why.c:84:25: warning[-Wanalyzer-malloc-leak]: leak of ‘foundlist’
libselinux-3.9/src/audit2why.c:74:26: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:75:12: branch_false: following ‘false’ branch (when ‘foundlist’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/audit2why.c:79:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:80:38: branch_true: ...to here
libselinux-3.9/src/audit2why.c:83:20: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:84:25: branch_true: ...to here
libselinux-3.9/src/audit2why.c:84:25: danger: ‘foundlist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   82|   		rc = sepol_bool_key_create(avc->handle, name, &key);
#   83|   		if (rc < 0) {
#   84|-> 			PyErr_SetString( PyExc_RuntimeError, 
#   85|   					 "Could not create boolean key.\n");
#   86|   			break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
libselinux-3.9/src/audit2why.c:88:22: warning[-Wanalyzer-malloc-leak]: leak of ‘foundlist’
libselinux-3.9/src/audit2why.c:74:26: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:75:12: branch_false: following ‘false’ branch (when ‘foundlist’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/audit2why.c:79:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:80:38: branch_true: ...to here
libselinux-3.9/src/audit2why.c:83:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:88:22: branch_false: ...to here
libselinux-3.9/src/audit2why.c:88:22: danger: ‘foundlist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#   86|   			break;
#   87|   		}
#   88|-> 		rc = sepol_bool_query(avc->handle,
#   89|   				      avc->policydb,
#   90|   				      key, &boolean);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
libselinux-3.9/src/audit2why.c:95:25: warning[-Wanalyzer-malloc-leak]: leak of ‘foundlist’
libselinux-3.9/src/audit2why.c:74:26: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:75:12: branch_false: following ‘false’ branch (when ‘foundlist’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/audit2why.c:79:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:80:38: branch_true: ...to here
libselinux-3.9/src/audit2why.c:83:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:88:22: branch_false: ...to here
libselinux-3.9/src/audit2why.c:92:20: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:93:25: branch_true: ...to here
libselinux-3.9/src/audit2why.c:95:25: danger: ‘foundlist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#   93|   			snprintf(errormsg, sizeof(errormsg), 
#   94|   				 "Could not find boolean %s.\n", name);
#   95|-> 			PyErr_SetString( PyExc_RuntimeError, errormsg);
#   96|   			break;
#   97|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
libselinux-3.9/src/audit2why.c:99:17: warning[-Wanalyzer-malloc-leak]: leak of ‘foundlist’
libselinux-3.9/src/audit2why.c:74:26: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:75:12: branch_false: following ‘false’ branch (when ‘foundlist’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/audit2why.c:79:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:80:38: branch_true: ...to here
libselinux-3.9/src/audit2why.c:83:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:88:22: branch_false: ...to here
libselinux-3.9/src/audit2why.c:92:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:99:17: branch_false: ...to here
libselinux-3.9/src/audit2why.c:99:17: danger: ‘foundlist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#   97|   		}
#   98|   
#   99|-> 		sepol_bool_set_value(boolean, !active);
#  100|   
#  101|   		rc = sepol_bool_set(avc->handle,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def7]
libselinux-3.9/src/audit2why.c:101:22: warning[-Wanalyzer-malloc-leak]: leak of ‘foundlist’
libselinux-3.9/src/audit2why.c:74:26: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:75:12: branch_false: following ‘false’ branch (when ‘foundlist’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/audit2why.c:79:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:80:38: branch_true: ...to here
libselinux-3.9/src/audit2why.c:83:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:88:22: branch_false: ...to here
libselinux-3.9/src/audit2why.c:92:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:99:17: branch_false: ...to here
libselinux-3.9/src/audit2why.c:101:22: danger: ‘foundlist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#   99|   		sepol_bool_set_value(boolean, !active);
#  100|   
#  101|-> 		rc = sepol_bool_set(avc->handle,
#  102|   				    avc->policydb,
#  103|   				    key, boolean);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
libselinux-3.9/src/audit2why.c:107:25: warning[-Wanalyzer-malloc-leak]: leak of ‘foundlist’
libselinux-3.9/src/audit2why.c:74:26: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:75:12: branch_false: following ‘false’ branch (when ‘foundlist’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/audit2why.c:79:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:80:38: branch_true: ...to here
libselinux-3.9/src/audit2why.c:83:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:88:22: branch_false: ...to here
libselinux-3.9/src/audit2why.c:92:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:99:17: branch_false: ...to here
libselinux-3.9/src/audit2why.c:104:20: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:105:25: branch_true: ...to here
libselinux-3.9/src/audit2why.c:107:25: danger: ‘foundlist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  105|   			snprintf(errormsg, sizeof(errormsg), 
#  106|   				 "Could not set boolean data %s.\n", name);
#  107|-> 			PyErr_SetString( PyExc_RuntimeError, errormsg);
#  108|   			break;
#  109|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
libselinux-3.9/src/audit2why.c:112:22: warning[-Wanalyzer-malloc-leak]: leak of ‘foundlist’
libselinux-3.9/src/audit2why.c:74:26: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:75:12: branch_false: following ‘false’ branch (when ‘foundlist’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/audit2why.c:79:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:80:38: branch_true: ...to here
libselinux-3.9/src/audit2why.c:83:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:88:22: branch_false: ...to here
libselinux-3.9/src/audit2why.c:92:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:99:17: branch_false: ...to here
libselinux-3.9/src/audit2why.c:104:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:113:49: branch_false: ...to here
libselinux-3.9/src/audit2why.c:112:22: danger: ‘foundlist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  110|   
#  111|   		/* Reproduce the computation. */
#  112|-> 		rc = sepol_compute_av_reason(avc->ssid, avc->tsid, avc->tclass,
#  113|   					     avc->av, &avd, &reason);
#  114|   		if (rc < 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
libselinux-3.9/src/audit2why.c:117:25: warning[-Wanalyzer-malloc-leak]: leak of ‘foundlist’
libselinux-3.9/src/audit2why.c:74:26: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:75:12: branch_false: following ‘false’ branch (when ‘foundlist’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/audit2why.c:79:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:80:38: branch_true: ...to here
libselinux-3.9/src/audit2why.c:83:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:88:22: branch_false: ...to here
libselinux-3.9/src/audit2why.c:92:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:99:17: branch_false: ...to here
libselinux-3.9/src/audit2why.c:104:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:113:49: branch_false: ...to here
libselinux-3.9/src/audit2why.c:114:20: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:115:25: branch_true: ...to here
libselinux-3.9/src/audit2why.c:117:25: danger: ‘foundlist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  115|   			snprintf(errormsg, sizeof(errormsg), 
#  116|   				 "Error during access vector computation, skipping...");
#  117|-> 			PyErr_SetString( PyExc_RuntimeError, errormsg);
#  118|   
#  119|   			sepol_bool_free(boolean);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
libselinux-3.9/src/audit2why.c:119:25: warning[-Wanalyzer-malloc-leak]: leak of ‘foundlist’
libselinux-3.9/src/audit2why.c:74:26: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:75:12: branch_false: following ‘false’ branch (when ‘foundlist’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/audit2why.c:79:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:80:38: branch_true: ...to here
libselinux-3.9/src/audit2why.c:83:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:88:22: branch_false: ...to here
libselinux-3.9/src/audit2why.c:92:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:99:17: branch_false: ...to here
libselinux-3.9/src/audit2why.c:104:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:113:49: branch_false: ...to here
libselinux-3.9/src/audit2why.c:114:20: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:115:25: branch_true: ...to here
libselinux-3.9/src/audit2why.c:119:25: danger: ‘foundlist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#  117|   			PyErr_SetString( PyExc_RuntimeError, errormsg);
#  118|   
#  119|-> 			sepol_bool_free(boolean);
#  120|   			break;
#  121|   		} else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def12]
libselinux-3.9/src/audit2why.c:126:25: warning[-Wanalyzer-malloc-leak]: leak of ‘foundlist’
libselinux-3.9/src/audit2why.c:74:26: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:75:12: branch_false: following ‘false’ branch (when ‘foundlist’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/audit2why.c:79:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:80:38: branch_true: ...to here
libselinux-3.9/src/audit2why.c:83:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:88:22: branch_false: ...to here
libselinux-3.9/src/audit2why.c:92:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:99:17: branch_false: ...to here
libselinux-3.9/src/audit2why.c:104:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:113:49: branch_false: ...to here
libselinux-3.9/src/audit2why.c:114:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:122:29: branch_false: ...to here
libselinux-3.9/src/audit2why.c:122:28: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:126:25: branch_false: ...to here
libselinux-3.9/src/audit2why.c:126:25: danger: ‘foundlist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/0)
#  124|   				fcnt++;
#  125|   			}
#  126|-> 			sepol_bool_set_value(boolean, active);
#  127|   			rc = sepol_bool_set(avc->handle,
#  128|   					    avc->policydb, key,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def13]
libselinux-3.9/src/audit2why.c:127:30: warning[-Wanalyzer-malloc-leak]: leak of ‘foundlist’
libselinux-3.9/src/audit2why.c:74:26: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:75:12: branch_false: following ‘false’ branch (when ‘foundlist’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/audit2why.c:79:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:80:38: branch_true: ...to here
libselinux-3.9/src/audit2why.c:83:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:88:22: branch_false: ...to here
libselinux-3.9/src/audit2why.c:92:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:99:17: branch_false: ...to here
libselinux-3.9/src/audit2why.c:104:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:113:49: branch_false: ...to here
libselinux-3.9/src/audit2why.c:114:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:122:29: branch_false: ...to here
libselinux-3.9/src/audit2why.c:122:28: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:126:25: branch_false: ...to here
libselinux-3.9/src/audit2why.c:127:30: danger: ‘foundlist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/0)
#  125|   			}
#  126|   			sepol_bool_set_value(boolean, active);
#  127|-> 			rc = sepol_bool_set(avc->handle,
#  128|   					    avc->policydb, key,
#  129|   					    boolean);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def14]
libselinux-3.9/src/audit2why.c:135:33: warning[-Wanalyzer-malloc-leak]: leak of ‘foundlist’
libselinux-3.9/src/audit2why.c:74:26: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:75:12: branch_false: following ‘false’ branch (when ‘foundlist’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/audit2why.c:79:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:80:38: branch_true: ...to here
libselinux-3.9/src/audit2why.c:83:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:88:22: branch_false: ...to here
libselinux-3.9/src/audit2why.c:92:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:99:17: branch_false: ...to here
libselinux-3.9/src/audit2why.c:104:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:113:49: branch_false: ...to here
libselinux-3.9/src/audit2why.c:114:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:122:29: branch_false: ...to here
libselinux-3.9/src/audit2why.c:122:28: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:126:25: branch_false: ...to here
libselinux-3.9/src/audit2why.c:130:28: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:131:33: branch_true: ...to here
libselinux-3.9/src/audit2why.c:135:33: danger: ‘foundlist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/0)
#  133|   					 name);
#  134|   			
#  135|-> 				PyErr_SetString( PyExc_RuntimeError, errormsg);
#  136|   				break;
#  137|   			}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def15]
libselinux-3.9/src/audit2why.c:139:17: warning[-Wanalyzer-malloc-leak]: leak of ‘foundlist’
libselinux-3.9/src/audit2why.c:74:26: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:75:12: branch_false: following ‘false’ branch (when ‘foundlist’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/audit2why.c:79:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:80:38: branch_true: ...to here
libselinux-3.9/src/audit2why.c:83:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:88:22: branch_false: ...to here
libselinux-3.9/src/audit2why.c:92:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:99:17: branch_false: ...to here
libselinux-3.9/src/audit2why.c:104:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:113:49: branch_false: ...to here
libselinux-3.9/src/audit2why.c:114:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:122:29: branch_false: ...to here
libselinux-3.9/src/audit2why.c:122:28: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:126:25: branch_false: ...to here
libselinux-3.9/src/audit2why.c:130:28: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:139:17: branch_false: ...to here
libselinux-3.9/src/audit2why.c:139:17: danger: ‘foundlist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/0)
#  137|   			}
#  138|   		}
#  139|-> 		sepol_bool_free(boolean);
#  140|   		sepol_bool_key_free(key);
#  141|   		key = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def16]
libselinux-3.9/src/audit2why.c:140:17: warning[-Wanalyzer-malloc-leak]: leak of ‘foundlist’
libselinux-3.9/src/audit2why.c:74:26: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:75:12: branch_false: following ‘false’ branch (when ‘foundlist’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/audit2why.c:79:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:80:38: branch_true: ...to here
libselinux-3.9/src/audit2why.c:83:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:88:22: branch_false: ...to here
libselinux-3.9/src/audit2why.c:92:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:99:17: branch_false: ...to here
libselinux-3.9/src/audit2why.c:104:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:113:49: branch_false: ...to here
libselinux-3.9/src/audit2why.c:114:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:122:29: branch_false: ...to here
libselinux-3.9/src/audit2why.c:122:28: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:126:25: branch_false: ...to here
libselinux-3.9/src/audit2why.c:130:28: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:139:17: branch_false: ...to here
libselinux-3.9/src/audit2why.c:140:17: danger: ‘foundlist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/0)
#  138|   		}
#  139|   		sepol_bool_free(boolean);
#  140|-> 		sepol_bool_key_free(key);
#  141|   		key = NULL;
#  142|   		boolean = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def17]
libselinux-3.9/src/audit2why.c:145:17: warning[-Wanalyzer-malloc-leak]: leak of ‘foundlist’
libselinux-3.9/src/audit2why.c:74:26: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:75:12: branch_false: following ‘false’ branch (when ‘foundlist’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/audit2why.c:79:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:80:38: branch_true: ...to here
libselinux-3.9/src/audit2why.c:83:20: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:84:25: branch_true: ...to here
libselinux-3.9/src/audit2why.c:144:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:145:17: branch_true: ...to here
libselinux-3.9/src/audit2why.c:145:17: danger: ‘foundlist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/0)
#  143|   	}
#  144|   	if (key)
#  145|-> 		sepol_bool_key_free(key);
#  146|   
#  147|   	if (boolean)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def18]
libselinux-3.9/src/audit2why.c:148:17: warning[-Wanalyzer-malloc-leak]: leak of ‘foundlist’
libselinux-3.9/src/audit2why.c:74:26: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:75:12: branch_false: following ‘false’ branch (when ‘foundlist’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/audit2why.c:79:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:80:38: branch_true: ...to here
libselinux-3.9/src/audit2why.c:83:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:88:22: branch_false: ...to here
libselinux-3.9/src/audit2why.c:147:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:148:17: branch_true: ...to here
libselinux-3.9/src/audit2why.c:148:17: danger: ‘foundlist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/0)
#  146|   
#  147|   	if (boolean)
#  148|-> 		sepol_bool_free(boolean);
#  149|   
#  150|   	if (fcnt > 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def19]
libselinux-3.9/src/audit2why.c:153:25: warning[-Wanalyzer-malloc-leak]: leak of ‘foundlist’
libselinux-3.9/src/audit2why.c:74:26: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:75:12: branch_false: following ‘false’ branch (when ‘foundlist’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/audit2why.c:79:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:80:38: branch_true: ...to here
libselinux-3.9/src/audit2why.c:83:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:88:22: branch_false: ...to here
libselinux-3.9/src/audit2why.c:92:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:99:17: branch_false: ...to here
libselinux-3.9/src/audit2why.c:104:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:113:49: branch_false: ...to here
libselinux-3.9/src/audit2why.c:114:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:122:29: branch_false: ...to here
libselinux-3.9/src/audit2why.c:150:12: branch_true: following ‘true’ branch (when ‘fcnt != 0’)...
libselinux-3.9/src/audit2why.c:151:33: branch_true: ...to here
libselinux-3.9/src/audit2why.c:152:20: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:153:25: branch_true: ...to here
libselinux-3.9/src/audit2why.c:153:25: danger: ‘foundlist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/0)
#  151|   		*bools = calloc(fcnt + 1, sizeof(struct boolean_t));
#  152|   		if (!*bools) {
#  153|-> 			PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
#  154|   			free(foundlist);
#  155|   			return 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def20]
libselinux-3.9/src/audit2why.c:231:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(curpolicy, "re")’
libselinux-3.9/src/audit2why.c:220:14: acquire_resource: opened here
libselinux-3.9/src/audit2why.c:221:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:229:15: branch_false: ...to here
libselinux-3.9/src/audit2why.c:230:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:231:17: branch_true: ...to here
libselinux-3.9/src/audit2why.c:231:17: danger: ‘fopen(curpolicy, "re")’ leaks here; was opened at [(1)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/0)
#  229|   	avc = calloc(1, sizeof(struct avc_t));
#  230|   	if (!avc) {
#  231|-> 		PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
#  232|   		fclose(fp);
#  233|   		return 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
libselinux-3.9/src/audit2why.c:231:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(curpolicy, "re")’
libselinux-3.9/src/audit2why.c:220:14: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:221:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:229:15: branch_false: ...to here
libselinux-3.9/src/audit2why.c:230:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/audit2why.c:231:17: branch_true: ...to here
libselinux-3.9/src/audit2why.c:231:17: danger: ‘fopen(curpolicy, "re")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/0)
#  229|   	avc = calloc(1, sizeof(struct avc_t));
#  230|   	if (!avc) {
#  231|-> 		PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
#  232|   		fclose(fp);
#  233|   		return 1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def22]
libselinux-3.9/src/audit2why.c:239:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(curpolicy, "re")’
libselinux-3.9/src/audit2why.c:220:14: acquire_resource: opened here
libselinux-3.9/src/audit2why.c:221:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:229:15: branch_false: ...to here
libselinux-3.9/src/audit2why.c:230:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:239:13: branch_false: ...to here
libselinux-3.9/src/audit2why.c:239:13: danger: ‘fopen(curpolicy, "re")’ leaks here; was opened at [(1)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/0)
#  237|   	   for testing what booleans might have allowed the access.
#  238|   	   Otherwise, we'd just use sepol_set_policydb_from_file() here. */
#  239|-> 	if (sepol_policy_file_create(&pf) ||
#  240|   	    sepol_policydb_create(&avc->policydb)) {
#  241|   		snprintf(errormsg, sizeof(errormsg), 

Error: GCC_ANALYZER_WARNING (CWE-401): [#def23]
libselinux-3.9/src/audit2why.c:239:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(curpolicy, "re")’
libselinux-3.9/src/audit2why.c:220:14: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:221:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:229:15: branch_false: ...to here
libselinux-3.9/src/audit2why.c:230:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:239:13: branch_false: ...to here
libselinux-3.9/src/audit2why.c:239:13: danger: ‘fopen(curpolicy, "re")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/0)
#  237|   	   for testing what booleans might have allowed the access.
#  238|   	   Otherwise, we'd just use sepol_set_policydb_from_file() here. */
#  239|-> 	if (sepol_policy_file_create(&pf) ||
#  240|   	    sepol_policydb_create(&avc->policydb)) {
#  241|   		snprintf(errormsg, sizeof(errormsg), 

Error: GCC_ANALYZER_WARNING (CWE-775): [#def24]
libselinux-3.9/src/audit2why.c:240:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(curpolicy, "re")’
libselinux-3.9/src/audit2why.c:220:14: acquire_resource: opened here
libselinux-3.9/src/audit2why.c:221:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:229:15: branch_false: ...to here
libselinux-3.9/src/audit2why.c:230:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:239:13: branch_false: ...to here
libselinux-3.9/src/audit2why.c:239:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:240:39: branch_false: ...to here
libselinux-3.9/src/audit2why.c:240:13: danger: ‘fopen(curpolicy, "re")’ leaks here; was opened at [(1)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/0)
#  238|   	   Otherwise, we'd just use sepol_set_policydb_from_file() here. */
#  239|   	if (sepol_policy_file_create(&pf) ||
#  240|-> 	    sepol_policydb_create(&avc->policydb)) {
#  241|   		snprintf(errormsg, sizeof(errormsg), 
#  242|   			 "policydb_init failed: %m\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def25]
libselinux-3.9/src/audit2why.c:240:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(curpolicy, "re")’
libselinux-3.9/src/audit2why.c:220:14: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:221:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:229:15: branch_false: ...to here
libselinux-3.9/src/audit2why.c:230:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:239:13: branch_false: ...to here
libselinux-3.9/src/audit2why.c:239:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:240:39: branch_false: ...to here
libselinux-3.9/src/audit2why.c:240:13: danger: ‘fopen(curpolicy, "re")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/0)
#  238|   	   Otherwise, we'd just use sepol_set_policydb_from_file() here. */
#  239|   	if (sepol_policy_file_create(&pf) ||
#  240|-> 	    sepol_policydb_create(&avc->policydb)) {
#  241|   		snprintf(errormsg, sizeof(errormsg), 
#  242|   			 "policydb_init failed: %m\n");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def26]
libselinux-3.9/src/audit2why.c:243:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(curpolicy, "re")’
libselinux-3.9/src/audit2why.c:220:14: acquire_resource: opened here
libselinux-3.9/src/audit2why.c:221:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:229:15: branch_false: ...to here
libselinux-3.9/src/audit2why.c:230:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:239:13: branch_false: ...to here
libselinux-3.9/src/audit2why.c:243:17: danger: ‘fopen(curpolicy, "re")’ leaks here; was opened at [(1)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/0)
#  241|   		snprintf(errormsg, sizeof(errormsg), 
#  242|   			 "policydb_init failed: %m\n");
#  243|-> 		PyErr_SetString( PyExc_RuntimeError, errormsg);
#  244|   		goto err;
#  245|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def27]
libselinux-3.9/src/audit2why.c:243:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(curpolicy, "re")’
libselinux-3.9/src/audit2why.c:220:14: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:221:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:229:15: branch_false: ...to here
libselinux-3.9/src/audit2why.c:230:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:239:13: branch_false: ...to here
libselinux-3.9/src/audit2why.c:243:17: danger: ‘fopen(curpolicy, "re")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/0)
#  241|   		snprintf(errormsg, sizeof(errormsg), 
#  242|   			 "policydb_init failed: %m\n");
#  243|-> 		PyErr_SetString( PyExc_RuntimeError, errormsg);
#  244|   		goto err;
#  245|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def28]
libselinux-3.9/src/audit2why.c:246:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(curpolicy, "re")’
libselinux-3.9/src/audit2why.c:220:14: acquire_resource: opened here
libselinux-3.9/src/audit2why.c:221:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:229:15: branch_false: ...to here
libselinux-3.9/src/audit2why.c:230:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:239:13: branch_false: ...to here
libselinux-3.9/src/audit2why.c:239:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:240:39: branch_false: ...to here
libselinux-3.9/src/audit2why.c:239:13: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:246:9: branch_false: ...to here
libselinux-3.9/src/audit2why.c:246:9: danger: ‘fopen(curpolicy, "re")’ leaks here; was opened at [(1)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/0)
#  244|   		goto err;
#  245|   	}
#  246|-> 	sepol_policy_file_set_fp(pf, fp);	
#  247|   	if (sepol_policydb_read(avc->policydb, pf)) {
#  248|   		snprintf(errormsg, sizeof(errormsg), 

Error: GCC_ANALYZER_WARNING (CWE-401): [#def29]
libselinux-3.9/src/audit2why.c:246:9: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(curpolicy, "re")’
libselinux-3.9/src/audit2why.c:220:14: acquire_memory: allocated here
libselinux-3.9/src/audit2why.c:221:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:229:15: branch_false: ...to here
libselinux-3.9/src/audit2why.c:230:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:239:13: branch_false: ...to here
libselinux-3.9/src/audit2why.c:239:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:240:39: branch_false: ...to here
libselinux-3.9/src/audit2why.c:239:13: branch_false: following ‘false’ branch...
libselinux-3.9/src/audit2why.c:246:9: branch_false: ...to here
libselinux-3.9/src/audit2why.c:246:9: danger: ‘fopen(curpolicy, "re")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/0)
#  244|   		goto err;
#  245|   	}
#  246|-> 	sepol_policy_file_set_fp(pf, fp);	
#  247|   	if (sepol_policydb_read(avc->policydb, pf)) {
#  248|   		snprintf(errormsg, sizeof(errormsg), 

Error: GCC_ANALYZER_WARNING (CWE-401): [#def30]
libselinux-3.9/src/avc_internal.h:75:32: warning[-Wanalyzer-malloc-leak]: leak of ‘avc_malloc(24)’
libselinux-3.9/src/avc_sidtab.c:48:1: enter_function: entry to ‘sidtab_insert’
libselinux-3.9/src/avc_sidtab.c:54:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/avc_sidtab.c:57:41: branch_false: ...to here
libselinux-3.9/src/avc_sidtab.c:57:41: call_function: calling ‘avc_malloc’ from ‘sidtab_insert’
libselinux-3.9/src/avc_sidtab.c:57:41: return_function: returning to ‘sidtab_insert’ from ‘avc_malloc’
libselinux-3.9/src/avc_sidtab.c:58:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/avc_sidtab.c:60:18: branch_false: ...to here
libselinux-3.9/src/avc_sidtab.c:61:12: branch_true: following ‘true’ branch (when ‘newctx’ is NULL)...
libselinux-3.9/src/avc_sidtab.c:62:17: branch_true: ...to here
libselinux-3.9/src/avc_sidtab.c:62:17: call_function: calling ‘avc_free’ from ‘sidtab_insert’
#   73|   static inline void *avc_malloc(size_t size)
#   74|   {
#   75|-> 	return avc_func_malloc ? avc_func_malloc(size) : malloc(size);
#   76|   }
#   77|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def31]
libselinux-3.9/src/booleans.c:106:21: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
libselinux-3.9/src/booleans.c:235:5: enter_function: entry to ‘security_get_boolean_pending’
libselinux-3.9/src/booleans.c:240:13: call_function: calling ‘get_bool_value’ from ‘security_get_boolean_pending’
#  104|   		return NULL;
#  105|   
#  106|-> 	cfg = fopen(selinux_booleans_subs_path(), "re");
#  107|   	if (!cfg)
#  108|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def32]
libselinux-3.9/src/booleans.c:174:14: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
libselinux-3.9/src/booleans.c:235:5: enter_function: entry to ‘security_get_boolean_pending’
libselinux-3.9/src/booleans.c:240:13: call_function: calling ‘get_bool_value’ from ‘security_get_boolean_pending’
#  172|   		goto out;
#  173|   
#  174|-> 	fd = open(fname, flag);
#  175|   	if (fd >= 0 || errno != ENOENT)
#  176|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def33]
libselinux-3.9/src/booleans.c:320:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524289)’
libselinux-3.9/src/booleans.c:307:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/booleans.c:312:9: branch_false: ...to here
libselinux-3.9/src/booleans.c:313:14: acquire_resource: opened here
libselinux-3.9/src/booleans.c:314:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/booleans.c:317:9: branch_false: ...to here
libselinux-3.9/src/booleans.c:320:15: danger: ‘open(&path, 524289)’ leaks here; was opened at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  318|   	buf[1] = '\0';
#  319|   
#  320|-> 	ret = write(fd, buf, 2);
#  321|   	close(fd);
#  322|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def34]
libselinux-3.9/src/booleans.c:323:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524289)’
libselinux-3.9/src/booleans.c:307:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/booleans.c:312:9: branch_false: ...to here
libselinux-3.9/src/booleans.c:313:14: acquire_resource: opened here
libselinux-3.9/src/booleans.c:314:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/booleans.c:317:9: branch_false: ...to here
libselinux-3.9/src/booleans.c:323:12: danger: ‘open(&path, 524289)’ leaks here; was opened at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  321|   	close(fd);
#  322|   
#  323|-> 	if (ret > 0)
#  324|   		return 0;
#  325|   	else

Error: GCC_ANALYZER_WARNING (CWE-775): [#def35]
libselinux-3.9/src/canonicalize_context.c:42:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/canonicalize_context.c:20:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/canonicalize_context.c:25:9: branch_false: ...to here
libselinux-3.9/src/canonicalize_context.c:26:14: acquire_resource: opened here
libselinux-3.9/src/canonicalize_context.c:27:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/canonicalize_context.c:30:9: branch_false: ...to here
libselinux-3.9/src/canonicalize_context.c:32:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/canonicalize_context.c:36:13: branch_false: ...to here
libselinux-3.9/src/canonicalize_context.c:36:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/canonicalize_context.c:42:30: branch_false: ...to here
libselinux-3.9/src/canonicalize_context.c:42:15: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   40|   	}
#   41|   
#   42|-> 	ret = write(fd, buf, strlen(buf) + 1);
#   43|   	if (ret < 0)
#   44|   		goto out2;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def36]
libselinux-3.9/src/canonicalize_context.c:63:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/canonicalize_context.c:20:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/canonicalize_context.c:25:9: branch_false: ...to here
libselinux-3.9/src/canonicalize_context.c:26:14: acquire_resource: opened here
libselinux-3.9/src/canonicalize_context.c:27:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/canonicalize_context.c:30:9: branch_false: ...to here
libselinux-3.9/src/canonicalize_context.c:63:9: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#   61|   	free(buf);
#   62|         out:
#   63|-> 	close(fd);
#   64|   	return ret;
#   65|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def37]
libselinux-3.9/src/canonicalize_context.c:63:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rcanoncon’
libselinux-3.9/src/canonicalize_context.c:68:5: enter_function: entry to ‘security_canonicalize_context’
libselinux-3.9/src/canonicalize_context.c:75:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/canonicalize_context.c:78:15: branch_false: ...to here
libselinux-3.9/src/canonicalize_context.c:78:15: call_function: calling ‘security_canonicalize_context_raw’ from ‘security_canonicalize_context’
#   61|   	free(buf);
#   62|         out:
#   63|-> 	close(fd);
#   64|   	return ret;
#   65|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def38]
libselinux-3.9/src/canonicalize_context.c:80:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rcanoncon’
libselinux-3.9/src/canonicalize_context.c:68:5: enter_function: entry to ‘security_canonicalize_context’
libselinux-3.9/src/canonicalize_context.c:75:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/canonicalize_context.c:78:15: branch_false: ...to here
libselinux-3.9/src/canonicalize_context.c:78:15: call_function: calling ‘security_canonicalize_context_raw’ from ‘security_canonicalize_context’
libselinux-3.9/src/canonicalize_context.c:78:15: return_function: returning to ‘security_canonicalize_context’ from ‘security_canonicalize_context_raw’
libselinux-3.9/src/canonicalize_context.c:80:9: danger: ‘rcanoncon’ leaks here; was allocated at [(16)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/15)
#   78|   	ret = security_canonicalize_context_raw(rcon, &rcanoncon);
#   79|   
#   80|-> 	freecon(rcon);
#   81|   	if (!ret) {
#   82|   		ret = selinux_raw_to_trans_context(rcanoncon, canoncon);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def39]
libselinux-3.9/src/canonicalize_context.c:82:23: warning[-Wanalyzer-malloc-leak]: leak of ‘rcanoncon’
libselinux-3.9/src/canonicalize_context.c:68:5: enter_function: entry to ‘security_canonicalize_context’
libselinux-3.9/src/canonicalize_context.c:75:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/canonicalize_context.c:78:15: branch_false: ...to here
libselinux-3.9/src/canonicalize_context.c:78:15: call_function: calling ‘security_canonicalize_context_raw’ from ‘security_canonicalize_context’
libselinux-3.9/src/canonicalize_context.c:78:15: return_function: returning to ‘security_canonicalize_context’ from ‘security_canonicalize_context_raw’
libselinux-3.9/src/canonicalize_context.c:81:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/canonicalize_context.c:82:23: branch_true: ...to here
libselinux-3.9/src/canonicalize_context.c:82:23: danger: ‘rcanoncon’ leaks here; was allocated at [(16)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/15)
#   80|   	freecon(rcon);
#   81|   	if (!ret) {
#   82|-> 		ret = selinux_raw_to_trans_context(rcanoncon, canoncon);
#   83|   		freecon(rcanoncon);
#   84|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def40]
libselinux-3.9/src/canonicalize_context.c:83:17: warning[-Wanalyzer-malloc-leak]: leak of ‘rcanoncon’
libselinux-3.9/src/canonicalize_context.c:68:5: enter_function: entry to ‘security_canonicalize_context’
libselinux-3.9/src/canonicalize_context.c:75:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/canonicalize_context.c:78:15: branch_false: ...to here
libselinux-3.9/src/canonicalize_context.c:78:15: call_function: calling ‘security_canonicalize_context_raw’ from ‘security_canonicalize_context’
libselinux-3.9/src/canonicalize_context.c:78:15: return_function: returning to ‘security_canonicalize_context’ from ‘security_canonicalize_context_raw’
libselinux-3.9/src/canonicalize_context.c:81:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/canonicalize_context.c:82:23: branch_true: ...to here
libselinux-3.9/src/canonicalize_context.c:83:17: danger: ‘rcanoncon’ leaks here; was allocated at [(16)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/15)
#   81|   	if (!ret) {
#   82|   		ret = selinux_raw_to_trans_context(rcanoncon, canoncon);
#   83|-> 		freecon(rcanoncon);
#   84|   	}
#   85|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def41]
libselinux-3.9/src/check_context.c:27:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/check_context.c:17:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/check_context.c:22:9: branch_false: ...to here
libselinux-3.9/src/check_context.c:23:14: acquire_resource: opened here
libselinux-3.9/src/check_context.c:24:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/check_context.c:27:30: branch_false: ...to here
libselinux-3.9/src/check_context.c:27:15: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   25|   		return -1;
#   26|   
#   27|-> 	ret = write(fd, con, strlen(con) + 1);
#   28|   	close(fd);
#   29|   	if (ret < 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def42]
libselinux-3.9/src/check_context.c:29:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/check_context.c:17:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/check_context.c:22:9: branch_false: ...to here
libselinux-3.9/src/check_context.c:23:14: acquire_resource: opened here
libselinux-3.9/src/check_context.c:24:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/check_context.c:27:30: branch_false: ...to here
libselinux-3.9/src/check_context.c:29:12: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#   27|   	ret = write(fd, con, strlen(con) + 1);
#   28|   	close(fd);
#   29|-> 	if (ret < 0)
#   30|   		return -1;
#   31|   	return 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def43]
libselinux-3.9/src/checkreqprot.c:31:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524288)’
libselinux-3.9/src/checkreqprot.c:18:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/checkreqprot.c:23:9: branch_false: ...to here
libselinux-3.9/src/checkreqprot.c:24:14: acquire_resource: opened here
libselinux-3.9/src/checkreqprot.c:25:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/checkreqprot.c:28:9: branch_false: ...to here
libselinux-3.9/src/checkreqprot.c:31:12: danger: ‘open(&path, 524288)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   29|   	ret = read(fd, buf, sizeof(buf) - 1);
#   30|   	close(fd);
#   31|-> 	if (ret < 0)
#   32|   		return -1;
#   33|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def44]
libselinux-3.9/src/compute_av.c:42:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/compute_av.c:25:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_av.c:30:9: branch_false: ...to here
libselinux-3.9/src/compute_av.c:31:14: acquire_resource: opened here
libselinux-3.9/src/compute_av.c:32:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_av.c:35:9: branch_false: ...to here
libselinux-3.9/src/compute_av.c:37:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/compute_av.c:42:18: branch_false: ...to here
libselinux-3.9/src/compute_av.c:42:18: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   40|   	}
#   41|   
#   42|-> 	kclass = unmap_class(tclass);
#   43|   
#   44|   	ret = snprintf(buf, len, "%s %s %hu %x", scon, tcon,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def45]
libselinux-3.9/src/compute_av.c:42:18: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
libselinux-3.9/src/compute_av.c:25:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_av.c:30:9: branch_false: ...to here
libselinux-3.9/src/compute_av.c:32:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_av.c:35:9: branch_false: ...to here
libselinux-3.9/src/compute_av.c:36:15: acquire_memory: allocated here
libselinux-3.9/src/compute_av.c:37:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/compute_av.c:42:18: branch_false: ...to here
libselinux-3.9/src/compute_av.c:42:18: danger: ‘buf’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#   40|   	}
#   41|   
#   42|-> 	kclass = unmap_class(tclass);
#   43|   
#   44|   	ret = snprintf(buf, len, "%s %s %hu %x", scon, tcon,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def46]
libselinux-3.9/src/compute_av.c:44:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/compute_av.c:25:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_av.c:30:9: branch_false: ...to here
libselinux-3.9/src/compute_av.c:31:14: acquire_resource: opened here
libselinux-3.9/src/compute_av.c:32:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_av.c:35:9: branch_false: ...to here
libselinux-3.9/src/compute_av.c:37:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/compute_av.c:42:18: branch_false: ...to here
libselinux-3.9/src/compute_av.c:44:15: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#   42|   	kclass = unmap_class(tclass);
#   43|   
#   44|-> 	ret = snprintf(buf, len, "%s %s %hu %x", scon, tcon,
#   45|   		 kclass, unmap_perm(tclass, requested));
#   46|   	if (ret < 0 || (size_t)ret >= len) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def47]
libselinux-3.9/src/compute_av.c:44:15: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
libselinux-3.9/src/compute_av.c:25:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_av.c:30:9: branch_false: ...to here
libselinux-3.9/src/compute_av.c:32:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_av.c:35:9: branch_false: ...to here
libselinux-3.9/src/compute_av.c:36:15: acquire_memory: allocated here
libselinux-3.9/src/compute_av.c:37:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/compute_av.c:42:18: branch_false: ...to here
libselinux-3.9/src/compute_av.c:44:15: danger: ‘buf’ leaks here; was allocated at [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
#   42|   	kclass = unmap_class(tclass);
#   43|   
#   44|-> 	ret = snprintf(buf, len, "%s %s %hu %x", scon, tcon,
#   45|   		 kclass, unmap_perm(tclass, requested));
#   46|   	if (ret < 0 || (size_t)ret >= len) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def48]
libselinux-3.9/src/compute_av.c:52:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/compute_av.c:25:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_av.c:30:9: branch_false: ...to here
libselinux-3.9/src/compute_av.c:31:14: acquire_resource: opened here
libselinux-3.9/src/compute_av.c:32:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_av.c:35:9: branch_false: ...to here
libselinux-3.9/src/compute_av.c:37:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/compute_av.c:42:18: branch_false: ...to here
libselinux-3.9/src/compute_av.c:46:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_av.c:52:15: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#   50|   	}
#   51|   
#   52|-> 	ret = write(fd, buf, strlen(buf));
#   53|   	if (ret < 0)
#   54|   		goto out2;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def49]
libselinux-3.9/src/compute_av.c:79:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/compute_av.c:25:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_av.c:30:9: branch_false: ...to here
libselinux-3.9/src/compute_av.c:31:14: acquire_resource: opened here
libselinux-3.9/src/compute_av.c:32:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_av.c:35:9: branch_false: ...to here
libselinux-3.9/src/compute_av.c:37:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/compute_av.c:42:18: branch_false: ...to here
libselinux-3.9/src/compute_av.c:46:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_av.c:53:12: branch_false: following ‘false’ branch (when ‘ret >= 0’)...
libselinux-3.9/src/compute_av.c:56:9: branch_false: ...to here
libselinux-3.9/src/compute_av.c:58:12: branch_false: following ‘false’ branch (when ‘ret >= 0’)...
libselinux-3.9/src/compute_av.c:61:15: branch_false: ...to here
libselinux-3.9/src/compute_av.c:65:12: branch_false: following ‘false’ branch (when ‘ret > 4’)...
libselinux-3.9/src/compute_av.c:68:19: branch_false: ...to here
libselinux-3.9/src/compute_av.c:68:19: branch_false: following ‘false’ branch (when ‘ret != 5’)...
libselinux-3.9/src/compute_av.c:78:12: branch_false: ...to here
libselinux-3.9/src/compute_av.c:78:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/compute_av.c:79:17: branch_true: ...to here
libselinux-3.9/src/compute_av.c:79:17: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#   77|   	 */
#   78|   	if (kclass != 0)
#   79|-> 		map_decision(tclass, avd);
#   80|   
#   81|   	ret = 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def50]
libselinux-3.9/src/compute_av.c:85:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/compute_av.c:25:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_av.c:30:9: branch_false: ...to here
libselinux-3.9/src/compute_av.c:31:14: acquire_resource: opened here
libselinux-3.9/src/compute_av.c:32:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_av.c:35:9: branch_false: ...to here
libselinux-3.9/src/compute_av.c:85:9: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
#   83|   	free(buf);
#   84|         out:
#   85|-> 	close(fd);
#   86|   	return ret;
#   87|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def51]
libselinux-3.9/src/compute_create.c:80:36: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/compute_create.c:62:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_create.c:67:9: branch_false: ...to here
libselinux-3.9/src/compute_create.c:68:14: acquire_resource: opened here
libselinux-3.9/src/compute_create.c:69:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_create.c:72:9: branch_false: ...to here
libselinux-3.9/src/compute_create.c:74:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/compute_create.c:80:36: branch_false: ...to here
libselinux-3.9/src/compute_create.c:80:36: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   78|   
#   79|   	len = snprintf(buf, size, "%s %s %hu",
#   80|-> 		       scon, tcon, unmap_class(tclass));
#   81|   	if (len < 0 || (size_t)len >= size) {
#   82|   		errno = EOVERFLOW;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def52]
libselinux-3.9/src/compute_create.c:80:36: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
libselinux-3.9/src/compute_create.c:62:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_create.c:67:9: branch_false: ...to here
libselinux-3.9/src/compute_create.c:69:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_create.c:72:9: branch_false: ...to here
libselinux-3.9/src/compute_create.c:73:15: acquire_memory: allocated here
libselinux-3.9/src/compute_create.c:74:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/compute_create.c:80:36: branch_false: ...to here
libselinux-3.9/src/compute_create.c:80:36: danger: ‘buf’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#   78|   
#   79|   	len = snprintf(buf, size, "%s %s %hu",
#   80|-> 		       scon, tcon, unmap_class(tclass));
#   81|   	if (len < 0 || (size_t)len >= size) {
#   82|   		errno = EOVERFLOW;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def53]
libselinux-3.9/src/compute_create.c:94:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/compute_create.c:116:5: enter_function: entry to ‘security_compute_create_raw’
libselinux-3.9/src/compute_create.c:121:16: call_function: calling ‘security_compute_create_name_raw’ from ‘security_compute_create_raw’
#   92|   	}
#   93|   
#   94|-> 	ret = write(fd, buf, strlen(buf));
#   95|   	if (ret < 0)
#   96|   		goto out2;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def54]
libselinux-3.9/src/compute_create.c:112:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/compute_create.c:116:5: enter_function: entry to ‘security_compute_create_raw’
libselinux-3.9/src/compute_create.c:121:16: call_function: calling ‘security_compute_create_name_raw’ from ‘security_compute_create_raw’
#  110|   	free(buf);
#  111|         out:
#  112|-> 	close(fd);
#  113|   	return ret;
#  114|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def55]
libselinux-3.9/src/compute_create.c:112:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rnewcon’
libselinux-3.9/src/compute_create.c:155:5: enter_function: entry to ‘security_compute_create’
libselinux-3.9/src/compute_create.c:160:16: call_function: calling ‘security_compute_create_name’ from ‘security_compute_create’
#  110|   	free(buf);
#  111|         out:
#  112|-> 	close(fd);
#  113|   	return ret;
#  114|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def56]
libselinux-3.9/src/compute_create.c:145:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rnewcon’
libselinux-3.9/src/compute_create.c:155:5: enter_function: entry to ‘security_compute_create’
libselinux-3.9/src/compute_create.c:160:16: call_function: calling ‘security_compute_create_name’ from ‘security_compute_create’
#  143|   	ret = security_compute_create_name_raw(rscon, rtcon, tclass,
#  144|   					       objname, &rnewcon);
#  145|-> 	freecon(rscon);
#  146|   	freecon(rtcon);
#  147|   	if (!ret) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def57]
libselinux-3.9/src/compute_create.c:146:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rnewcon’
libselinux-3.9/src/compute_create.c:155:5: enter_function: entry to ‘security_compute_create’
libselinux-3.9/src/compute_create.c:160:16: call_function: calling ‘security_compute_create_name’ from ‘security_compute_create’
#  144|   					       objname, &rnewcon);
#  145|   	freecon(rscon);
#  146|-> 	freecon(rtcon);
#  147|   	if (!ret) {
#  148|   		ret = selinux_raw_to_trans_context(rnewcon, newcon);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def58]
libselinux-3.9/src/compute_create.c:148:23: warning[-Wanalyzer-malloc-leak]: leak of ‘rnewcon’
libselinux-3.9/src/compute_create.c:155:5: enter_function: entry to ‘security_compute_create’
libselinux-3.9/src/compute_create.c:160:16: call_function: calling ‘security_compute_create_name’ from ‘security_compute_create’
#  146|   	freecon(rtcon);
#  147|   	if (!ret) {
#  148|-> 		ret = selinux_raw_to_trans_context(rnewcon, newcon);
#  149|   		freecon(rnewcon);
#  150|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def59]
libselinux-3.9/src/compute_create.c:149:17: warning[-Wanalyzer-malloc-leak]: leak of ‘rnewcon’
libselinux-3.9/src/compute_create.c:155:5: enter_function: entry to ‘security_compute_create’
libselinux-3.9/src/compute_create.c:160:16: call_function: calling ‘security_compute_create_name’ from ‘security_compute_create’
#  147|   	if (!ret) {
#  148|   		ret = selinux_raw_to_trans_context(rnewcon, newcon);
#  149|-> 		freecon(rnewcon);
#  150|   	}
#  151|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def60]
libselinux-3.9/src/compute_member.c:40:60: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/compute_member.c:23:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:28:9: branch_false: ...to here
libselinux-3.9/src/compute_member.c:29:14: acquire_resource: opened here
libselinux-3.9/src/compute_member.c:30:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:33:9: branch_false: ...to here
libselinux-3.9/src/compute_member.c:35:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/compute_member.c:40:60: branch_false: ...to here
libselinux-3.9/src/compute_member.c:40:60: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   38|   	}
#   39|   
#   40|-> 	ret = snprintf(buf, size, "%s %s %hu", scon, tcon, unmap_class(tclass));
#   41|   	if (ret < 0 || (size_t)ret >= size) {
#   42|   		errno = EOVERFLOW;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def61]
libselinux-3.9/src/compute_member.c:40:60: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
libselinux-3.9/src/compute_member.c:23:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:28:9: branch_false: ...to here
libselinux-3.9/src/compute_member.c:30:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:33:9: branch_false: ...to here
libselinux-3.9/src/compute_member.c:34:15: acquire_memory: allocated here
libselinux-3.9/src/compute_member.c:35:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/compute_member.c:40:60: branch_false: ...to here
libselinux-3.9/src/compute_member.c:40:60: danger: ‘buf’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#   38|   	}
#   39|   
#   40|-> 	ret = snprintf(buf, size, "%s %s %hu", scon, tcon, unmap_class(tclass));
#   41|   	if (ret < 0 || (size_t)ret >= size) {
#   42|   		errno = EOVERFLOW;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def62]
libselinux-3.9/src/compute_member.c:47:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/compute_member.c:23:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:28:9: branch_false: ...to here
libselinux-3.9/src/compute_member.c:29:14: acquire_resource: opened here
libselinux-3.9/src/compute_member.c:30:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:33:9: branch_false: ...to here
libselinux-3.9/src/compute_member.c:35:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/compute_member.c:40:60: branch_false: ...to here
libselinux-3.9/src/compute_member.c:41:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:47:15: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#   45|   	}
#   46|   
#   47|-> 	ret = write(fd, buf, strlen(buf));
#   48|   	if (ret < 0)
#   49|   		goto out2;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def63]
libselinux-3.9/src/compute_member.c:65:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/compute_member.c:23:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:28:9: branch_false: ...to here
libselinux-3.9/src/compute_member.c:29:14: acquire_resource: opened here
libselinux-3.9/src/compute_member.c:30:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:33:9: branch_false: ...to here
libselinux-3.9/src/compute_member.c:65:9: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#   63|   	free(buf);
#   64|         out:
#   65|-> 	close(fd);
#   66|   	return ret;
#   67|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def64]
libselinux-3.9/src/compute_member.c:65:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rnewcon’
libselinux-3.9/src/compute_member.c:70:5: enter_function: entry to ‘security_compute_member’
libselinux-3.9/src/compute_member.c:80:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:82:13: branch_false: ...to here
libselinux-3.9/src/compute_member.c:82:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:87:15: branch_false: ...to here
libselinux-3.9/src/compute_member.c:87:15: call_function: calling ‘security_compute_member_raw’ from ‘security_compute_member’
#   63|   	free(buf);
#   64|         out:
#   65|-> 	close(fd);
#   66|   	return ret;
#   67|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def65]
libselinux-3.9/src/compute_member.c:89:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rnewcon’
libselinux-3.9/src/compute_member.c:70:5: enter_function: entry to ‘security_compute_member’
libselinux-3.9/src/compute_member.c:80:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:82:13: branch_false: ...to here
libselinux-3.9/src/compute_member.c:82:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:87:15: branch_false: ...to here
libselinux-3.9/src/compute_member.c:87:15: call_function: calling ‘security_compute_member_raw’ from ‘security_compute_member’
libselinux-3.9/src/compute_member.c:87:15: return_function: returning to ‘security_compute_member’ from ‘security_compute_member_raw’
libselinux-3.9/src/compute_member.c:89:9: danger: ‘rnewcon’ leaks here; was allocated at [(20)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/19)
#   87|   	ret = security_compute_member_raw(rscon, rtcon, tclass, &rnewcon);
#   88|   
#   89|-> 	freecon(rscon);
#   90|   	freecon(rtcon);
#   91|   	if (!ret) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def66]
libselinux-3.9/src/compute_member.c:90:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rnewcon’
libselinux-3.9/src/compute_member.c:70:5: enter_function: entry to ‘security_compute_member’
libselinux-3.9/src/compute_member.c:80:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:82:13: branch_false: ...to here
libselinux-3.9/src/compute_member.c:82:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:87:15: branch_false: ...to here
libselinux-3.9/src/compute_member.c:87:15: call_function: calling ‘security_compute_member_raw’ from ‘security_compute_member’
libselinux-3.9/src/compute_member.c:87:15: return_function: returning to ‘security_compute_member’ from ‘security_compute_member_raw’
libselinux-3.9/src/compute_member.c:90:9: danger: ‘rnewcon’ leaks here; was allocated at [(20)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/19)
#   88|   
#   89|   	freecon(rscon);
#   90|-> 	freecon(rtcon);
#   91|   	if (!ret) {
#   92|   		if (selinux_raw_to_trans_context(rnewcon, newcon)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def67]
libselinux-3.9/src/compute_member.c:92:21: warning[-Wanalyzer-malloc-leak]: leak of ‘rnewcon’
libselinux-3.9/src/compute_member.c:70:5: enter_function: entry to ‘security_compute_member’
libselinux-3.9/src/compute_member.c:80:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:82:13: branch_false: ...to here
libselinux-3.9/src/compute_member.c:82:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:87:15: branch_false: ...to here
libselinux-3.9/src/compute_member.c:87:15: call_function: calling ‘security_compute_member_raw’ from ‘security_compute_member’
libselinux-3.9/src/compute_member.c:87:15: return_function: returning to ‘security_compute_member’ from ‘security_compute_member_raw’
libselinux-3.9/src/compute_member.c:91:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/compute_member.c:92:21: branch_true: ...to here
libselinux-3.9/src/compute_member.c:92:21: danger: ‘rnewcon’ leaks here; was allocated at [(20)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/19)
#   90|   	freecon(rtcon);
#   91|   	if (!ret) {
#   92|-> 		if (selinux_raw_to_trans_context(rnewcon, newcon)) {
#   93|   			*newcon = NULL;
#   94|   			ret = -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def68]
libselinux-3.9/src/compute_member.c:96:17: warning[-Wanalyzer-malloc-leak]: leak of ‘rnewcon’
libselinux-3.9/src/compute_member.c:70:5: enter_function: entry to ‘security_compute_member’
libselinux-3.9/src/compute_member.c:80:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:82:13: branch_false: ...to here
libselinux-3.9/src/compute_member.c:82:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:87:15: branch_false: ...to here
libselinux-3.9/src/compute_member.c:87:15: call_function: calling ‘security_compute_member_raw’ from ‘security_compute_member’
libselinux-3.9/src/compute_member.c:87:15: return_function: returning to ‘security_compute_member’ from ‘security_compute_member_raw’
libselinux-3.9/src/compute_member.c:91:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/compute_member.c:92:21: branch_true: ...to here
libselinux-3.9/src/compute_member.c:92:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_member.c:96:17: branch_false: ...to here
libselinux-3.9/src/compute_member.c:96:17: danger: ‘rnewcon’ leaks here; was allocated at [(20)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/19)
#   94|   			ret = -1;
#   95|   		}
#   96|-> 		freecon(rnewcon);
#   97|   	}
#   98|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def69]
libselinux-3.9/src/compute_relabel.c:40:60: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/compute_relabel.c:23:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:28:9: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:29:14: acquire_resource: opened here
libselinux-3.9/src/compute_relabel.c:30:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:33:9: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:35:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/compute_relabel.c:40:60: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:40:60: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   38|   	}
#   39|   
#   40|-> 	ret = snprintf(buf, size, "%s %s %hu", scon, tcon, unmap_class(tclass));
#   41|   	if (ret < 0 || (size_t)ret >= size) {
#   42|   		errno = EOVERFLOW;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def70]
libselinux-3.9/src/compute_relabel.c:40:60: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
libselinux-3.9/src/compute_relabel.c:23:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:28:9: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:30:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:33:9: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:34:15: acquire_memory: allocated here
libselinux-3.9/src/compute_relabel.c:35:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/compute_relabel.c:40:60: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:40:60: danger: ‘buf’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#   38|   	}
#   39|   
#   40|-> 	ret = snprintf(buf, size, "%s %s %hu", scon, tcon, unmap_class(tclass));
#   41|   	if (ret < 0 || (size_t)ret >= size) {
#   42|   		errno = EOVERFLOW;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def71]
libselinux-3.9/src/compute_relabel.c:47:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/compute_relabel.c:23:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:28:9: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:29:14: acquire_resource: opened here
libselinux-3.9/src/compute_relabel.c:30:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:33:9: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:35:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/compute_relabel.c:40:60: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:41:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:47:15: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#   45|   	}
#   46|   
#   47|-> 	ret = write(fd, buf, strlen(buf));
#   48|   	if (ret < 0)
#   49|   		goto out2;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def72]
libselinux-3.9/src/compute_relabel.c:65:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/compute_relabel.c:23:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:28:9: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:29:14: acquire_resource: opened here
libselinux-3.9/src/compute_relabel.c:30:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:33:9: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:65:9: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#   63|   	free(buf);
#   64|         out:
#   65|-> 	close(fd);
#   66|   	return ret;
#   67|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def73]
libselinux-3.9/src/compute_relabel.c:65:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rnewcon’
libselinux-3.9/src/compute_relabel.c:70:5: enter_function: entry to ‘security_compute_relabel’
libselinux-3.9/src/compute_relabel.c:80:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:82:13: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:82:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:87:15: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:87:15: call_function: calling ‘security_compute_relabel_raw’ from ‘security_compute_relabel’
#   63|   	free(buf);
#   64|         out:
#   65|-> 	close(fd);
#   66|   	return ret;
#   67|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def74]
libselinux-3.9/src/compute_relabel.c:89:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rnewcon’
libselinux-3.9/src/compute_relabel.c:70:5: enter_function: entry to ‘security_compute_relabel’
libselinux-3.9/src/compute_relabel.c:80:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:82:13: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:82:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:87:15: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:87:15: call_function: calling ‘security_compute_relabel_raw’ from ‘security_compute_relabel’
libselinux-3.9/src/compute_relabel.c:87:15: return_function: returning to ‘security_compute_relabel’ from ‘security_compute_relabel_raw’
libselinux-3.9/src/compute_relabel.c:89:9: danger: ‘rnewcon’ leaks here; was allocated at [(20)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/19)
#   87|   	ret = security_compute_relabel_raw(rscon, rtcon, tclass, &rnewcon);
#   88|   
#   89|-> 	freecon(rscon);
#   90|   	freecon(rtcon);
#   91|   	if (!ret) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def75]
libselinux-3.9/src/compute_relabel.c:90:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rnewcon’
libselinux-3.9/src/compute_relabel.c:70:5: enter_function: entry to ‘security_compute_relabel’
libselinux-3.9/src/compute_relabel.c:80:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:82:13: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:82:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:87:15: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:87:15: call_function: calling ‘security_compute_relabel_raw’ from ‘security_compute_relabel’
libselinux-3.9/src/compute_relabel.c:87:15: return_function: returning to ‘security_compute_relabel’ from ‘security_compute_relabel_raw’
libselinux-3.9/src/compute_relabel.c:90:9: danger: ‘rnewcon’ leaks here; was allocated at [(20)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/19)
#   88|   
#   89|   	freecon(rscon);
#   90|-> 	freecon(rtcon);
#   91|   	if (!ret) {
#   92|   		ret = selinux_raw_to_trans_context(rnewcon, newcon);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def76]
libselinux-3.9/src/compute_relabel.c:92:23: warning[-Wanalyzer-malloc-leak]: leak of ‘rnewcon’
libselinux-3.9/src/compute_relabel.c:70:5: enter_function: entry to ‘security_compute_relabel’
libselinux-3.9/src/compute_relabel.c:80:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:82:13: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:82:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:87:15: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:87:15: call_function: calling ‘security_compute_relabel_raw’ from ‘security_compute_relabel’
libselinux-3.9/src/compute_relabel.c:87:15: return_function: returning to ‘security_compute_relabel’ from ‘security_compute_relabel_raw’
libselinux-3.9/src/compute_relabel.c:91:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/compute_relabel.c:92:23: branch_true: ...to here
libselinux-3.9/src/compute_relabel.c:92:23: danger: ‘rnewcon’ leaks here; was allocated at [(20)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/19)
#   90|   	freecon(rtcon);
#   91|   	if (!ret) {
#   92|-> 		ret = selinux_raw_to_trans_context(rnewcon, newcon);
#   93|   		freecon(rnewcon);
#   94|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def77]
libselinux-3.9/src/compute_relabel.c:93:17: warning[-Wanalyzer-malloc-leak]: leak of ‘rnewcon’
libselinux-3.9/src/compute_relabel.c:70:5: enter_function: entry to ‘security_compute_relabel’
libselinux-3.9/src/compute_relabel.c:80:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:82:13: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:82:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_relabel.c:87:15: branch_false: ...to here
libselinux-3.9/src/compute_relabel.c:87:15: call_function: calling ‘security_compute_relabel_raw’ from ‘security_compute_relabel’
libselinux-3.9/src/compute_relabel.c:87:15: return_function: returning to ‘security_compute_relabel’ from ‘security_compute_relabel_raw’
libselinux-3.9/src/compute_relabel.c:91:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/compute_relabel.c:92:23: branch_true: ...to here
libselinux-3.9/src/compute_relabel.c:93:17: danger: ‘rnewcon’ leaks here; was allocated at [(20)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/19)
#   91|   	if (!ret) {
#   92|   		ret = selinux_raw_to_trans_context(rnewcon, newcon);
#   93|-> 		freecon(rnewcon);
#   94|   	}
#   95|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def78]
libselinux-3.9/src/compute_user.c:49:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/compute_user.c:23:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_user.c:28:9: branch_false: ...to here
libselinux-3.9/src/compute_user.c:28:9: branch_true: following ‘true’ branch...
libselinux-3.9/src/compute_user.c:31:14: acquire_resource: opened here
libselinux-3.9/src/compute_user.c:32:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_user.c:35:9: branch_false: ...to here
libselinux-3.9/src/compute_user.c:37:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/compute_user.c:42:15: branch_false: ...to here
libselinux-3.9/src/compute_user.c:43:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_user.c:49:15: danger: ‘open(&path, 524290)’ leaks here; was opened at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#   47|   	}
#   48|   
#   49|-> 	ret = write(fd, buf, strlen(buf));
#   50|   	if (ret < 0)
#   51|   		goto out2;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def79]
libselinux-3.9/src/compute_user.c:73:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/compute_user.c:23:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_user.c:28:9: branch_false: ...to here
libselinux-3.9/src/compute_user.c:28:9: branch_true: following ‘true’ branch...
libselinux-3.9/src/compute_user.c:31:14: acquire_resource: opened here
libselinux-3.9/src/compute_user.c:32:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_user.c:35:9: branch_false: ...to here
libselinux-3.9/src/compute_user.c:37:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/compute_user.c:42:15: branch_false: ...to here
libselinux-3.9/src/compute_user.c:43:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_user.c:50:12: branch_false: following ‘false’ branch (when ‘ret >= 0’)...
libselinux-3.9/src/compute_user.c:53:9: branch_false: ...to here
libselinux-3.9/src/compute_user.c:55:12: branch_false: following ‘false’ branch (when ‘ret >= 0’)...
libselinux-3.9/src/compute_user.c:58:13: branch_false: ...to here
libselinux-3.9/src/compute_user.c:58:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_user.c:63:22: branch_false: ...to here
libselinux-3.9/src/compute_user.c:64:12: branch_false: following ‘false’ branch (when ‘ary’ is non-NULL)...
libselinux-3.9/src/compute_user.c:69:21: branch_false: ...to here
libselinux-3.9/src/compute_user.c:70:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/compute_user.c:71:20: branch_true: ...to here
libselinux-3.9/src/compute_user.c:72:20: branch_true: following ‘true’ branch...
libselinux-3.9/src/compute_user.c:73:25: branch_true: ...to here
libselinux-3.9/src/compute_user.c:73:25: danger: ‘open(&path, 524290)’ leaks here; was opened at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#   71|   		ary[i] = strdup(ptr);
#   72|   		if (!ary[i]) {
#   73|-> 			freeconary(ary);
#   74|   			ret = -1;
#   75|   			goto out2;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def80]
libselinux-3.9/src/compute_user.c:73:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
libselinux-3.9/src/compute_user.c:23:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_user.c:28:9: branch_false: ...to here
libselinux-3.9/src/compute_user.c:28:9: branch_true: following ‘true’ branch...
libselinux-3.9/src/compute_user.c:32:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_user.c:35:9: branch_false: ...to here
libselinux-3.9/src/compute_user.c:37:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/compute_user.c:42:15: branch_false: ...to here
libselinux-3.9/src/compute_user.c:43:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_user.c:50:12: branch_false: following ‘false’ branch (when ‘ret >= 0’)...
libselinux-3.9/src/compute_user.c:53:9: branch_false: ...to here
libselinux-3.9/src/compute_user.c:55:12: branch_false: following ‘false’ branch (when ‘ret >= 0’)...
libselinux-3.9/src/compute_user.c:58:13: branch_false: ...to here
libselinux-3.9/src/compute_user.c:58:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_user.c:63:22: branch_false: ...to here
libselinux-3.9/src/compute_user.c:64:12: branch_false: following ‘false’ branch (when ‘ary’ is non-NULL)...
libselinux-3.9/src/compute_user.c:69:21: branch_false: ...to here
libselinux-3.9/src/compute_user.c:70:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/compute_user.c:71:20: branch_true: ...to here
libselinux-3.9/src/compute_user.c:71:26: acquire_memory: allocated here
libselinux-3.9/src/compute_user.c:72:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_user.c:77:24: branch_false: ...to here
libselinux-3.9/src/compute_user.c:70:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/compute_user.c:71:20: branch_true: ...to here
libselinux-3.9/src/compute_user.c:72:20: branch_true: following ‘true’ branch...
libselinux-3.9/src/compute_user.c:73:25: branch_true: ...to here
libselinux-3.9/src/compute_user.c:73:25: danger: ‘<unknown>’ leaks here; was allocated at [(21)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/20)
#   71|   		ary[i] = strdup(ptr);
#   72|   		if (!ary[i]) {
#   73|-> 			freeconary(ary);
#   74|   			ret = -1;
#   75|   			goto out2;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def81]
libselinux-3.9/src/compute_user.c:73:25: warning[-Wanalyzer-malloc-leak]: leak of ‘ary’
libselinux-3.9/src/compute_user.c:23:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_user.c:28:9: branch_false: ...to here
libselinux-3.9/src/compute_user.c:28:9: branch_true: following ‘true’ branch...
libselinux-3.9/src/compute_user.c:32:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_user.c:35:9: branch_false: ...to here
libselinux-3.9/src/compute_user.c:37:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/compute_user.c:42:15: branch_false: ...to here
libselinux-3.9/src/compute_user.c:43:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_user.c:50:12: branch_false: following ‘false’ branch (when ‘ret >= 0’)...
libselinux-3.9/src/compute_user.c:53:9: branch_false: ...to here
libselinux-3.9/src/compute_user.c:55:12: branch_false: following ‘false’ branch (when ‘ret >= 0’)...
libselinux-3.9/src/compute_user.c:58:13: branch_false: ...to here
libselinux-3.9/src/compute_user.c:58:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_user.c:63:22: branch_false: ...to here
libselinux-3.9/src/compute_user.c:63:15: acquire_memory: allocated here
libselinux-3.9/src/compute_user.c:64:12: branch_false: following ‘false’ branch (when ‘ary’ is non-NULL)...
libselinux-3.9/src/compute_user.c:69:21: branch_false: ...to here
libselinux-3.9/src/compute_user.c:70:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/compute_user.c:71:20: branch_true: ...to here
libselinux-3.9/src/compute_user.c:72:20: branch_true: following ‘true’ branch...
libselinux-3.9/src/compute_user.c:73:25: branch_true: ...to here
libselinux-3.9/src/compute_user.c:73:25: danger: ‘ary’ leaks here; was allocated at [(17)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/16)
#   71|   		ary[i] = strdup(ptr);
#   72|   		if (!ary[i]) {
#   73|-> 			freeconary(ary);
#   74|   			ret = -1;
#   75|   			goto out2;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def82]
libselinux-3.9/src/compute_user.c:85:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/compute_user.c:23:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_user.c:28:9: branch_false: ...to here
libselinux-3.9/src/compute_user.c:28:9: branch_true: following ‘true’ branch...
libselinux-3.9/src/compute_user.c:31:14: acquire_resource: opened here
libselinux-3.9/src/compute_user.c:32:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/compute_user.c:35:9: branch_false: ...to here
libselinux-3.9/src/compute_user.c:85:9: danger: ‘open(&path, 524290)’ leaks here; was opened at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#   83|   	free(buf);
#   84|         out:
#   85|-> 	close(fd);
#   86|   	return ret;
#   87|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def83]
libselinux-3.9/src/deny_unknown.c:31:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524288)’
libselinux-3.9/src/deny_unknown.c:18:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/deny_unknown.c:23:9: branch_false: ...to here
libselinux-3.9/src/deny_unknown.c:24:14: acquire_resource: opened here
libselinux-3.9/src/deny_unknown.c:25:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/deny_unknown.c:28:9: branch_false: ...to here
libselinux-3.9/src/deny_unknown.c:31:12: danger: ‘open(&path, 524288)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   29|   	ret = read(fd, buf, sizeof(buf) - 1);
#   30|   	close(fd);
#   31|-> 	if (ret < 0)
#   32|   		return -1;
#   33|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def84]
libselinux-3.9/src/disable.c:30:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524289)’
libselinux-3.9/src/disable.c:18:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/disable.c:23:9: branch_false: ...to here
libselinux-3.9/src/disable.c:24:14: acquire_resource: opened here
libselinux-3.9/src/disable.c:25:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/disable.c:28:9: branch_false: ...to here
libselinux-3.9/src/disable.c:30:15: danger: ‘open(&path, 524289)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   28|   	buf[0] = '1';
#   29|   	buf[1] = '\0';
#   30|-> 	ret = write(fd, buf, strlen(buf));
#   31|   	close(fd);
#   32|   	if (ret < 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def85]
libselinux-3.9/src/disable.c:32:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524289)’
libselinux-3.9/src/disable.c:18:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/disable.c:23:9: branch_false: ...to here
libselinux-3.9/src/disable.c:24:14: acquire_resource: opened here
libselinux-3.9/src/disable.c:25:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/disable.c:28:9: branch_false: ...to here
libselinux-3.9/src/disable.c:32:12: danger: ‘open(&path, 524289)’ leaks here; was opened at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#   30|   	ret = write(fd, buf, strlen(buf));
#   31|   	close(fd);
#   32|-> 	if (ret < 0)
#   33|   		return -1;
#   34|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def86]
libselinux-3.9/src/enabled.c:48:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524288)’
libselinux-3.9/src/enabled.c:34:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/enabled.c:37:9: branch_false: ...to here
libselinux-3.9/src/enabled.c:38:14: acquire_resource: opened here
libselinux-3.9/src/enabled.c:39:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/enabled.c:42:9: branch_false: ...to here
libselinux-3.9/src/enabled.c:48:12: danger: ‘open(&path, 524288)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   46|   	} while (ret < 0 && errno == EINTR);
#   47|   	close(fd);
#   48|-> 	if (ret < 0)
#   49|   		return enabled;
#   50|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def87]
libselinux-3.9/src/get_context_list.c:157:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname, "re")’
libselinux-3.9/src/get_context_list.c:402:5: enter_function: entry to ‘get_ordered_context_list’
libselinux-3.9/src/get_context_list.c:416:12: branch_false: following ‘false’ branch (when ‘fromcon’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:424:15: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:425:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:430:21: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:432:12: branch_false: following ‘false’ branch (when ‘fname’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:434:9: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:435:14: acquire_resource: opened here
libselinux-3.9/src/get_context_list.c:436:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/get_context_list.c:437:17: branch_true: ...to here
libselinux-3.9/src/get_context_list.c:438:22: call_function: calling ‘get_context_user’ from ‘get_ordered_context_list’
#  155|   	/* Extract the role and type of the fromcon for matching.
#  156|   	   User identity and MLS range can be variable. */
#  157|-> 	fromrole = context_role_get(fromcon);
#  158|   	fromtype = context_type_get(fromcon);
#  159|   	fromlevel = context_range_get(fromcon);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def88]
libselinux-3.9/src/get_context_list.c:157:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(selinux_default_context_path(), "re")’
libselinux-3.9/src/get_context_list.c:402:5: enter_function: entry to ‘get_ordered_context_list’
libselinux-3.9/src/get_context_list.c:416:12: branch_false: following ‘false’ branch (when ‘fromcon’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:424:15: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:425:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:430:21: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:432:12: branch_false: following ‘false’ branch (when ‘fname’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:434:9: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:436:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:448:9: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:449:14: acquire_resource: opened here
libselinux-3.9/src/get_context_list.c:450:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/get_context_list.c:451:17: branch_true: ...to here
libselinux-3.9/src/get_context_list.c:452:22: call_function: calling ‘get_context_user’ from ‘get_ordered_context_list’
#  155|   	/* Extract the role and type of the fromcon for matching.
#  156|   	   User identity and MLS range can be variable. */
#  157|-> 	fromrole = context_role_get(fromcon);
#  158|   	fromtype = context_type_get(fromcon);
#  159|   	fromlevel = context_range_get(fromcon);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def89]
libselinux-3.9/src/get_context_list.c:157:20: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname, "re")’
libselinux-3.9/src/get_context_list.c:402:5: enter_function: entry to ‘get_ordered_context_list’
libselinux-3.9/src/get_context_list.c:416:12: branch_false: following ‘false’ branch (when ‘fromcon’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:424:15: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:425:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:430:21: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:432:12: branch_false: following ‘false’ branch (when ‘fname’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:434:9: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:435:14: acquire_memory: allocated here
libselinux-3.9/src/get_context_list.c:436:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/get_context_list.c:437:17: branch_true: ...to here
libselinux-3.9/src/get_context_list.c:438:22: call_function: calling ‘get_context_user’ from ‘get_ordered_context_list’
#  155|   	/* Extract the role and type of the fromcon for matching.
#  156|   	   User identity and MLS range can be variable. */
#  157|-> 	fromrole = context_role_get(fromcon);
#  158|   	fromtype = context_type_get(fromcon);
#  159|   	fromlevel = context_range_get(fromcon);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def90]
libselinux-3.9/src/get_context_list.c:157:20: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(selinux_default_context_path(), "re")’
libselinux-3.9/src/get_context_list.c:402:5: enter_function: entry to ‘get_ordered_context_list’
libselinux-3.9/src/get_context_list.c:416:12: branch_false: following ‘false’ branch (when ‘fromcon’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:424:15: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:425:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:430:21: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:432:12: branch_false: following ‘false’ branch (when ‘fname’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:434:9: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:436:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:448:9: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:449:14: acquire_memory: allocated here
libselinux-3.9/src/get_context_list.c:450:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/get_context_list.c:451:17: branch_true: ...to here
libselinux-3.9/src/get_context_list.c:452:22: call_function: calling ‘get_context_user’ from ‘get_ordered_context_list’
#  155|   	/* Extract the role and type of the fromcon for matching.
#  156|   	   User identity and MLS range can be variable. */
#  157|-> 	fromrole = context_role_get(fromcon);
#  158|   	fromtype = context_type_get(fromcon);
#  159|   	fromlevel = context_range_get(fromcon);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def91]
libselinux-3.9/src/get_context_list.c:158:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname, "re")’
libselinux-3.9/src/get_context_list.c:402:5: enter_function: entry to ‘get_ordered_context_list’
libselinux-3.9/src/get_context_list.c:416:12: branch_false: following ‘false’ branch (when ‘fromcon’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:424:15: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:425:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:430:21: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:432:12: branch_false: following ‘false’ branch (when ‘fname’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:434:9: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:435:14: acquire_resource: opened here
libselinux-3.9/src/get_context_list.c:436:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/get_context_list.c:437:17: branch_true: ...to here
libselinux-3.9/src/get_context_list.c:438:22: call_function: calling ‘get_context_user’ from ‘get_ordered_context_list’
#  156|   	   User identity and MLS range can be variable. */
#  157|   	fromrole = context_role_get(fromcon);
#  158|-> 	fromtype = context_type_get(fromcon);
#  159|   	fromlevel = context_range_get(fromcon);
#  160|   	if (!fromrole || !fromtype) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def92]
libselinux-3.9/src/get_context_list.c:158:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(selinux_default_context_path(), "re")’
libselinux-3.9/src/get_context_list.c:402:5: enter_function: entry to ‘get_ordered_context_list’
libselinux-3.9/src/get_context_list.c:416:12: branch_false: following ‘false’ branch (when ‘fromcon’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:424:15: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:425:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:430:21: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:432:12: branch_false: following ‘false’ branch (when ‘fname’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:434:9: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:436:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:448:9: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:449:14: acquire_resource: opened here
libselinux-3.9/src/get_context_list.c:450:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/get_context_list.c:451:17: branch_true: ...to here
libselinux-3.9/src/get_context_list.c:452:22: call_function: calling ‘get_context_user’ from ‘get_ordered_context_list’
#  156|   	   User identity and MLS range can be variable. */
#  157|   	fromrole = context_role_get(fromcon);
#  158|-> 	fromtype = context_type_get(fromcon);
#  159|   	fromlevel = context_range_get(fromcon);
#  160|   	if (!fromrole || !fromtype) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def93]
libselinux-3.9/src/get_context_list.c:158:20: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname, "re")’
libselinux-3.9/src/get_context_list.c:402:5: enter_function: entry to ‘get_ordered_context_list’
libselinux-3.9/src/get_context_list.c:416:12: branch_false: following ‘false’ branch (when ‘fromcon’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:424:15: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:425:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:430:21: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:432:12: branch_false: following ‘false’ branch (when ‘fname’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:434:9: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:435:14: acquire_memory: allocated here
libselinux-3.9/src/get_context_list.c:436:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/get_context_list.c:437:17: branch_true: ...to here
libselinux-3.9/src/get_context_list.c:438:22: call_function: calling ‘get_context_user’ from ‘get_ordered_context_list’
#  156|   	   User identity and MLS range can be variable. */
#  157|   	fromrole = context_role_get(fromcon);
#  158|-> 	fromtype = context_type_get(fromcon);
#  159|   	fromlevel = context_range_get(fromcon);
#  160|   	if (!fromrole || !fromtype) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def94]
libselinux-3.9/src/get_context_list.c:158:20: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(selinux_default_context_path(), "re")’
libselinux-3.9/src/get_context_list.c:402:5: enter_function: entry to ‘get_ordered_context_list’
libselinux-3.9/src/get_context_list.c:416:12: branch_false: following ‘false’ branch (when ‘fromcon’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:424:15: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:425:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:430:21: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:432:12: branch_false: following ‘false’ branch (when ‘fname’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:434:9: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:436:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:448:9: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:449:14: acquire_memory: allocated here
libselinux-3.9/src/get_context_list.c:450:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/get_context_list.c:451:17: branch_true: ...to here
libselinux-3.9/src/get_context_list.c:452:22: call_function: calling ‘get_context_user’ from ‘get_ordered_context_list’
#  156|   	   User identity and MLS range can be variable. */
#  157|   	fromrole = context_role_get(fromcon);
#  158|-> 	fromtype = context_type_get(fromcon);
#  159|   	fromlevel = context_range_get(fromcon);
#  160|   	if (!fromrole || !fromtype) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def95]
libselinux-3.9/src/get_context_list.c:159:21: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname, "re")’
libselinux-3.9/src/get_context_list.c:402:5: enter_function: entry to ‘get_ordered_context_list’
libselinux-3.9/src/get_context_list.c:416:12: branch_false: following ‘false’ branch (when ‘fromcon’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:424:15: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:425:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:430:21: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:432:12: branch_false: following ‘false’ branch (when ‘fname’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:434:9: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:435:14: acquire_resource: opened here
libselinux-3.9/src/get_context_list.c:436:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/get_context_list.c:437:17: branch_true: ...to here
libselinux-3.9/src/get_context_list.c:438:22: call_function: calling ‘get_context_user’ from ‘get_ordered_context_list’
#  157|   	fromrole = context_role_get(fromcon);
#  158|   	fromtype = context_type_get(fromcon);
#  159|-> 	fromlevel = context_range_get(fromcon);
#  160|   	if (!fromrole || !fromtype) {
#  161|   		return -1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def96]
libselinux-3.9/src/get_context_list.c:159:21: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(selinux_default_context_path(), "re")’
libselinux-3.9/src/get_context_list.c:402:5: enter_function: entry to ‘get_ordered_context_list’
libselinux-3.9/src/get_context_list.c:416:12: branch_false: following ‘false’ branch (when ‘fromcon’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:424:15: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:425:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:430:21: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:432:12: branch_false: following ‘false’ branch (when ‘fname’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:434:9: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:436:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:448:9: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:449:14: acquire_resource: opened here
libselinux-3.9/src/get_context_list.c:450:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/get_context_list.c:451:17: branch_true: ...to here
libselinux-3.9/src/get_context_list.c:452:22: call_function: calling ‘get_context_user’ from ‘get_ordered_context_list’
#  157|   	fromrole = context_role_get(fromcon);
#  158|   	fromtype = context_type_get(fromcon);
#  159|-> 	fromlevel = context_range_get(fromcon);
#  160|   	if (!fromrole || !fromtype) {
#  161|   		return -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def97]
libselinux-3.9/src/get_context_list.c:159:21: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname, "re")’
libselinux-3.9/src/get_context_list.c:402:5: enter_function: entry to ‘get_ordered_context_list’
libselinux-3.9/src/get_context_list.c:416:12: branch_false: following ‘false’ branch (when ‘fromcon’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:424:15: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:425:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:430:21: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:432:12: branch_false: following ‘false’ branch (when ‘fname’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:434:9: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:435:14: acquire_memory: allocated here
libselinux-3.9/src/get_context_list.c:436:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/get_context_list.c:437:17: branch_true: ...to here
libselinux-3.9/src/get_context_list.c:438:22: call_function: calling ‘get_context_user’ from ‘get_ordered_context_list’
#  157|   	fromrole = context_role_get(fromcon);
#  158|   	fromtype = context_type_get(fromcon);
#  159|-> 	fromlevel = context_range_get(fromcon);
#  160|   	if (!fromrole || !fromtype) {
#  161|   		return -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def98]
libselinux-3.9/src/get_context_list.c:159:21: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(selinux_default_context_path(), "re")’
libselinux-3.9/src/get_context_list.c:402:5: enter_function: entry to ‘get_ordered_context_list’
libselinux-3.9/src/get_context_list.c:416:12: branch_false: following ‘false’ branch (when ‘fromcon’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:424:15: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:425:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:430:21: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:432:12: branch_false: following ‘false’ branch (when ‘fname’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:434:9: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:436:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:448:9: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:449:14: acquire_memory: allocated here
libselinux-3.9/src/get_context_list.c:450:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/get_context_list.c:451:17: branch_true: ...to here
libselinux-3.9/src/get_context_list.c:452:22: call_function: calling ‘get_context_user’ from ‘get_ordered_context_list’
#  157|   	fromrole = context_role_get(fromcon);
#  158|   	fromtype = context_type_get(fromcon);
#  159|-> 	fromlevel = context_range_get(fromcon);
#  160|   	if (!fromrole || !fromtype) {
#  161|   		return -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def99]
libselinux-3.9/src/get_context_list.c:304:20: warning[-Wanalyzer-malloc-leak]: leak of ‘reachable’
libselinux-3.9/src/get_context_list.c:402:5: enter_function: entry to ‘get_ordered_context_list’
libselinux-3.9/src/get_context_list.c:416:12: branch_false: following ‘false’ branch (when ‘fromcon’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:424:15: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:483:21: acquire_memory: allocated here
libselinux-3.9/src/get_context_list.c:484:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:488:14: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:488:14: call_function: calling ‘get_failsafe_context’ from ‘get_ordered_context_list’
#  302|   	int rc;
#  303|   
#  304|-> 	fp = fopen(selinux_failsafe_context_path(), "re");
#  305|   	if (!fp)
#  306|   		return -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def100]
libselinux-3.9/src/get_context_list.c:333:13: warning[-Wanalyzer-malloc-leak]: leak of ‘reachable’
libselinux-3.9/src/get_context_list.c:402:5: enter_function: entry to ‘get_ordered_context_list’
libselinux-3.9/src/get_context_list.c:416:12: branch_false: following ‘false’ branch (when ‘fromcon’ is non-NULL)...
libselinux-3.9/src/get_context_list.c:424:15: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:483:21: acquire_memory: allocated here
libselinux-3.9/src/get_context_list.c:484:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_context_list.c:488:14: branch_false: ...to here
libselinux-3.9/src/get_context_list.c:488:14: call_function: calling ‘get_failsafe_context’ from ‘get_ordered_context_list’
#  331|   	   But this may not always be possible, e.g. if
#  332|   	   selinuxfs isn't mounted. */
#  333|-> 	if (security_check_context(*newcon) && errno != ENOENT) {
#  334|   		free(*newcon);
#  335|   		*newcon = 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def101]
libselinux-3.9/src/get_initial_context.c:60:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524288)’
libselinux-3.9/src/get_initial_context.c:21:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_initial_context.c:26:13: branch_false: ...to here
libselinux-3.9/src/get_initial_context.c:26:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_initial_context.c:31:15: branch_false: ...to here
libselinux-3.9/src/get_initial_context.c:32:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_initial_context.c:37:14: branch_false: ...to here
libselinux-3.9/src/get_initial_context.c:37:14: acquire_resource: opened here
libselinux-3.9/src/get_initial_context.c:38:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/get_initial_context.c:41:9: branch_false: ...to here
libselinux-3.9/src/get_initial_context.c:43:12: branch_true: following ‘true’ branch (when ‘buf’ is NULL)...
libselinux-3.9/src/get_initial_context.c:45:17: branch_true: ...to here
libselinux-3.9/src/get_initial_context.c:60:9: danger: ‘open(&path, 524288)’ leaks here; was opened at [(8)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/7)
#   58|   	free(buf);
#   59|         out:
#   60|-> 	close(fd);
#   61|   	return ret;
#   62|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def102]
libselinux-3.9/src/get_initial_context.c:60:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rcon’
libselinux-3.9/src/get_initial_context.c:65:5: enter_function: entry to ‘security_get_initial_context’
libselinux-3.9/src/get_initial_context.c:70:15: call_function: calling ‘security_get_initial_context_raw’ from ‘security_get_initial_context’
#   58|   	free(buf);
#   59|         out:
#   60|-> 	close(fd);
#   61|   	return ret;
#   62|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def103]
libselinux-3.9/src/get_initial_context.c:72:23: warning[-Wanalyzer-malloc-leak]: leak of ‘rcon’
libselinux-3.9/src/get_initial_context.c:65:5: enter_function: entry to ‘security_get_initial_context’
libselinux-3.9/src/get_initial_context.c:70:15: call_function: calling ‘security_get_initial_context_raw’ from ‘security_get_initial_context’
libselinux-3.9/src/get_initial_context.c:70:15: return_function: returning to ‘security_get_initial_context’ from ‘security_get_initial_context_raw’
libselinux-3.9/src/get_initial_context.c:71:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/get_initial_context.c:72:23: branch_true: ...to here
libselinux-3.9/src/get_initial_context.c:72:23: danger: ‘rcon’ leaks here; was allocated at [(17)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/16)
#   70|   	ret = security_get_initial_context_raw(name, &rcon);
#   71|   	if (!ret) {
#   72|-> 		ret = selinux_raw_to_trans_context(rcon, con);
#   73|   		freecon(rcon);
#   74|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def104]
libselinux-3.9/src/get_initial_context.c:73:17: warning[-Wanalyzer-malloc-leak]: leak of ‘rcon’
libselinux-3.9/src/get_initial_context.c:65:5: enter_function: entry to ‘security_get_initial_context’
libselinux-3.9/src/get_initial_context.c:70:15: call_function: calling ‘security_get_initial_context_raw’ from ‘security_get_initial_context’
libselinux-3.9/src/get_initial_context.c:70:15: return_function: returning to ‘security_get_initial_context’ from ‘security_get_initial_context_raw’
libselinux-3.9/src/get_initial_context.c:71:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/get_initial_context.c:72:23: branch_true: ...to here
libselinux-3.9/src/get_initial_context.c:73:17: danger: ‘rcon’ leaks here; was allocated at [(17)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/16)
#   71|   	if (!ret) {
#   72|   		ret = selinux_raw_to_trans_context(rcon, con);
#   73|-> 		freecon(rcon);
#   74|   	}
#   75|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def105]
libselinux-3.9/src/getenforce.c:31:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524288)’
libselinux-3.9/src/getenforce.c:18:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/getenforce.c:23:9: branch_false: ...to here
libselinux-3.9/src/getenforce.c:24:14: acquire_resource: opened here
libselinux-3.9/src/getenforce.c:25:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/getenforce.c:28:9: branch_false: ...to here
libselinux-3.9/src/getenforce.c:31:12: danger: ‘open(&path, 524288)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   29|   	ret = read(fd, buf, sizeof buf - 1);
#   30|   	close(fd);
#   31|-> 	if (ret < 0)
#   32|   		return -1;
#   33|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def106]
libselinux-3.9/src/is_customizable_type.c:35:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(selinux_customizable_types_path(), "re")’
libselinux-3.9/src/is_customizable_type.c:22:14: acquire_resource: opened here
libselinux-3.9/src/is_customizable_type.c:23:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/is_customizable_type.c:26:15: branch_false: ...to here
libselinux-3.9/src/is_customizable_type.c:27:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/is_customizable_type.c:35:13: danger: ‘fopen(selinux_customizable_types_path(), "re")’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   33|   	}
#   34|   
#   35|-> 	if (fseek(fp, 0L, SEEK_SET) == -1) {
#   36|   		free(buf);
#   37|   		fclose(fp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def107]
libselinux-3.9/src/is_customizable_type.c:35:13: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
libselinux-3.9/src/is_customizable_type.c:23:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/is_customizable_type.c:26:15: branch_false: ...to here
libselinux-3.9/src/is_customizable_type.c:26:15: acquire_memory: allocated here
libselinux-3.9/src/is_customizable_type.c:27:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/is_customizable_type.c:35:13: danger: ‘buf’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#   33|   	}
#   34|   
#   35|-> 	if (fseek(fp, 0L, SEEK_SET) == -1) {
#   36|   		free(buf);
#   37|   		fclose(fp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def108]
libselinux-3.9/src/is_customizable_type.c:35:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(selinux_customizable_types_path(), "re")’
libselinux-3.9/src/is_customizable_type.c:22:14: acquire_memory: allocated here
libselinux-3.9/src/is_customizable_type.c:23:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/is_customizable_type.c:26:15: branch_false: ...to here
libselinux-3.9/src/is_customizable_type.c:27:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/src/is_customizable_type.c:35:13: danger: ‘fopen(selinux_customizable_types_path(), "re")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   33|   	}
#   34|   
#   35|-> 	if (fseek(fp, 0L, SEEK_SET) == -1) {
#   36|   		free(buf);
#   37|   		fclose(fp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def109]
libselinux-3.9/src/label.c:265:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
libselinux-3.9/src/label.c:240:24: enter_function: entry to ‘selabel_open’
libselinux-3.9/src/label.c:246:12: branch_false: following ‘false’ branch (when ‘backend <= 5’)...
libselinux-3.9/src/label.c:251:14: branch_false: ...to here
libselinux-3.9/src/label.c:251:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/label.c:256:40: branch_false: ...to here
libselinux-3.9/src/label.c:257:12: branch_false: following ‘false’ branch (when ‘rec’ is non-NULL)...
libselinux-3.9/src/label.c:260:9: branch_false: ...to here
libselinux-3.9/src/label.c:261:27: call_function: inlined call to ‘selabel_is_validate_set’ from ‘selabel_open’
 branch_false: ...to here
libselinux-3.9/src/label.c:263:23: call_function: calling ‘selabel_is_digest_set’ from ‘selabel_open’
libselinux-3.9/src/label.c:263:23: return_function: returning to ‘selabel_open’ from ‘selabel_is_digest_set’
libselinux-3.9/src/label.c:265:13: danger: ‘<unknown>’ leaks here; was allocated at [(17)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/16)
#  263|   	rec->digest = selabel_is_digest_set(opts, nopts);
#  264|   
#  265|-> 	if ((*initfuncs[backend])(rec, opts, nopts)) {
#  266|   		selabel_close(rec);
#  267|   		rec = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def110]
libselinux-3.9/src/label.c:265:13: warning[-Wanalyzer-malloc-leak]: leak of ‘rec’
libselinux-3.9/src/label.c:246:12: branch_false: following ‘false’ branch (when ‘backend <= 5’)...
libselinux-3.9/src/label.c:251:14: branch_false: ...to here
libselinux-3.9/src/label.c:251:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/label.c:256:40: branch_false: ...to here
libselinux-3.9/src/label.c:256:40: acquire_memory: allocated here
libselinux-3.9/src/label.c:257:12: branch_false: following ‘false’ branch (when ‘rec’ is non-NULL)...
libselinux-3.9/src/label.c:260:9: branch_false: ...to here
libselinux-3.9/src/label.c:265:13: danger: ‘rec’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  263|   	rec->digest = selabel_is_digest_set(opts, nopts);
#  264|   
#  265|-> 	if ((*initfuncs[backend])(rec, opts, nopts)) {
#  266|   		selabel_close(rec);
#  267|   		rec = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def111]
libselinux-3.9/src/label_db.c:112:25: warning[-Wanalyzer-malloc-leak]: leak of ‘catalog’
libselinux-3.9/src/label_db.c:241:1: enter_function: entry to ‘db_init’
libselinux-3.9/src/label_db.c:256:19: acquire_memory: allocated here
libselinux-3.9/src/label_db.c:257:12: branch_false: following ‘false’ branch (when ‘catalog’ is non-NULL)...
libselinux-3.9/src/label_db.c:259:9: branch_false: ...to here
libselinux-3.9/src/label_db.c:290:12: branch_true: following ‘true’ branch (when ‘path’ is NULL)...
libselinux-3.9/src/label_db.c:291:24: branch_true: ...to here
libselinux-3.9/src/label_db.c:293:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/label_db.c:297:13: branch_false: ...to here
libselinux-3.9/src/label_db.c:297:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/label_db.c:302:14: branch_false: ...to here
libselinux-3.9/src/label_db.c:302:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/label_db.c:308:26: branch_false: ...to here
libselinux-3.9/src/label_db.c:309:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
libselinux-3.9/src/label_db.c:318:16: branch_true: following ‘true’ branch...
libselinux-3.9/src/label_db.c:322:21: branch_true: ...to here
libselinux-3.9/src/label_db.c:322:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/label_db.c:340:20: branch_false: ...to here
libselinux-3.9/src/label_db.c:340:21: call_function: calling ‘process_line’ from ‘db_init’
#  110|   	if (items != 3) {
#  111|   		if (items > 0)
#  112|-> 			selinux_log(SELINUX_WARNING,
#  113|   				    "%s:  line %u has invalid format, skipped",
#  114|   				    path, line_num);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def112]
libselinux-3.9/src/label_db.c:148:17: warning[-Wanalyzer-malloc-leak]: leak of ‘catalog’
libselinux-3.9/src/label_db.c:241:1: enter_function: entry to ‘db_init’
libselinux-3.9/src/label_db.c:256:19: acquire_memory: allocated here
libselinux-3.9/src/label_db.c:257:12: branch_false: following ‘false’ branch (when ‘catalog’ is non-NULL)...
libselinux-3.9/src/label_db.c:259:9: branch_false: ...to here
libselinux-3.9/src/label_db.c:290:12: branch_true: following ‘true’ branch (when ‘path’ is NULL)...
libselinux-3.9/src/label_db.c:291:24: branch_true: ...to here
libselinux-3.9/src/label_db.c:293:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/label_db.c:297:13: branch_false: ...to here
libselinux-3.9/src/label_db.c:297:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/label_db.c:302:14: branch_false: ...to here
libselinux-3.9/src/label_db.c:302:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/label_db.c:308:26: branch_false: ...to here
libselinux-3.9/src/label_db.c:309:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
libselinux-3.9/src/label_db.c:318:16: branch_true: following ‘true’ branch...
libselinux-3.9/src/label_db.c:322:21: branch_true: ...to here
libselinux-3.9/src/label_db.c:322:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/label_db.c:340:20: branch_false: ...to here
libselinux-3.9/src/label_db.c:340:21: call_function: calling ‘process_line’ from ‘db_init’
#  146|   		spec->type = SELABEL_DB_DATATYPE;
#  147|   	else {
#  148|-> 		selinux_log(SELINUX_WARNING,
#  149|   			    "%s:  line %u has invalid object type %s\n",
#  150|   			    path, line_num, type);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def113]
libselinux-3.9/src/label_db.c:291:24: warning[-Wanalyzer-malloc-leak]: leak of ‘catalog’
libselinux-3.9/src/label_db.c:256:19: acquire_memory: allocated here
libselinux-3.9/src/label_db.c:257:12: branch_false: following ‘false’ branch (when ‘catalog’ is non-NULL)...
libselinux-3.9/src/label_db.c:259:9: branch_false: ...to here
libselinux-3.9/src/label_db.c:290:12: branch_true: following ‘true’ branch (when ‘path’ is NULL)...
libselinux-3.9/src/label_db.c:291:24: branch_true: ...to here
libselinux-3.9/src/label_db.c:291:24: danger: ‘catalog’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  289|   	 */
#  290|   	if (!path)
#  291|-> 		path = selinux_sepgsql_context_path();
#  292|   
#  293|   	if ((filp = fopen(path, "re")) == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def114]
libselinux-3.9/src/label_db.c:344:13: warning[-Wanalyzer-malloc-leak]: leak of ‘catalog’
libselinux-3.9/src/label_db.c:373:5: enter_function: entry to ‘selabel_db_init’
libselinux-3.9/src/label_db.c:379:21: call_function: calling ‘db_init’ from ‘selabel_db_init’
#  342|   	}
#  343|   
#  344|-> 	if (digest_add_specfile(rec->digest, filp, NULL, sb.st_size, path) < 0)
#  345|   		goto out_error;
#  346|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def115]
libselinux-3.9/src/label_db.c:347:9: warning[-Wanalyzer-malloc-leak]: leak of ‘catalog’
libselinux-3.9/src/label_db.c:373:5: enter_function: entry to ‘selabel_db_init’
libselinux-3.9/src/label_db.c:379:21: call_function: calling ‘db_init’ from ‘selabel_db_init’
#  345|   		goto out_error;
#  346|   
#  347|-> 	digest_gen_hash(rec->digest);
#  348|   
#  349|   	free(line_buf);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def116]
libselinux-3.9/src/label_file.c:851:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘open_file(path,  suffix, & found_path, 4096, & sb, (_Bool)i)’
libselinux-3.9/src/label_file.c:2467:5: enter_function: entry to ‘selabel_file_init’
libselinux-3.9/src/label_file.c:2475:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/src/label_file.c:2478:16: branch_false: ...to here
libselinux-3.9/src/label_file.c:2479:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/src/label_file.c:2484:9: branch_false: ...to here
libselinux-3.9/src/label_file.c:2496:16: call_function: calling ‘init’ from ‘selabel_file_init’
#  849|   	rc = madvise(addr, len, MADV_WILLNEED);
#  850|   	if (rc == -1)
#  851|-> 		COMPAT_LOG(SELINUX_INFO, "%s:  Failed to advise memory mapping:  %m\n",
#  852|   			   path);
#  853|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def117]
libselinux-3.9/src/label_file.c:851:17: warning[-Wanalyzer-malloc-leak]: leak of ‘mmap_area’
libselinux-3.9/src/label_file.c:2467:5: enter_function: entry to ‘selabel_file_init’
libselinux-3.9/src/label_file.c:2475:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/src/label_file.c:2478:16: branch_false: ...to here
libselinux-3.9/src/label_file.c:2479:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/src/label_file.c:2484:9: branch_false: ...to here
libselinux-3.9/src/label_file.c:2496:16: call_function: calling ‘init’ from ‘selabel_file_init’
#  849|   	rc = madvise(addr, len, MADV_WILLNEED);
#  850|   	if (rc == -1)
#  851|-> 		COMPAT_LOG(SELINUX_INFO, "%s:  Failed to advise memory mapping:  %m\n",
#  852|   			   path);
#  853|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def118]
libselinux-3.9/src/label_file.c:851:17: warning[-Wanalyzer-malloc-leak]: leak of ‘open_file(path,  suffix, & found_path, 4096, & sb, (_Bool)i)’
libselinux-3.9/src/label_file.c:2467:5: enter_function: entry to ‘selabel_file_init’
libselinux-3.9/src/label_file.c:2475:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/src/label_file.c:2478:16: branch_false: ...to here
libselinux-3.9/src/label_file.c:2479:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/src/label_file.c:2484:9: branch_false: ...to here
libselinux-3.9/src/label_file.c:2496:16: call_function: calling ‘init’ from ‘selabel_file_init’
#  849|   	rc = madvise(addr, len, MADV_WILLNEED);
#  850|   	if (rc == -1)
#  851|-> 		COMPAT_LOG(SELINUX_INFO, "%s:  Failed to advise memory mapping:  %m\n",
#  852|   			   path);
#  853|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def119]
libselinux-3.9/src/label_file.c:1078:14: warning[-Wanalyzer-file-leak]: leak of FILE ‘open_file(path,  suffix, & found_path, 4096, & sb, (_Bool)i)’
libselinux-3.9/src/label_file.c:2467:5: enter_function: entry to ‘selabel_file_init’
libselinux-3.9/src/label_file.c:2475:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/src/label_file.c:2478:16: branch_false: ...to here
libselinux-3.9/src/label_file.c:2479:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/src/label_file.c:2484:9: branch_false: ...to here
libselinux-3.9/src/label_file.c:2496:16: call_function: calling ‘init’ from ‘selabel_file_init’
# 1076|   	size_t len = fread(&magic, sizeof(magic), 1, fp);
# 1077|   
# 1078|-> 	rc = fseek(fp, 0L, SEEK_SET);
# 1079|   	if (rc == -1)
# 1080|   		return -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def120]
libselinux-3.9/src/label_file.c:1078:14: warning[-Wanalyzer-malloc-leak]: leak of ‘open_file(path,  suffix, & found_path, 4096, & sb, (_Bool)i)’
libselinux-3.9/src/label_file.c:2467:5: enter_function: entry to ‘selabel_file_init’
libselinux-3.9/src/label_file.c:2475:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/src/label_file.c:2478:16: branch_false: ...to here
libselinux-3.9/src/label_file.c:2479:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/src/label_file.c:2484:9: branch_false: ...to here
libselinux-3.9/src/label_file.c:2496:16: call_function: calling ‘init’ from ‘selabel_file_init’
# 1076|   	size_t len = fread(&magic, sizeof(magic), 1, fp);
# 1077|   
# 1078|-> 	rc = fseek(fp, 0L, SEEK_SET);
# 1079|   	if (rc == -1)
# 1080|   		return -1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def121]
libselinux-3.9/src/label_file.c:1202:25: warning[-Wanalyzer-file-leak]: leak of FILE ‘open_file(path,  suffix, & found_path, 4096, & sb, (_Bool)i)’
libselinux-3.9/src/label_file.c:2467:5: enter_function: entry to ‘selabel_file_init’
libselinux-3.9/src/label_file.c:2475:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/src/label_file.c:2478:16: branch_false: ...to here
libselinux-3.9/src/label_file.c:2479:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/src/label_file.c:2484:9: branch_false: ...to here
libselinux-3.9/src/label_file.c:2496:16: call_function: calling ‘init’ from ‘selabel_file_init’
# 1200|   
# 1201|   		if (rc == 2) {
# 1202|-> 			COMPAT_LOG(SELINUX_INFO, "%s:  Old compiled fcontext format, skipping\n", found_path);
# 1203|   			errno = EINVAL;
# 1204|   		} else if (rc == 1) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def122]
libselinux-3.9/src/label_file.c:1202:25: warning[-Wanalyzer-malloc-leak]: leak of ‘open_file(path,  suffix, & found_path, 4096, & sb, (_Bool)i)’
libselinux-3.9/src/label_file.c:2467:5: enter_function: entry to ‘selabel_file_init’
libselinux-3.9/src/label_file.c:2475:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/src/label_file.c:2478:16: branch_false: ...to here
libselinux-3.9/src/label_file.c:2479:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/src/label_file.c:2484:9: branch_false: ...to here
libselinux-3.9/src/label_file.c:2496:16: call_function: calling ‘init’ from ‘selabel_file_init’
# 1200|   
# 1201|   		if (rc == 2) {
# 1202|-> 			COMPAT_LOG(SELINUX_INFO, "%s:  Old compiled fcontext format, skipping\n", found_path);
# 1203|   			errno = EINVAL;
# 1204|   		} else if (rc == 1) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def123]
libselinux-3.9/src/label_file.c:1350:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "re")’
libselinux-3.9/src/label_file.c:2467:5: enter_function: entry to ‘selabel_file_init’
libselinux-3.9/src/label_file.c:2475:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/src/label_file.c:2478:16: branch_false: ...to here
libselinux-3.9/src/label_file.c:2479:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/src/label_file.c:2484:9: branch_false: ...to here
libselinux-3.9/src/label_file.c:2496:16: call_function: calling ‘init’ from ‘selabel_file_init’
# 1348|   		goto err;
# 1349|   
# 1350|-> 	if (digest_add_specfile(digest, cfg, NULL, sb.st_size, path) < 0)
# 1351|   		goto err;
# 1352|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def124]
libselinux-3.9/src/label_file.c:1350:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "re")’
libselinux-3.9/src/label_file.c:2467:5: enter_function: entry to ‘selabel_file_init’
libselinux-3.9/src/label_file.c:2475:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/src/label_file.c:2478:16: branch_false: ...to here
libselinux-3.9/src/label_file.c:2479:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/src/label_file.c:2484:9: branch_false: ...to here
libselinux-3.9/src/label_file.c:2496:16: call_function: calling ‘init’ from ‘selabel_file_init’
# 1348|   		goto err;
# 1349|   
# 1350|-> 	if (digest_add_specfile(digest, cfg, NULL, sb.st_size, path) < 0)
# 1351|   		goto err;
# 1352|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def125]
libselinux-3.9/src/label_file.h:320:33: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
libselinux-3.9/src/label_file.c:2467:5: enter_function: entry to ‘selabel_file_init’
libselinux-3.9/src/label_file.c:2475:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/src/label_file.c:2478:16: branch_false: ...to here
libselinux-3.9/src/label_file.c:2479:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/src/label_file.c:2484:9: branch_false: ...to here
libselinux-3.9/src/label_file.c:2496:16: call_function: calling ‘init’ from ‘selabel_file_init’
#  318|   			i++;
#  319|   			if (i >= len) {
#  320|-> 				COMPAT_LOG(SELINUX_WARNING, "%s:  line %u has unsupported final escape character\n",
#  321|   					   path, lineno);
#  322|   				free(result);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def126]
libselinux-3.9/src/label_file.h:467:14: warning[-Wanalyzer-malloc-leak]: leak of ‘anchored_regex’
libselinux-3.9/src/label_file.c:2467:5: enter_function: entry to ‘selabel_file_init’
libselinux-3.9/src/label_file.c:2475:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/src/label_file.c:2478:16: branch_false: ...to here
libselinux-3.9/src/label_file.c:2479:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/src/label_file.c:2484:9: branch_false: ...to here
libselinux-3.9/src/label_file.c:2496:16: call_function: calling ‘init’ from ‘selabel_file_init’
#  465|   
#  466|   	/* Compile the regular expression. */
#  467|-> 	rc = regex_prepare_data(&spec->regex, anchored_regex, &error_data);
#  468|   	free(anchored_regex);
#  469|   	if (rc < 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def127]
libselinux-3.9/src/label_file.h:820:17: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libselinux-3.9/utils/sefcontext_compile.c:538:5: enter_function: entry to ‘main’
libselinux-3.9/utils/sefcontext_compile.c:554:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:579:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:582:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:583:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:589:13: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:589:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/sefcontext_compile.c:590:29: branch_true: ...to here
libselinux-3.9/utils/sefcontext_compile.c:592:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:598:21: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:598:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:607:40: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:608:12: branch_false: following ‘false’ branch (when ‘rec’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:622:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:626:37: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:627:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:635:16: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:636:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:645:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:648:14: call_function: calling ‘process_file’ from ‘main’
#  818|   	}
#  819|   
#  820|-> 	items = read_spec_entries(line_buf, nread, &errbuf, 3, &regex, &type, &context);
#  821|   	if (items < 0) {
#  822|   		if (errbuf) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def128]
libselinux-3.9/src/label_file.h:820:17: warning[-Wanalyzer-malloc-leak]: leak of ‘rec’
libselinux-3.9/utils/sefcontext_compile.c:538:5: enter_function: entry to ‘main’
libselinux-3.9/utils/sefcontext_compile.c:554:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:579:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:582:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:583:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:589:13: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:589:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/sefcontext_compile.c:590:29: branch_true: ...to here
libselinux-3.9/utils/sefcontext_compile.c:592:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:598:21: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:598:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:607:40: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:607:40: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:608:12: branch_false: following ‘false’ branch (when ‘rec’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:622:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:627:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:635:16: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:636:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:645:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:648:14: call_function: calling ‘process_file’ from ‘main’
#  818|   	}
#  819|   
#  820|-> 	items = read_spec_entries(line_buf, nread, &errbuf, 3, &regex, &type, &context);
#  821|   	if (items < 0) {
#  822|   		if (errbuf) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def129]
libselinux-3.9/src/label_file.h:820:17: warning[-Wanalyzer-malloc-leak]: leak of ‘root’
libselinux-3.9/utils/sefcontext_compile.c:538:5: enter_function: entry to ‘main’
libselinux-3.9/utils/sefcontext_compile.c:554:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:579:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:582:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:583:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:589:13: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:589:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/sefcontext_compile.c:590:29: branch_true: ...to here
libselinux-3.9/utils/sefcontext_compile.c:592:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:598:21: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:598:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:607:40: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:608:12: branch_false: following ‘false’ branch (when ‘rec’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:622:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:627:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:635:16: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:635:16: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:636:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:645:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:648:14: call_function: calling ‘process_file’ from ‘main’
#  818|   	}
#  819|   
#  820|-> 	items = read_spec_entries(line_buf, nread, &errbuf, 3, &regex, &type, &context);
#  821|   	if (items < 0) {
#  822|   		if (errbuf) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def130]
libselinux-3.9/src/label_file.h:823:25: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libselinux-3.9/utils/sefcontext_compile.c:538:5: enter_function: entry to ‘main’
libselinux-3.9/utils/sefcontext_compile.c:554:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:579:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:582:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:583:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:589:13: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:589:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/sefcontext_compile.c:590:29: branch_true: ...to here
libselinux-3.9/utils/sefcontext_compile.c:592:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:598:21: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:598:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:607:40: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:608:12: branch_false: following ‘false’ branch (when ‘rec’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:622:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:626:37: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:627:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:635:16: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:636:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:645:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:648:14: call_function: calling ‘process_file’ from ‘main’
#  821|   	if (items < 0) {
#  822|   		if (errbuf) {
#  823|-> 			COMPAT_LOG(SELINUX_ERROR,
#  824|   				   "%s:  line %u error due to: %s\n", path,
#  825|   				   lineno, errbuf);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def131]
libselinux-3.9/src/label_file.h:823:25: warning[-Wanalyzer-malloc-leak]: leak of ‘rec’
libselinux-3.9/utils/sefcontext_compile.c:538:5: enter_function: entry to ‘main’
libselinux-3.9/utils/sefcontext_compile.c:554:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:579:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:582:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:583:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:589:13: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:589:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/sefcontext_compile.c:590:29: branch_true: ...to here
libselinux-3.9/utils/sefcontext_compile.c:592:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:598:21: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:598:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:607:40: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:607:40: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:608:12: branch_false: following ‘false’ branch (when ‘rec’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:622:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:627:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:635:16: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:636:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:645:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:648:14: call_function: calling ‘process_file’ from ‘main’
#  821|   	if (items < 0) {
#  822|   		if (errbuf) {
#  823|-> 			COMPAT_LOG(SELINUX_ERROR,
#  824|   				   "%s:  line %u error due to: %s\n", path,
#  825|   				   lineno, errbuf);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def132]
libselinux-3.9/src/label_file.h:823:25: warning[-Wanalyzer-malloc-leak]: leak of ‘root’
libselinux-3.9/utils/sefcontext_compile.c:538:5: enter_function: entry to ‘main’
libselinux-3.9/utils/sefcontext_compile.c:554:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:579:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:582:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:583:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:589:13: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:589:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/sefcontext_compile.c:590:29: branch_true: ...to here
libselinux-3.9/utils/sefcontext_compile.c:592:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:598:21: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:598:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:607:40: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:608:12: branch_false: following ‘false’ branch (when ‘rec’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:622:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:627:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:635:16: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:635:16: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:636:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:645:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:648:14: call_function: calling ‘process_file’ from ‘main’
#  821|   	if (items < 0) {
#  822|   		if (errbuf) {
#  823|-> 			COMPAT_LOG(SELINUX_ERROR,
#  824|   				   "%s:  line %u error due to: %s\n", path,
#  825|   				   lineno, errbuf);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def133]
libselinux-3.9/src/label_file.h:827:25: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libselinux-3.9/utils/sefcontext_compile.c:538:5: enter_function: entry to ‘main’
libselinux-3.9/utils/sefcontext_compile.c:554:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:579:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:582:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:583:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:589:13: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:589:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/sefcontext_compile.c:590:29: branch_true: ...to here
libselinux-3.9/utils/sefcontext_compile.c:592:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:598:21: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:598:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:607:40: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:608:12: branch_false: following ‘false’ branch (when ‘rec’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:622:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:626:37: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:627:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:635:16: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:636:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:645:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:648:14: call_function: calling ‘process_file’ from ‘main’
#  825|   				   lineno, errbuf);
#  826|   		} else {
#  827|-> 			COMPAT_LOG(SELINUX_ERROR,
#  828|   				   "%s:  line %u error due to: %m\n", path,
#  829|   				   lineno);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def134]
libselinux-3.9/src/label_file.h:827:25: warning[-Wanalyzer-malloc-leak]: leak of ‘rec’
libselinux-3.9/utils/sefcontext_compile.c:538:5: enter_function: entry to ‘main’
libselinux-3.9/utils/sefcontext_compile.c:554:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:579:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:582:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:583:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:589:13: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:589:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/sefcontext_compile.c:590:29: branch_true: ...to here
libselinux-3.9/utils/sefcontext_compile.c:592:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:598:21: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:598:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:607:40: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:607:40: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:608:12: branch_false: following ‘false’ branch (when ‘rec’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:622:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:627:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:635:16: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:636:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:645:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:648:14: call_function: calling ‘process_file’ from ‘main’
#  825|   				   lineno, errbuf);
#  826|   		} else {
#  827|-> 			COMPAT_LOG(SELINUX_ERROR,
#  828|   				   "%s:  line %u error due to: %m\n", path,
#  829|   				   lineno);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def135]
libselinux-3.9/src/label_file.h:827:25: warning[-Wanalyzer-malloc-leak]: leak of ‘root’
libselinux-3.9/utils/sefcontext_compile.c:538:5: enter_function: entry to ‘main’
libselinux-3.9/utils/sefcontext_compile.c:554:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:579:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:582:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:583:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:589:13: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:589:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/sefcontext_compile.c:590:29: branch_true: ...to here
libselinux-3.9/utils/sefcontext_compile.c:592:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:598:21: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:598:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:607:40: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:608:12: branch_false: following ‘false’ branch (when ‘rec’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:622:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:627:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:635:16: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:635:16: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:636:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:645:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:648:14: call_function: calling ‘process_file’ from ‘main’
#  825|   				   lineno, errbuf);
#  826|   		} else {
#  827|-> 			COMPAT_LOG(SELINUX_ERROR,
#  828|   				   "%s:  line %u error due to: %m\n", path,
#  829|   				   lineno);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def136]
libselinux-3.9/src/label_file.h:841:17: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libselinux-3.9/utils/sefcontext_compile.c:538:5: enter_function: entry to ‘main’
libselinux-3.9/utils/sefcontext_compile.c:554:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:579:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:582:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:583:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:589:13: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:589:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/sefcontext_compile.c:590:29: branch_true: ...to here
libselinux-3.9/utils/sefcontext_compile.c:592:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:598:21: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:598:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:607:40: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:608:12: branch_false: following ‘false’ branch (when ‘rec’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:622:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:626:37: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:627:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:635:16: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:636:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:645:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:648:14: call_function: calling ‘process_file’ from ‘main’
#  839|   
#  840|   	if (items < 2) {
#  841|-> 		COMPAT_LOG(SELINUX_ERROR,
#  842|   			   "%s:  line %u is missing fields\n", path,
#  843|   			   lineno);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def137]
libselinux-3.9/src/label_file.h:841:17: warning[-Wanalyzer-malloc-leak]: leak of ‘rec’
libselinux-3.9/utils/sefcontext_compile.c:538:5: enter_function: entry to ‘main’
libselinux-3.9/utils/sefcontext_compile.c:554:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:579:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:582:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:583:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:589:13: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:589:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/sefcontext_compile.c:590:29: branch_true: ...to here
libselinux-3.9/utils/sefcontext_compile.c:592:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:598:21: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:598:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:607:40: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:607:40: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:608:12: branch_false: following ‘false’ branch (when ‘rec’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:622:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:627:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:635:16: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:636:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:645:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:648:14: call_function: calling ‘process_file’ from ‘main’
#  839|   
#  840|   	if (items < 2) {
#  841|-> 		COMPAT_LOG(SELINUX_ERROR,
#  842|   			   "%s:  line %u is missing fields\n", path,
#  843|   			   lineno);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def138]
libselinux-3.9/src/label_file.h:841:17: warning[-Wanalyzer-malloc-leak]: leak of ‘root’
libselinux-3.9/utils/sefcontext_compile.c:538:5: enter_function: entry to ‘main’
libselinux-3.9/utils/sefcontext_compile.c:554:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:579:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:582:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:583:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:589:13: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:589:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/sefcontext_compile.c:590:29: branch_true: ...to here
libselinux-3.9/utils/sefcontext_compile.c:592:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:598:21: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:598:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:607:40: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:608:12: branch_false: following ‘false’ branch (when ‘rec’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:622:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:627:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:635:16: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:635:16: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:636:12: branch_false: following ‘false’ branch (when ‘root’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:645:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:648:14: call_function: calling ‘process_file’ from ‘main’
#  839|   
#  840|   	if (items < 2) {
#  841|-> 		COMPAT_LOG(SELINUX_ERROR,
#  842|   			   "%s:  line %u is missing fields\n", path,
#  843|   			   lineno);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def139]
libselinux-3.9/src/load_policy.c:41:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/load_policy.c:31:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/load_policy.c:36:9: branch_false: ...to here
libselinux-3.9/src/load_policy.c:37:14: acquire_resource: opened here
libselinux-3.9/src/load_policy.c:38:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/load_policy.c:41:15: branch_false: ...to here
libselinux-3.9/src/load_policy.c:41:15: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   39|   		return -1;
#   40|   
#   41|-> 	ret = write(fd, data, len);
#   42|   	close(fd);
#   43|   	if (ret < 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def140]
libselinux-3.9/src/load_policy.c:43:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/load_policy.c:31:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/load_policy.c:36:9: branch_false: ...to here
libselinux-3.9/src/load_policy.c:37:14: acquire_resource: opened here
libselinux-3.9/src/load_policy.c:38:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/load_policy.c:41:15: branch_false: ...to here
libselinux-3.9/src/load_policy.c:43:12: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#   41|   	ret = write(fd, data, len);
#   42|   	close(fd);
#   43|-> 	if (ret < 0)
#   44|   		return -1;
#   45|   	return 0;

Error: GCC_ANALYZER_WARNING (CWE-416): [#def141]
libselinux-3.9/src/matchpathcon.c:87:17: warning[-Wanalyzer-use-after-free]: use after ‘reallocarray’ of ‘con_array’
libselinux-3.9/src/matchpathcon.c:94:12: enter_function: entry to ‘add_array_elt’
libselinux-3.9/src/matchpathcon.c:97:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
libselinux-3.9/src/matchpathcon.c:98:24: branch_true: following ‘true’ branch...
libselinux-3.9/src/matchpathcon.c:99:40: branch_true: ...to here
libselinux-3.9/src/matchpathcon.c:100:40: release_memory: deallocated here
libselinux-3.9/src/matchpathcon.c:102:28: branch_true: following ‘true’ branch (when ‘tmp’ is NULL)...
libselinux-3.9/src/matchpathcon.c:103:33: branch_true: ...to here
libselinux-3.9/src/matchpathcon.c:103:33: call_function: calling ‘free_array_elts’ from ‘add_array_elt’
#   85|   	int i;
#   86|   	for (i = 0; i < con_array_used; i++)
#   87|-> 		free(con_array[i]);
#   88|   	free(con_array);
#   89|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def142]
libselinux-3.9/src/matchpathcon.c:444:17: warning[-Wanalyzer-malloc-leak]: leak of ‘last_component’
libselinux-3.9/src/matchpathcon.c:421:20: acquire_memory: allocated here
libselinux-3.9/src/matchpathcon.c:422:12: branch_false: following ‘false’ branch (when ‘tmp_path’ is non-NULL)...
libselinux-3.9/src/matchpathcon.c:429:26: branch_false: ...to here
libselinux-3.9/src/matchpathcon.c:431:12: branch_false: following ‘false’ branch (when ‘tmp_path != last_component’)...
libselinux-3.9/src/matchpathcon.c:434:19: branch_false: ...to here
libselinux-3.9/src/matchpathcon.c:434:19: branch_false: following ‘false’ branch (when ‘last_component’ is NULL)...
libselinux-3.9/src/matchpathcon.c:440:21: branch_false: ...to here
libselinux-3.9/src/matchpathcon.c:443:12: branch_true: following ‘true’ branch (when ‘p’ is NULL)...
libselinux-3.9/src/matchpathcon.c:444:17: branch_true: ...to here
libselinux-3.9/src/matchpathcon.c:444:17: danger: ‘last_component’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  442|   
#  443|   	if (!p) {
#  444|-> 		myprintf("symlink_realpath(%s) realpath() failed: %m\n",
#  445|   			name);
#  446|   		rc = -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def143]
libselinux-3.9/src/matchpathcon.c:444:17: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp_path’
libselinux-3.9/src/matchpathcon.c:421:20: acquire_memory: allocated here
libselinux-3.9/src/matchpathcon.c:422:12: branch_false: following ‘false’ branch (when ‘tmp_path’ is non-NULL)...
libselinux-3.9/src/matchpathcon.c:429:26: branch_false: ...to here
libselinux-3.9/src/matchpathcon.c:431:12: branch_false: following ‘false’ branch (when ‘tmp_path != last_component’)...
libselinux-3.9/src/matchpathcon.c:434:19: branch_false: ...to here
libselinux-3.9/src/matchpathcon.c:434:19: branch_true: following ‘true’ branch (when ‘last_component’ is non-NULL)...
libselinux-3.9/src/matchpathcon.c:435:17: branch_true: ...to here
libselinux-3.9/src/matchpathcon.c:443:12: branch_true: following ‘true’ branch (when ‘p’ is NULL)...
libselinux-3.9/src/matchpathcon.c:444:17: branch_true: ...to here
libselinux-3.9/src/matchpathcon.c:444:17: danger: ‘tmp_path’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  442|   
#  443|   	if (!p) {
#  444|-> 		myprintf("symlink_realpath(%s) realpath() failed: %m\n",
#  445|   			name);
#  446|   		rc = -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def144]
libselinux-3.9/src/matchpathcon.c:452:17: warning[-Wanalyzer-malloc-leak]: leak of ‘last_component’
libselinux-3.9/src/matchpathcon.c:421:20: acquire_memory: allocated here
libselinux-3.9/src/matchpathcon.c:422:12: branch_false: following ‘false’ branch (when ‘tmp_path’ is non-NULL)...
libselinux-3.9/src/matchpathcon.c:429:26: branch_false: ...to here
libselinux-3.9/src/matchpathcon.c:431:12: branch_false: following ‘false’ branch (when ‘tmp_path != last_component’)...
libselinux-3.9/src/matchpathcon.c:434:19: branch_false: ...to here
libselinux-3.9/src/matchpathcon.c:434:19: branch_false: following ‘false’ branch (when ‘last_component’ is NULL)...
libselinux-3.9/src/matchpathcon.c:440:21: branch_false: ...to here
libselinux-3.9/src/matchpathcon.c:443:12: branch_false: following ‘false’ branch (when ‘p’ is non-NULL)...
libselinux-3.9/src/matchpathcon.c:450:15: branch_false: ...to here
libselinux-3.9/src/matchpathcon.c:451:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/matchpathcon.c:452:17: branch_true: ...to here
libselinux-3.9/src/matchpathcon.c:452:17: danger: ‘last_component’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  450|   	len = strlen(p);
#  451|   	if (len + strlen(last_component) + 2 > PATH_MAX) {
#  452|-> 		myprintf("symlink_realpath(%s) failed: Filename too long \n",
#  453|   			name);
#  454|   		errno = ENAMETOOLONG;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def145]
libselinux-3.9/src/matchpathcon.c:452:17: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp_path’
libselinux-3.9/src/matchpathcon.c:421:20: acquire_memory: allocated here
libselinux-3.9/src/matchpathcon.c:422:12: branch_false: following ‘false’ branch (when ‘tmp_path’ is non-NULL)...
libselinux-3.9/src/matchpathcon.c:429:26: branch_false: ...to here
libselinux-3.9/src/matchpathcon.c:431:12: branch_true: following ‘true’ branch (when ‘tmp_path == last_component’)...
libselinux-3.9/src/matchpathcon.c:432:17: branch_true: ...to here
libselinux-3.9/src/matchpathcon.c:443:12: branch_false: following ‘false’ branch (when ‘p’ is non-NULL)...
libselinux-3.9/src/matchpathcon.c:450:15: branch_false: ...to here
libselinux-3.9/src/matchpathcon.c:451:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/matchpathcon.c:452:17: branch_true: ...to here
libselinux-3.9/src/matchpathcon.c:452:17: danger: ‘tmp_path’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  450|   	len = strlen(p);
#  451|   	if (len + strlen(last_component) + 2 > PATH_MAX) {
#  452|-> 		myprintf("symlink_realpath(%s) failed: Filename too long \n",
#  453|   			name);
#  454|   		errno = ENAMETOOLONG;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def146]
libselinux-3.9/src/policyvers.c:35:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524288)’
libselinux-3.9/src/policyvers.c:19:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/policyvers.c:24:9: branch_false: ...to here
libselinux-3.9/src/policyvers.c:25:14: acquire_resource: opened here
libselinux-3.9/src/policyvers.c:26:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/policyvers.c:32:9: branch_false: ...to here
libselinux-3.9/src/policyvers.c:35:12: danger: ‘open(&path, 524288)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   33|   	ret = read(fd, buf, sizeof buf - 1);
#   34|   	close(fd);
#   35|-> 	if (ret < 0)
#   36|   		return -1;
#   37|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def147]
libselinux-3.9/src/procattr.c:173:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rcontext’
libselinux-3.9/src/procattr.c:287:5: enter_function: entry to ‘getkeycreatecon’
libselinux-3.9/src/procattr.c:287:5: call_function: calling ‘getprocattrcon’ from ‘getkeycreatecon’
#  171|         out:
#  172|   	errno_hold = errno;
#  173|-> 	close(fd);
#  174|   	errno = errno_hold;
#  175|   	return ret;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def148]
libselinux-3.9/src/procattr.c:174:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘openattr(pid,  attr, 524288)’
libselinux-3.9/src/procattr.c:287:5: enter_function: entry to ‘getkeycreatecon_raw’
libselinux-3.9/src/procattr.c:287:5: call_function: calling ‘getprocattrcon_raw’ from ‘getkeycreatecon_raw’
#  172|   	errno_hold = errno;
#  173|   	close(fd);
#  174|-> 	errno = errno_hold;
#  175|   	return ret;
#  176|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def149]
libselinux-3.9/src/procattr.c:187:23: warning[-Wanalyzer-malloc-leak]: leak of ‘rcontext’
libselinux-3.9/src/procattr.c:316:5: enter_function: entry to ‘getpidprevcon’
libselinux-3.9/src/procattr.c:318:12: branch_false: following ‘false’ branch (when ‘pid > 0’)...
libselinux-3.9/src/procattr.c:322:16: branch_false: ...to here
libselinux-3.9/src/procattr.c:322:16: call_function: calling ‘getprocattrcon’ from ‘getpidprevcon’
#  185|   
#  186|   	if (!ret) {
#  187|-> 		ret = selinux_raw_to_trans_context(rcontext, context);
#  188|   		freecon(rcontext);
#  189|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def150]
libselinux-3.9/src/procattr.c:188:17: warning[-Wanalyzer-malloc-leak]: leak of ‘rcontext’
libselinux-3.9/src/procattr.c:316:5: enter_function: entry to ‘getpidprevcon’
libselinux-3.9/src/procattr.c:318:12: branch_false: following ‘false’ branch (when ‘pid > 0’)...
libselinux-3.9/src/procattr.c:322:16: branch_false: ...to here
libselinux-3.9/src/procattr.c:322:16: call_function: calling ‘getprocattrcon’ from ‘getpidprevcon’
#  186|   	if (!ret) {
#  187|   		ret = selinux_raw_to_trans_context(rcontext, context);
#  188|-> 		freecon(rcontext);
#  189|   	}
#  190|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def151]
libselinux-3.9/src/procattr.c:220:31: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘openattr(0, attr, 524290)’
libselinux-3.9/src/procattr.c:287:5: enter_function: entry to ‘setkeycreatecon_raw’
libselinux-3.9/src/procattr.c:287:5: call_function: calling ‘setprocattrcon_raw’ from ‘setkeycreatecon_raw’
#  218|   			goto out;
#  219|   		do {
#  220|-> 			ret = write(fd, context2, strlen(context2) + 1);
#  221|   		} while (ret < 0 && errno == EINTR);
#  222|   	} else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def152]
libselinux-3.9/src/procattr.c:220:31: warning[-Wanalyzer-malloc-leak]: leak of ‘context2’
libselinux-3.9/src/procattr.c:287:5: enter_function: entry to ‘setkeycreatecon_raw’
libselinux-3.9/src/procattr.c:287:5: call_function: calling ‘setprocattrcon_raw’ from ‘setkeycreatecon_raw’
#  218|   			goto out;
#  219|   		do {
#  220|-> 			ret = write(fd, context2, strlen(context2) + 1);
#  221|   		} while (ret < 0 && errno == EINTR);
#  222|   	} else {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def153]
libselinux-3.9/src/procattr.c:224:31: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘openattr(0, attr, 524290)’
libselinux-3.9/src/procattr.c:287:5: enter_function: entry to ‘setkeycreatecon_raw’
libselinux-3.9/src/procattr.c:287:5: call_function: calling ‘setprocattrcon_raw’ from ‘setkeycreatecon_raw’
#  222|   	} else {
#  223|   		do {
#  224|-> 			ret = write(fd, NULL, 0);	/* clear */
#  225|   		} while (ret < 0 && errno == EINTR);
#  226|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def154]
libselinux-3.9/src/procattr.c:229:9: warning[-Wanalyzer-malloc-leak]: leak of ‘context2’
libselinux-3.9/src/procattr.c:287:5: enter_function: entry to ‘setkeycreatecon_raw’
libselinux-3.9/src/procattr.c:287:5: call_function: calling ‘setprocattrcon_raw’ from ‘setkeycreatecon_raw’
#  227|   out:
#  228|   	errno_hold = errno;
#  229|-> 	close(fd);
#  230|   	errno = errno_hold;
#  231|   	if (ret < 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def155]
libselinux-3.9/src/procattr.c:230:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘openattr(0, attr, 524290)’
libselinux-3.9/src/procattr.c:287:5: enter_function: entry to ‘setkeycreatecon_raw’
libselinux-3.9/src/procattr.c:287:5: call_function: calling ‘setprocattrcon_raw’ from ‘setkeycreatecon_raw’
#  228|   	errno_hold = errno;
#  229|   	close(fd);
#  230|-> 	errno = errno_hold;
#  231|   	if (ret < 0) {
#  232|   		free(context2);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def156]
libselinux-3.9/src/reject_unknown.c:31:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524288)’
libselinux-3.9/src/reject_unknown.c:18:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/reject_unknown.c:23:9: branch_false: ...to here
libselinux-3.9/src/reject_unknown.c:24:14: acquire_resource: opened here
libselinux-3.9/src/reject_unknown.c:25:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/reject_unknown.c:28:9: branch_false: ...to here
libselinux-3.9/src/reject_unknown.c:31:12: danger: ‘open(&path, 524288)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   29|   	ret = read(fd, buf, sizeof(buf) - 1);
#   30|   	close(fd);
#   31|-> 	if (ret < 0)
#   32|   		return -1;
#   33|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def157]
libselinux-3.9/src/selinux_check_securetty_context.c:19:33: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(selinux_securetty_types_path(), "re")’
libselinux-3.9/src/selinux_check_securetty_context.c:17:14: acquire_resource: opened here
libselinux-3.9/src/selinux_check_securetty_context.c:18:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/selinux_check_securetty_context.c:19:33: branch_true: ...to here
libselinux-3.9/src/selinux_check_securetty_context.c:19:33: danger: ‘fopen(selinux_securetty_types_path(), "re")’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   17|   	fp = fopen(selinux_securetty_types_path(), "re");
#   18|   	if (fp) {
#   19|-> 		context_t con = context_new(tty_context);
#   20|   		if (con) {
#   21|   			const char *type = context_type_get(con);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def158]
libselinux-3.9/src/selinux_check_securetty_context.c:19:33: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(selinux_securetty_types_path(), "re")’
libselinux-3.9/src/selinux_check_securetty_context.c:17:14: acquire_memory: allocated here
libselinux-3.9/src/selinux_check_securetty_context.c:18:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/selinux_check_securetty_context.c:19:33: branch_true: ...to here
libselinux-3.9/src/selinux_check_securetty_context.c:19:33: danger: ‘fopen(selinux_securetty_types_path(), "re")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   17|   	fp = fopen(selinux_securetty_types_path(), "re");
#   18|   	if (fp) {
#   19|-> 		context_t con = context_new(tty_context);
#   20|   		if (con) {
#   21|   			const char *type = context_type_get(con);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def159]
libselinux-3.9/src/selinux_check_securetty_context.c:21:44: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(selinux_securetty_types_path(), "re")’
libselinux-3.9/src/selinux_check_securetty_context.c:17:14: acquire_resource: opened here
libselinux-3.9/src/selinux_check_securetty_context.c:18:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/selinux_check_securetty_context.c:19:33: branch_true: ...to here
libselinux-3.9/src/selinux_check_securetty_context.c:20:20: branch_true: following ‘true’ branch...
libselinux-3.9/src/selinux_check_securetty_context.c:21:44: branch_true: ...to here
libselinux-3.9/src/selinux_check_securetty_context.c:21:44: danger: ‘fopen(selinux_securetty_types_path(), "re")’ leaks here; was opened at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   19|   		context_t con = context_new(tty_context);
#   20|   		if (con) {
#   21|-> 			const char *type = context_type_get(con);
#   22|   			while ((len = getline(&line, &line_len, fp)) != -1) {
#   23|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def160]
libselinux-3.9/src/selinux_check_securetty_context.c:21:44: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(selinux_securetty_types_path(), "re")’
libselinux-3.9/src/selinux_check_securetty_context.c:17:14: acquire_memory: allocated here
libselinux-3.9/src/selinux_check_securetty_context.c:18:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/selinux_check_securetty_context.c:19:33: branch_true: ...to here
libselinux-3.9/src/selinux_check_securetty_context.c:20:20: branch_true: following ‘true’ branch...
libselinux-3.9/src/selinux_check_securetty_context.c:21:44: branch_true: ...to here
libselinux-3.9/src/selinux_check_securetty_context.c:21:44: danger: ‘fopen(selinux_securetty_types_path(), "re")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#   19|   		context_t con = context_new(tty_context);
#   20|   		if (con) {
#   21|-> 			const char *type = context_type_get(con);
#   22|   			while ((len = getline(&line, &line_len, fp)) != -1) {
#   23|   

Error: GCC_ANALYZER_WARNING (CWE-416): [#def161]
libselinux-3.9/src/selinux_restorecon.c:161:39: warning[-Wanalyzer-use-after-free]: use after ‘reallocarray’ of ‘exclude_lst’
libselinux-3.9/src/selinux_restorecon.c:1444:6: enter_function: entry to ‘selinux_restorecon_set_exclude_list’
libselinux-3.9/src/selinux_restorecon.c:1449:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/selinux_restorecon.c:1450:21: branch_true: ...to here
libselinux-3.9/src/selinux_restorecon.c:1456:21: call_function: calling ‘add_exclude’ from ‘selinux_restorecon_set_exclude_list’
libselinux-3.9/src/selinux_restorecon.c:1456:21: return_function: returning to ‘selinux_restorecon_set_exclude_list’ from ‘add_exclude’
libselinux-3.9/src/selinux_restorecon.c:1456:20: branch_true: following ‘true’ branch...
libselinux-3.9/src/selinux_restorecon.c:1457:21: branch_true: ...to here
libselinux-3.9/src/selinux_restorecon.c:1456:21: branch_false: following ‘false’ branch...
libselinux-3.9/src/selinux_restorecon.c:1449:38: branch_false: ...to here
libselinux-3.9/src/selinux_restorecon.c:1449:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/selinux_restorecon.c:1450:21: branch_true: ...to here
libselinux-3.9/src/selinux_restorecon.c:1456:21: call_function: calling ‘add_exclude’ from ‘selinux_restorecon_set_exclude_list’
#  159|   	/* Check if already present. */
#  160|   	for (i = 0; i < exclude_count; i++) {
#  161|-> 		if (strcmp(directory, exclude_lst[i].directory) == 0)
#  162|   			return 0;
#  163|   	}

Error: GCC_ANALYZER_WARNING (CWE-415): [#def162]
libselinux-3.9/src/selinux_restorecon.c:179:20: warning[-Wanalyzer-double-free]: double-‘reallocarray’ of ‘exclude_lst’
libselinux-3.9/src/selinux_restorecon.c:1444:6: enter_function: entry to ‘selinux_restorecon_set_exclude_list’
libselinux-3.9/src/selinux_restorecon.c:1449:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/selinux_restorecon.c:1450:21: branch_true: ...to here
libselinux-3.9/src/selinux_restorecon.c:1456:21: call_function: calling ‘add_exclude’ from ‘selinux_restorecon_set_exclude_list’
libselinux-3.9/src/selinux_restorecon.c:1456:21: return_function: returning to ‘selinux_restorecon_set_exclude_list’ from ‘add_exclude’
libselinux-3.9/src/selinux_restorecon.c:1456:20: branch_true: following ‘true’ branch...
libselinux-3.9/src/selinux_restorecon.c:1457:21: branch_true: ...to here
libselinux-3.9/src/selinux_restorecon.c:1456:21: branch_false: following ‘false’ branch...
libselinux-3.9/src/selinux_restorecon.c:1449:38: branch_false: ...to here
libselinux-3.9/src/selinux_restorecon.c:1449:21: branch_true: following ‘true’ branch...
libselinux-3.9/src/selinux_restorecon.c:1450:21: branch_true: ...to here
libselinux-3.9/src/selinux_restorecon.c:1456:21: call_function: calling ‘add_exclude’ from ‘selinux_restorecon_set_exclude_list’
#  177|   	}
#  178|   
#  179|-> 	tmp_list = reallocarray(exclude_lst, exclude_count + 1, sizeof(struct edir));
#  180|   	if (!tmp_list)
#  181|   		goto oom;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def163]
libselinux-3.9/src/selinux_restorecon.c:350:25: warning[-Wanalyzer-malloc-leak]: leak of ‘sha256_buf’
libselinux-3.9/src/selinux_restorecon.c:1489:5: enter_function: entry to ‘selinux_restorecon_xattr’
libselinux-3.9/src/selinux_restorecon.c:1509:9: branch_true: following ‘true’ branch...
libselinux-3.9/src/selinux_restorecon.c:1509:9: branch_true: ...to here
libselinux-3.9/src/selinux_restorecon.c:1511:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/selinux_restorecon.c:1514:13: branch_false: ...to here
libselinux-3.9/src/selinux_restorecon.c:1514:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/selinux_restorecon.c:1524:12: branch_false: ...to here
libselinux-3.9/src/selinux_restorecon.c:1524:12: branch_false: following ‘false’ branch (when ‘recurse == 0’)...
libselinux-3.9/src/selinux_restorecon.c:1525:21: branch_false: ...to here
libselinux-3.9/src/selinux_restorecon.c:1531:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/selinux_restorecon.c:1534:22: branch_false: ...to here
libselinux-3.9/src/selinux_restorecon.c:1534:22: call_function: calling ‘add_xattr_entry’ from ‘selinux_restorecon_xattr’
#  348|   		rc = removexattr(directory, RESTORECON_PARTIAL_MATCH_DIGEST);
#  349|   		if (rc) {
#  350|-> 			selinux_log(SELINUX_ERROR,
#  351|   				  "Error: %m removing xattr \"%s\" from: %s\n",
#  352|   				  RESTORECON_PARTIAL_MATCH_DIGEST, directory);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def164]
libselinux-3.9/src/selinuxswig_python_wrap.c:724:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘iter’
libselinux-3.9/src/selinuxswig_python_wrap.c:14951:22: enter_function: entry to ‘_wrap_selinux_lsetfilecon_default’
libselinux-3.9/src/selinuxswig_python_wrap.c:14961:6: branch_false: following ‘false’ branch (when ‘args’ is non-NULL)...
libselinux-3.9/src/selinuxswig_python_wrap.c:14963:10: branch_false: ...to here
libselinux-3.9/src/selinuxswig_python_wrap.c:14963:10: call_function: calling ‘SWIG_AsCharPtrAndSize’ from ‘_wrap_selinux_lsetfilecon_default’
#  722|     swig_module_info *iter = start;
#  723|     do {
#  724|->     if (iter->size) {
#  725|         size_t l = 0;
#  726|         size_t r = iter->size - 1;

Error: CPPCHECK_WARNING (CWE-457): [#def165]
libselinux-3.9/src/selinuxswig_python_wrap.c:872: warning[uninitvar]: Uninitialized variable: buff
#  870|       *r = 0;
#  871|     }
#  872|->   return buff;
#  873|   }
#  874|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def166]
libselinux-3.9/src/selinuxswig_python_wrap.c:1452:39: warning[-Wanalyzer-malloc-leak]: leak of ‘result’
libselinux-3.9/src/selinuxswig_python_wrap.c:12278:22: enter_function: entry to ‘_wrap_new_SELboolean’
libselinux-3.9/src/selinuxswig_python_wrap.c:12283:8: call_function: calling ‘SWIG_Python_UnpackTuple’ from ‘_wrap_new_SELboolean’
libselinux-3.9/src/selinuxswig_python_wrap.c:12283:8: return_function: returning to ‘_wrap_new_SELboolean’ from ‘SWIG_Python_UnpackTuple’
libselinux-3.9/src/selinuxswig_python_wrap.c:12283:6: branch_false: following ‘false’ branch...
libselinux-3.9/src/selinuxswig_python_wrap.c:12284:26: branch_false: ...to here
libselinux-3.9/src/selinuxswig_python_wrap.c:12284:26: acquire_memory: allocated here
libselinux-3.9/src/selinuxswig_python_wrap.c:12285:15: call_function: calling ‘SWIG_Python_NewPointerObj’ from ‘_wrap_new_SELboolean’
# 1450|       /* free-threading note: the GIL is always enabled when this function is first called
# 1451|          by SWIG_init, so there's no risk of race conditions */
# 1452|->     Swig_runtime_data_module_global = PyImport_AddModuleRef(SWIG_RUNTIME_MODULE);
# 1453|   #elif PY_VERSION_HEX >= 0x03000000
# 1454|       Swig_runtime_data_module_global = PyImport_AddModule(SWIG_RUNTIME_MODULE);

Error: CPPCHECK_WARNING (CWE-476): [#def167]
libselinux-3.9/src/selinuxswig_python_wrap.c:1901: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data
# 1899|       SwigPyClientData *data = (SwigPyClientData *)malloc(sizeof(SwigPyClientData));
# 1900|       /* the klass element */
# 1901|->     data->klass = obj;
# 1902|       SWIG_Py_INCREF(data->klass);
# 1903|       /* the newraw method and newargs arguments used to create a new raw instance */

Error: GCC_ANALYZER_WARNING (CWE-476): [#def168]
libselinux-3.9/src/selinuxswig_python_wrap.c:1901:5: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘data’
libselinux-3.9/src/selinuxswig_python_wrap.c:13048:22: enter_function: entry to ‘security_class_mapping_swigregister’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:8: call_function: calling ‘SWIG_Python_UnpackTuple’ from ‘security_class_mapping_swigregister’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:8: return_function: returning to ‘security_class_mapping_swigregister’ from ‘SWIG_Python_UnpackTuple’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:6: branch_false: following ‘false’ branch...
libselinux-3.9/src/selinuxswig_python_wrap.c:13051:3: branch_false: ...to here
libselinux-3.9/src/selinuxswig_python_wrap.c:13051:61: call_function: calling ‘SwigPyClientData_New’ from ‘security_class_mapping_swigregister’
# 1899|       SwigPyClientData *data = (SwigPyClientData *)malloc(sizeof(SwigPyClientData));
# 1900|       /* the klass element */
# 1901|->     data->klass = obj;
# 1902|       SWIG_Py_INCREF(data->klass);
# 1903|       /* the newraw method and newargs arguments used to create a new raw instance */

Error: CPPCHECK_WARNING (CWE-476): [#def169]
libselinux-3.9/src/selinuxswig_python_wrap.c:1902: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data
# 1900|       /* the klass element */
# 1901|       data->klass = obj;
# 1902|->     SWIG_Py_INCREF(data->klass);
# 1903|       /* the newraw method and newargs arguments used to create a new raw instance */
# 1904|       if (PyClass_Check(obj)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def170]
libselinux-3.9/src/selinuxswig_python_wrap.c:1904:9: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libselinux-3.9/src/selinuxswig_python_wrap.c:13048:22: enter_function: entry to ‘security_class_mapping_swigregister’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:8: call_function: calling ‘SWIG_Python_UnpackTuple’ from ‘security_class_mapping_swigregister’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:8: return_function: returning to ‘security_class_mapping_swigregister’ from ‘SWIG_Python_UnpackTuple’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:6: branch_false: following ‘false’ branch...
libselinux-3.9/src/selinuxswig_python_wrap.c:13051:3: branch_false: ...to here
libselinux-3.9/src/selinuxswig_python_wrap.c:13051:61: call_function: calling ‘SwigPyClientData_New’ from ‘security_class_mapping_swigregister’
# 1902|       SWIG_Py_INCREF(data->klass);
# 1903|       /* the newraw method and newargs arguments used to create a new raw instance */
# 1904|->     if (PyClass_Check(obj)) {
# 1905|         data->newraw = 0;
# 1906|         SWIG_Py_INCREF(obj);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def171]
libselinux-3.9/src/selinuxswig_python_wrap.c:1909:22: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libselinux-3.9/src/selinuxswig_python_wrap.c:13048:22: enter_function: entry to ‘security_class_mapping_swigregister’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:8: call_function: calling ‘SWIG_Python_UnpackTuple’ from ‘security_class_mapping_swigregister’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:8: return_function: returning to ‘security_class_mapping_swigregister’ from ‘SWIG_Python_UnpackTuple’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:6: branch_false: following ‘false’ branch...
libselinux-3.9/src/selinuxswig_python_wrap.c:13051:3: branch_false: ...to here
libselinux-3.9/src/selinuxswig_python_wrap.c:13051:61: call_function: calling ‘SwigPyClientData_New’ from ‘security_class_mapping_swigregister’
# 1907|         data->newargs = obj;
# 1908|       } else {
# 1909|->       data->newraw = PyObject_GetAttrString(data->klass, "__new__");
# 1910|         if (data->newraw) {
# 1911|           data->newargs = PyTuple_New(1);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def172]
libselinux-3.9/src/selinuxswig_python_wrap.c:1911:25: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libselinux-3.9/src/selinuxswig_python_wrap.c:13048:22: enter_function: entry to ‘security_class_mapping_swigregister’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:8: call_function: calling ‘SWIG_Python_UnpackTuple’ from ‘security_class_mapping_swigregister’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:8: return_function: returning to ‘security_class_mapping_swigregister’ from ‘SWIG_Python_UnpackTuple’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:6: branch_false: following ‘false’ branch...
libselinux-3.9/src/selinuxswig_python_wrap.c:13051:3: branch_false: ...to here
libselinux-3.9/src/selinuxswig_python_wrap.c:13051:61: call_function: calling ‘SwigPyClientData_New’ from ‘security_class_mapping_swigregister’
# 1909|         data->newraw = PyObject_GetAttrString(data->klass, "__new__");
# 1910|         if (data->newraw) {
# 1911|->         data->newargs = PyTuple_New(1);
# 1912|           if (data->newargs) {
# 1913|             SWIG_Py_INCREF(obj);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def173]
libselinux-3.9/src/selinuxswig_python_wrap.c:1927:21: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libselinux-3.9/src/selinuxswig_python_wrap.c:13048:22: enter_function: entry to ‘security_class_mapping_swigregister’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:8: call_function: calling ‘SWIG_Python_UnpackTuple’ from ‘security_class_mapping_swigregister’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:8: return_function: returning to ‘security_class_mapping_swigregister’ from ‘SWIG_Python_UnpackTuple’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:6: branch_false: following ‘false’ branch...
libselinux-3.9/src/selinuxswig_python_wrap.c:13051:3: branch_false: ...to here
libselinux-3.9/src/selinuxswig_python_wrap.c:13051:61: call_function: calling ‘SwigPyClientData_New’ from ‘security_class_mapping_swigregister’
# 1925|       }
# 1926|       /* the destroy method, aka as the C++ delete method */
# 1927|->     data->destroy = PyObject_GetAttrString(data->klass, "__swig_destroy__");
# 1928|       if (PyErr_Occurred()) {
# 1929|         PyErr_Clear();

Error: GCC_ANALYZER_WARNING (CWE-401): [#def174]
libselinux-3.9/src/selinuxswig_python_wrap.c:1928:9: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libselinux-3.9/src/selinuxswig_python_wrap.c:13048:22: enter_function: entry to ‘security_class_mapping_swigregister’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:8: call_function: calling ‘SWIG_Python_UnpackTuple’ from ‘security_class_mapping_swigregister’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:8: return_function: returning to ‘security_class_mapping_swigregister’ from ‘SWIG_Python_UnpackTuple’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:6: branch_false: following ‘false’ branch...
libselinux-3.9/src/selinuxswig_python_wrap.c:13051:3: branch_false: ...to here
libselinux-3.9/src/selinuxswig_python_wrap.c:13051:61: call_function: calling ‘SwigPyClientData_New’ from ‘security_class_mapping_swigregister’
# 1926|       /* the destroy method, aka as the C++ delete method */
# 1927|       data->destroy = PyObject_GetAttrString(data->klass, "__swig_destroy__");
# 1928|->     if (PyErr_Occurred()) {
# 1929|         PyErr_Clear();
# 1930|         data->destroy = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def175]
libselinux-3.9/src/selinuxswig_python_wrap.c:1929:7: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libselinux-3.9/src/selinuxswig_python_wrap.c:13048:22: enter_function: entry to ‘security_class_mapping_swigregister’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:8: call_function: calling ‘SWIG_Python_UnpackTuple’ from ‘security_class_mapping_swigregister’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:8: return_function: returning to ‘security_class_mapping_swigregister’ from ‘SWIG_Python_UnpackTuple’
libselinux-3.9/src/selinuxswig_python_wrap.c:13050:6: branch_false: following ‘false’ branch...
libselinux-3.9/src/selinuxswig_python_wrap.c:13051:3: branch_false: ...to here
libselinux-3.9/src/selinuxswig_python_wrap.c:13051:61: call_function: calling ‘SwigPyClientData_New’ from ‘security_class_mapping_swigregister’
# 1927|       data->destroy = PyObject_GetAttrString(data->klass, "__swig_destroy__");
# 1928|       if (PyErr_Occurred()) {
# 1929|->       PyErr_Clear();
# 1930|         data->destroy = 0;
# 1931|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def176]
libselinux-3.9/src/selinuxswig_python_wrap.c:2440:22: warning[-Wanalyzer-malloc-leak]: leak of ‘result’
libselinux-3.9/src/selinuxswig_python_wrap.c:13011:22: enter_function: entry to ‘_wrap_new_security_class_mapping’
libselinux-3.9/src/selinuxswig_python_wrap.c:13016:8: call_function: calling ‘SWIG_Python_UnpackTuple’ from ‘_wrap_new_security_class_mapping’
libselinux-3.9/src/selinuxswig_python_wrap.c:13016:8: return_function: returning to ‘_wrap_new_security_class_mapping’ from ‘SWIG_Python_UnpackTuple’
libselinux-3.9/src/selinuxswig_python_wrap.c:13016:6: branch_false: following ‘false’ branch...
libselinux-3.9/src/selinuxswig_python_wrap.c:13017:45: branch_false: ...to here
libselinux-3.9/src/selinuxswig_python_wrap.c:13017:45: acquire_memory: allocated here
libselinux-3.9/src/selinuxswig_python_wrap.c:13018:15: call_function: calling ‘SWIG_Python_NewPointerObj’ from ‘_wrap_new_security_class_mapping’
# 2438|       slots
# 2439|     };
# 2440|->   PyObject *pytype = PyType_FromSpec(&spec);
# 2441|     PyObject *runtime_data_module = SWIG_runtime_data_module();
# 2442|   #if !defined(Py_LIMITED_API)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def177]
libselinux-3.9/src/selinuxswig_python_wrap.c:2453:17: warning[-Wanalyzer-malloc-leak]: leak of ‘result’
libselinux-3.9/src/selinuxswig_python_wrap.c:13011:22: enter_function: entry to ‘_wrap_new_security_class_mapping’
libselinux-3.9/src/selinuxswig_python_wrap.c:13016:8: call_function: calling ‘SWIG_Python_UnpackTuple’ from ‘_wrap_new_security_class_mapping’
libselinux-3.9/src/selinuxswig_python_wrap.c:13016:8: return_function: returning to ‘_wrap_new_security_class_mapping’ from ‘SWIG_Python_UnpackTuple’
libselinux-3.9/src/selinuxswig_python_wrap.c:13016:6: branch_false: following ‘false’ branch...
libselinux-3.9/src/selinuxswig_python_wrap.c:13017:45: branch_false: ...to here
libselinux-3.9/src/selinuxswig_python_wrap.c:13017:45: acquire_memory: allocated here
libselinux-3.9/src/selinuxswig_python_wrap.c:13018:15: call_function: calling ‘SWIG_Python_NewPointerObj’ from ‘_wrap_new_security_class_mapping’
# 2451|   #endif
# 2452|   #endif
# 2453|->   if (pytype && PyModule_AddObject(runtime_data_module, "SwigPyObject", pytype) == 0)
# 2454|       SWIG_Py_INCREF(pytype);
# 2455|     return (PyTypeObject *)pytype;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def178]
libselinux-3.9/src/selinuxswig_python_wrap.c:2462:24: warning[-Wanalyzer-malloc-leak]: leak of ‘result’
libselinux-3.9/src/selinuxswig_python_wrap.c:12278:22: enter_function: entry to ‘_wrap_new_SELboolean’
libselinux-3.9/src/selinuxswig_python_wrap.c:12283:8: call_function: calling ‘SWIG_Python_UnpackTuple’ from ‘_wrap_new_SELboolean’
libselinux-3.9/src/selinuxswig_python_wrap.c:12283:8: return_function: returning to ‘_wrap_new_SELboolean’ from ‘SWIG_Python_UnpackTuple’
libselinux-3.9/src/selinuxswig_python_wrap.c:12283:6: branch_false: following ‘false’ branch...
libselinux-3.9/src/selinuxswig_python_wrap.c:12284:26: branch_false: ...to here
libselinux-3.9/src/selinuxswig_python_wrap.c:12284:26: acquire_memory: allocated here
libselinux-3.9/src/selinuxswig_python_wrap.c:12285:15: call_function: calling ‘SWIG_Python_NewPointerObj’ from ‘_wrap_new_SELboolean’
# 2460|   SwigPyObject_New(void *ptr, swig_type_info *ty, int own)
# 2461|   {
# 2462|->   SwigPyObject *sobj = PyObject_New(SwigPyObject, SwigPyObject_Type());
# 2463|     if (sobj) {
# 2464|       sobj->ptr  = ptr;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def179]
libselinux-3.9/src/selinuxswig_python_wrap.c:3136:16: warning[-Wanalyzer-malloc-leak]: leak of ‘result’
libselinux-3.9/src/selinuxswig_python_wrap.c:12278:22: enter_function: entry to ‘_wrap_new_SELboolean’
libselinux-3.9/src/selinuxswig_python_wrap.c:12283:8: call_function: calling ‘SWIG_Python_UnpackTuple’ from ‘_wrap_new_SELboolean’
libselinux-3.9/src/selinuxswig_python_wrap.c:12283:8: return_function: returning to ‘_wrap_new_SELboolean’ from ‘SWIG_Python_UnpackTuple’
libselinux-3.9/src/selinuxswig_python_wrap.c:12283:6: branch_false: following ‘false’ branch...
libselinux-3.9/src/selinuxswig_python_wrap.c:12284:26: branch_false: ...to here
libselinux-3.9/src/selinuxswig_python_wrap.c:12284:26: acquire_memory: allocated here
libselinux-3.9/src/selinuxswig_python_wrap.c:12285:15: call_function: calling ‘SWIG_Python_NewPointerObj’ from ‘_wrap_new_SELboolean’
# 3134|         }
# 3135|       } else {
# 3136|->       newobj = PyObject_New(SwigPyObject, clientdata->pytype);
# 3137|         if (newobj) {
# 3138|           newobj->swigdict = 0;

Error: CPPCHECK_WARNING (CWE-457): [#def180]
libselinux-3.9/src/selinuxswig_python_wrap.c:13616: error[legacyUninitvar]: Uninitialized variable: arg1
#13614|     arg3 = (char *)(buf3);
#13615|     {
#13616|->     result = (int)matchpathcon_filespec_add(arg1,arg2,(char const *)arg3);
#13617|       if (result < 0) {
#13618|         PyErr_SetFromErrno(PyExc_OSError);

Error: CPPCHECK_WARNING (CWE-476): [#def181]
libselinux-3.9/src/selinuxswig_ruby_wrap.c:1661: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: klass_name
# 1659|     size_t klass_len = 4 + strlen(type->name) + 1;
# 1660|     char *klass_name = (char *) malloc(klass_len);
# 1661|->   SWIG_snprintf(klass_name, klass_len, "TYPE%s", type->name);
# 1662|     if (NIL_P(_cSWIG_Pointer)) {
# 1663|       _cSWIG_Pointer = rb_define_class_under(_mSWIG, "Pointer", rb_cObject);

Error: CPPCHECK_WARNING (CWE-476): [#def182]
libselinux-3.9/src/selinuxswig_ruby_wrap.c:1719: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: klass_name
# 1717|       size_t klass_len = 4 + strlen(type->name) + 1;
# 1718|       klass_name = (char *) malloc(klass_len);
# 1719|->     SWIG_snprintf(klass_name, klass_len, "TYPE%s", type->name);
# 1720|       klass = rb_const_get(_mSWIG, rb_intern(klass_name));
# 1721|       free((void *) klass_name);

Error: CPPCHECK_WARNING (CWE-457): [#def183]
libselinux-3.9/src/selinuxswig_ruby_wrap.c:2170: error[uninitvar]: Uninitialized variable: v
# 2168|         if (rb_funcall(obj, swig_lowerthan_id, 1, INT2FIX(0)) != Qfalse)
# 2169|           return SWIG_OverflowError;
# 2170|->       if (val) *val = v;
# 2171|         return SWIG_OK;
# 2172|       }

Error: CPPCHECK_WARNING (CWE-457): [#def184]
libselinux-3.9/src/selinuxswig_ruby_wrap.c:2254: error[uninitvar]: Uninitialized variable: v
# 2252|       a[1] = (VALUE)(&v);
# 2253|       if (rb_rescue(VALUEFUNC(SWIG_AUX_NUM2LONG), (VALUE)a, VALUEFUNC(SWIG_ruby_failed), 0) != Qnil) {
# 2254|->       if (val) *val = v;
# 2255|         return SWIG_OK;
# 2256|       }

Error: CPPCHECK_WARNING (CWE-457): [#def185]
libselinux-3.9/src/selinuxswig_ruby_wrap.c:2313: error[uninitvar]: Uninitialized variable: v
# 2311|         if (rb_funcall(obj, swig_lowerthan_id, 1, INT2FIX(0)) != Qfalse)
# 2312|           return SWIG_OverflowError;
# 2313|->       if (val) *val = v;
# 2314|         return SWIG_OK;
# 2315|       }

Error: CPPCHECK_WARNING (CWE-457): [#def186]
libselinux-3.9/src/selinuxswig_ruby_wrap.c:10798: error[legacyUninitvar]: Uninitialized variable: arg1
#10796|     }
#10797|     arg3 = (char *)(buf3);
#10798|->   result = (int)matchpathcon_filespec_add(arg1,arg2,(char const *)arg3);
#10799|     vresult = SWIG_From_int((int)(result));
#10800|     if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def187]
libselinux-3.9/src/setenforce.c:29:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/setenforce.c:18:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/setenforce.c:23:9: branch_false: ...to here
libselinux-3.9/src/setenforce.c:24:14: acquire_resource: opened here
libselinux-3.9/src/setenforce.c:25:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/setenforce.c:28:9: branch_false: ...to here
libselinux-3.9/src/setenforce.c:29:15: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   27|   
#   28|   	snprintf(buf, sizeof buf, "%d", value);
#   29|-> 	ret = write(fd, buf, strlen(buf));
#   30|   	close(fd);
#   31|   	if (ret < 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def188]
libselinux-3.9/src/setenforce.c:31:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524290)’
libselinux-3.9/src/setenforce.c:18:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/setenforce.c:23:9: branch_false: ...to here
libselinux-3.9/src/setenforce.c:24:14: acquire_resource: opened here
libselinux-3.9/src/setenforce.c:25:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/setenforce.c:28:9: branch_false: ...to here
libselinux-3.9/src/setenforce.c:31:12: danger: ‘open(&path, 524290)’ leaks here; was opened at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#   29|   	ret = write(fd, buf, strlen(buf));
#   30|   	close(fd);
#   31|-> 	if (ret < 0)
#   32|   		return -1;
#   33|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def189]
libselinux-3.9/src/setrans_client.c:59:29: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
libselinux-3.9/src/setrans_client.c:54:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/setrans_client.c:57:22: acquire_resource: stream socket created here
libselinux-3.9/src/setrans_client.c:58:20: branch_true: following ‘true’ branch (when ‘fd >= 0’)...
libselinux-3.9/src/setrans_client.c:59:29: branch_true: ...to here
libselinux-3.9/src/setrans_client.c:59:29: danger: ‘fd’ leaks here
#   57|   		fd = socket(PF_UNIX, SOCK_STREAM, 0);
#   58|   		if (fd >= 0)
#   59|-> 			if (fcntl(fd, F_SETFD, FD_CLOEXEC)) {
#   60|   				close(fd);
#   61|   				return -1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def190]
libselinux-3.9/src/setrans_client.c:71:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
libselinux-3.9/src/setrans_client.c:53:14: acquire_resource: socket created here
libselinux-3.9/src/setrans_client.c:54:12: branch_false: following ‘false’ branch (when ‘fd >= 0’)...
libselinux-3.9/src/setrans_client.c:67:9: branch_false: ...to here
libselinux-3.9/src/setrans_client.c:70:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/setrans_client.c:71:17: branch_true: ...to here
libselinux-3.9/src/setrans_client.c:71:17: danger: ‘fd’ leaks here
#   69|   
#   70|   	if (strlcpy(addr.sun_path, SETRANS_UNIX_SOCKET, sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) {
#   71|-> 		close(fd);
#   72|   		errno = EOVERFLOW;
#   73|   		return -1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def191]
libselinux-3.9/src/setrans_client.c:76:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
libselinux-3.9/src/setrans_client.c:53:14: acquire_resource: socket created here
libselinux-3.9/src/setrans_client.c:54:12: branch_false: following ‘false’ branch (when ‘fd >= 0’)...
libselinux-3.9/src/setrans_client.c:67:9: branch_false: ...to here
libselinux-3.9/src/setrans_client.c:70:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/setrans_client.c:76:13: branch_false: ...to here
libselinux-3.9/src/setrans_client.c:76:13: danger: ‘fd’ leaks here
#   74|   	}
#   75|   
#   76|-> 	if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
#   77|   		close(fd);
#   78|   		return -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def192]
libselinux-3.9/src/setrans_client.c:184:26: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libselinux-3.9/src/setrans_client.c:149:12: branch_false: following ‘false’ branch (when ‘fd >= 0’)...
libselinux-3.9/src/setrans_client.c:154:9: branch_false: ...to here
libselinux-3.9/src/setrans_client.c:162:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/setrans_client.c:166:12: branch_false: ...to here
libselinux-3.9/src/setrans_client.c:166:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/setrans_client.c:171:13: branch_false: ...to here
libselinux-3.9/src/setrans_client.c:171:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/setrans_client.c:177:16: acquire_memory: allocated here
libselinux-3.9/src/setrans_client.c:178:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
libselinux-3.9/src/setrans_client.c:181:9: branch_false: ...to here
libselinux-3.9/src/setrans_client.c:184:26: danger: ‘data’ leaks here; was allocated at [(9)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/8)
#  182|   	resp_data.iov_len = data_size;
#  183|   
#  184|-> 	while (((count = readv(fd, &resp_data, 1))) < 0 && (errno == EINTR)) ;
#  185|   	if (count < 0 || (uint32_t) count != data_size ||
#  186|   	    data[data_size - 1] != '\0') {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def193]
libselinux-3.9/src/seusers.c:116:22: warning[-Wanalyzer-malloc-leak]: leak of ‘rbuf’
libselinux-3.9/src/seusers.c:188:5: enter_function: entry to ‘getseuserbyname’
libselinux-3.9/src/seusers.c:205:21: call_function: calling ‘get_default_gid’ from ‘getseuserbyname’
#  114|   			break;
#  115|   
#  116|-> 		rc = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
#  117|   		if (rc == ERANGE && rbuflen < LONG_MAX / 2) {
#  118|   			free(rbuf);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def194]
libselinux-3.9/src/seusers.c:147:30: warning[-Wanalyzer-malloc-leak]: leak of ‘level’
libselinux-3.9/src/seusers.c:287:5: enter_function: entry to ‘getseuser’
libselinux-3.9/src/seusers.c:346:12: branch_false: following ‘false’ branch (when ‘fp’ is NULL)...
libselinux-3.9/src/seusers.c:347:9: branch_false: ...to here
libselinux-3.9/src/seusers.c:349:16: branch_true: following ‘true’ branch (when ‘ret != 0’)...
libselinux-3.9/src/seusers.c:349:23: branch_true: ...to here
libselinux-3.9/src/seusers.c:349:23: call_function: calling ‘getseuserbyname’ from ‘getseuser’
#  145|   		if (rbuf == NULL)
#  146|   			return 0;
#  147|-> 		int retval = getgrnam_r(group, &gbuf, rbuf, 
#  148|   				rbuflen, &grent);
#  149|   		if (retval == ERANGE && rbuflen < LONG_MAX / 2)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def195]
libselinux-3.9/src/seusers.c:147:30: warning[-Wanalyzer-malloc-leak]: leak of ‘rbuf’
libselinux-3.9/src/seusers.c:188:5: enter_function: entry to ‘getseuserbyname’
libselinux-3.9/src/seusers.c:205:21: call_function: calling ‘get_default_gid’ from ‘getseuserbyname’
libselinux-3.9/src/seusers.c:205:21: return_function: returning to ‘getseuserbyname’ from ‘get_default_gid’
libselinux-3.9/src/seusers.c:208:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/seusers.c:211:9: branch_false: ...to here
libselinux-3.9/src/seusers.c:212:16: branch_true: following ‘true’ branch...
libselinux-3.9/src/seusers.c:213:17: branch_true: ...to here
libselinux-3.9/src/seusers.c:214:22: call_function: calling ‘process_seusers’ from ‘getseuserbyname’
libselinux-3.9/src/seusers.c:214:22: return_function: returning to ‘getseuserbyname’ from ‘process_seusers’
libselinux-3.9/src/seusers.c:216:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/seusers.c:218:20: branch_false: ...to here
libselinux-3.9/src/seusers.c:218:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/seusers.c:224:22: branch_false: ...to here
libselinux-3.9/src/seusers.c:224:20: branch_false: following ‘false’ branch (when the strings are non-equal)...
libselinux-3.9/src/seusers.c:227:21: branch_false: ...to here
libselinux-3.9/src/seusers.c:227:20: branch_true: following ‘true’ branch...
libselinux-3.9/src/seusers.c:229:21: call_function: calling ‘check_group’ from ‘getseuserbyname’
#  145|   		if (rbuf == NULL)
#  146|   			return 0;
#  147|-> 		int retval = getgrnam_r(group, &gbuf, rbuf, 
#  148|   				rbuflen, &grent);
#  149|   		if (retval == ERANGE && rbuflen < LONG_MAX / 2)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def196]
libselinux-3.9/src/seusers.c:147:30: warning[-Wanalyzer-malloc-leak]: leak of ‘seuser’
libselinux-3.9/src/seusers.c:188:5: enter_function: entry to ‘getseuserbyname’
libselinux-3.9/src/seusers.c:208:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/seusers.c:211:9: branch_false: ...to here
libselinux-3.9/src/seusers.c:212:16: branch_true: following ‘true’ branch...
libselinux-3.9/src/seusers.c:213:17: branch_true: ...to here
libselinux-3.9/src/seusers.c:214:22: call_function: calling ‘process_seusers’ from ‘getseuserbyname’
libselinux-3.9/src/seusers.c:214:22: return_function: returning to ‘getseuserbyname’ from ‘process_seusers’
libselinux-3.9/src/seusers.c:216:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/seusers.c:218:20: branch_false: ...to here
libselinux-3.9/src/seusers.c:218:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/seusers.c:224:22: branch_false: ...to here
libselinux-3.9/src/seusers.c:224:20: branch_false: following ‘false’ branch (when the strings are non-equal)...
libselinux-3.9/src/seusers.c:227:21: branch_false: ...to here
libselinux-3.9/src/seusers.c:227:20: branch_true: following ‘true’ branch...
libselinux-3.9/src/seusers.c:229:21: call_function: calling ‘check_group’ from ‘getseuserbyname’
#  145|   		if (rbuf == NULL)
#  146|   			return 0;
#  147|-> 		int retval = getgrnam_r(group, &gbuf, rbuf, 
#  148|   				rbuflen, &grent);
#  149|   		if (retval == ERANGE && rbuflen < LONG_MAX / 2)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def197]
libselinux-3.9/src/seusers.c:147:30: warning[-Wanalyzer-malloc-leak]: leak of ‘username’
libselinux-3.9/src/seusers.c:188:5: enter_function: entry to ‘getseuserbyname’
libselinux-3.9/src/seusers.c:208:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/seusers.c:211:9: branch_false: ...to here
libselinux-3.9/src/seusers.c:212:16: branch_true: following ‘true’ branch...
libselinux-3.9/src/seusers.c:213:17: branch_true: ...to here
libselinux-3.9/src/seusers.c:214:22: call_function: calling ‘process_seusers’ from ‘getseuserbyname’
libselinux-3.9/src/seusers.c:214:22: return_function: returning to ‘getseuserbyname’ from ‘process_seusers’
libselinux-3.9/src/seusers.c:216:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/seusers.c:218:20: branch_false: ...to here
libselinux-3.9/src/seusers.c:218:20: branch_false: following ‘false’ branch...
libselinux-3.9/src/seusers.c:224:22: branch_false: ...to here
libselinux-3.9/src/seusers.c:224:20: branch_false: following ‘false’ branch (when the strings are non-equal)...
libselinux-3.9/src/seusers.c:227:21: branch_false: ...to here
libselinux-3.9/src/seusers.c:227:20: branch_true: following ‘true’ branch...
libselinux-3.9/src/seusers.c:229:21: call_function: calling ‘check_group’ from ‘getseuserbyname’
#  145|   		if (rbuf == NULL)
#  146|   			return 0;
#  147|-> 		int retval = getgrnam_r(group, &gbuf, rbuf, 
#  148|   				rbuflen, &grent);
#  149|   		if (retval == ERANGE && rbuflen < LONG_MAX / 2)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def198]
libselinux-3.9/src/seusers.c:162:13: warning[-Wanalyzer-malloc-leak]: leak of ‘level’
libselinux-3.9/src/seusers.c:287:5: enter_function: entry to ‘getseuser’
libselinux-3.9/src/seusers.c:346:12: branch_false: following ‘false’ branch (when ‘fp’ is NULL)...
libselinux-3.9/src/seusers.c:347:9: branch_false: ...to here
libselinux-3.9/src/seusers.c:349:16: branch_true: following ‘true’ branch (when ‘ret != 0’)...
libselinux-3.9/src/seusers.c:349:23: branch_true: ...to here
libselinux-3.9/src/seusers.c:349:23: call_function: calling ‘getseuserbyname’ from ‘getseuser’
#  160|   	}
#  161|   
#  162|-> 	if (getgrouplist(name, gid, NULL, &ng) < 0) {
#  163|   		if (ng == 0)
#  164|   			goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def199]
libselinux-3.9/src/seusers.c:162:13: warning[-Wanalyzer-malloc-leak]: leak of ‘seuser’
libselinux-3.9/src/seusers.c:287:5: enter_function: entry to ‘getseuser’
libselinux-3.9/src/seusers.c:346:12: branch_false: following ‘false’ branch (when ‘fp’ is NULL)...
libselinux-3.9/src/seusers.c:347:9: branch_false: ...to here
libselinux-3.9/src/seusers.c:349:16: branch_true: following ‘true’ branch (when ‘ret != 0’)...
libselinux-3.9/src/seusers.c:349:23: branch_true: ...to here
libselinux-3.9/src/seusers.c:349:23: call_function: calling ‘getseuserbyname’ from ‘getseuser’
#  160|   	}
#  161|   
#  162|-> 	if (getgrouplist(name, gid, NULL, &ng) < 0) {
#  163|   		if (ng == 0)
#  164|   			goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def200]
libselinux-3.9/src/seusers.c:162:13: warning[-Wanalyzer-malloc-leak]: leak of ‘username’
libselinux-3.9/src/seusers.c:287:5: enter_function: entry to ‘getseuser’
libselinux-3.9/src/seusers.c:346:12: branch_false: following ‘false’ branch (when ‘fp’ is NULL)...
libselinux-3.9/src/seusers.c:347:9: branch_false: ...to here
libselinux-3.9/src/seusers.c:349:16: branch_true: following ‘true’ branch (when ‘ret != 0’)...
libselinux-3.9/src/seusers.c:349:23: branch_true: ...to here
libselinux-3.9/src/seusers.c:349:23: call_function: calling ‘getseuserbyname’ from ‘getseuser’
#  160|   	}
#  161|   
#  162|-> 	if (getgrouplist(name, gid, NULL, &ng) < 0) {
#  163|   		if (ng == 0)
#  164|   			goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def201]
libselinux-3.9/src/seusers.c:168:21: warning[-Wanalyzer-malloc-leak]: leak of ‘groups’
libselinux-3.9/src/seusers.c:287:5: enter_function: entry to ‘getseuser’
libselinux-3.9/src/seusers.c:346:12: branch_false: following ‘false’ branch (when ‘fp’ is NULL)...
libselinux-3.9/src/seusers.c:347:9: branch_false: ...to here
libselinux-3.9/src/seusers.c:349:16: branch_true: following ‘true’ branch (when ‘ret != 0’)...
libselinux-3.9/src/seusers.c:349:23: branch_true: ...to here
libselinux-3.9/src/seusers.c:349:23: call_function: calling ‘getseuserbyname’ from ‘getseuser’
#  166|   		if (!groups)
#  167|   			goto done;
#  168|-> 		if (getgrouplist(name, gid, groups, &ng) < 0)
#  169|   			goto done;
#  170|   	} else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def202]
libselinux-3.9/src/seusers.c:168:21: warning[-Wanalyzer-malloc-leak]: leak of ‘level’
libselinux-3.9/src/seusers.c:287:5: enter_function: entry to ‘getseuser’
libselinux-3.9/src/seusers.c:346:12: branch_false: following ‘false’ branch (when ‘fp’ is NULL)...
libselinux-3.9/src/seusers.c:347:9: branch_false: ...to here
libselinux-3.9/src/seusers.c:349:16: branch_true: following ‘true’ branch (when ‘ret != 0’)...
libselinux-3.9/src/seusers.c:349:23: branch_true: ...to here
libselinux-3.9/src/seusers.c:349:23: call_function: calling ‘getseuserbyname’ from ‘getseuser’
#  166|   		if (!groups)
#  167|   			goto done;
#  168|-> 		if (getgrouplist(name, gid, groups, &ng) < 0)
#  169|   			goto done;
#  170|   	} else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def203]
libselinux-3.9/src/seusers.c:168:21: warning[-Wanalyzer-malloc-leak]: leak of ‘seuser’
libselinux-3.9/src/seusers.c:287:5: enter_function: entry to ‘getseuser’
libselinux-3.9/src/seusers.c:346:12: branch_false: following ‘false’ branch (when ‘fp’ is NULL)...
libselinux-3.9/src/seusers.c:347:9: branch_false: ...to here
libselinux-3.9/src/seusers.c:349:16: branch_true: following ‘true’ branch (when ‘ret != 0’)...
libselinux-3.9/src/seusers.c:349:23: branch_true: ...to here
libselinux-3.9/src/seusers.c:349:23: call_function: calling ‘getseuserbyname’ from ‘getseuser’
#  166|   		if (!groups)
#  167|   			goto done;
#  168|-> 		if (getgrouplist(name, gid, groups, &ng) < 0)
#  169|   			goto done;
#  170|   	} else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def204]
libselinux-3.9/src/seusers.c:168:21: warning[-Wanalyzer-malloc-leak]: leak of ‘username’
libselinux-3.9/src/seusers.c:287:5: enter_function: entry to ‘getseuser’
libselinux-3.9/src/seusers.c:346:12: branch_false: following ‘false’ branch (when ‘fp’ is NULL)...
libselinux-3.9/src/seusers.c:347:9: branch_false: ...to here
libselinux-3.9/src/seusers.c:349:16: branch_true: following ‘true’ branch (when ‘ret != 0’)...
libselinux-3.9/src/seusers.c:349:23: branch_true: ...to here
libselinux-3.9/src/seusers.c:349:23: call_function: calling ‘getseuserbyname’ from ‘getseuser’
#  166|   		if (!groups)
#  167|   			goto done;
#  168|-> 		if (getgrouplist(name, gid, groups, &ng) < 0)
#  169|   			goto done;
#  170|   	} else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def205]
libselinux-3.9/src/stringrep.c:89:14: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
libselinux-3.9/src/stringrep.c:213:18: enter_function: entry to ‘mode_to_security_class’
libselinux-3.9/src/stringrep.c:215:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/stringrep.c:216:24: branch_true: ...to here
libselinux-3.9/src/stringrep.c:216:24: call_function: calling ‘string_to_security_class’ from ‘mode_to_security_class’
#   87|   		goto err3;
#   88|   
#   89|-> 	fd = open(path, O_RDONLY | O_CLOEXEC);
#   90|   	if (fd < 0)
#   91|   		goto err3;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def206]
libselinux-3.9/src/stringrep.c:89:14: warning[-Wanalyzer-malloc-leak]: leak of ‘node’
libselinux-3.9/src/stringrep.c:213:18: enter_function: entry to ‘mode_to_security_class’
libselinux-3.9/src/stringrep.c:215:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/stringrep.c:216:24: branch_true: ...to here
libselinux-3.9/src/stringrep.c:216:24: call_function: calling ‘string_to_security_class’ from ‘mode_to_security_class’
#   87|   		goto err3;
#   88|   
#   89|-> 	fd = open(path, O_RDONLY | O_CLOEXEC);
#   90|   	if (fd < 0)
#   91|   		goto err3;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def207]
libselinux-3.9/src/stringrep.c:95:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
libselinux-3.9/src/stringrep.c:213:18: enter_function: entry to ‘mode_to_security_class’
libselinux-3.9/src/stringrep.c:215:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/stringrep.c:216:24: branch_true: ...to here
libselinux-3.9/src/stringrep.c:216:24: call_function: calling ‘string_to_security_class’ from ‘mode_to_security_class’
#   93|   	memset(buf, 0, sizeof(buf));
#   94|   	ret = read(fd, buf, sizeof(buf) - 1);
#   95|-> 	close(fd);
#   96|   	if (ret < 0)
#   97|   		goto err3;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def208]
libselinux-3.9/src/stringrep.c:95:9: warning[-Wanalyzer-malloc-leak]: leak of ‘node’
libselinux-3.9/src/stringrep.c:213:18: enter_function: entry to ‘mode_to_security_class’
libselinux-3.9/src/stringrep.c:215:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/stringrep.c:216:24: branch_true: ...to here
libselinux-3.9/src/stringrep.c:216:24: call_function: calling ‘string_to_security_class’ from ‘mode_to_security_class’
#   93|   	memset(buf, 0, sizeof(buf));
#   94|   	ret = read(fd, buf, sizeof(buf) - 1);
#   95|-> 	close(fd);
#   96|   	if (ret < 0)
#   97|   		goto err3;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def209]
libselinux-3.9/src/stringrep.c:96:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524288)’
libselinux-3.9/src/stringrep.c:213:18: enter_function: entry to ‘mode_to_security_class’
libselinux-3.9/src/stringrep.c:215:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/stringrep.c:216:24: branch_true: ...to here
libselinux-3.9/src/stringrep.c:216:24: call_function: calling ‘string_to_security_class’ from ‘mode_to_security_class’
#   94|   	ret = read(fd, buf, sizeof(buf) - 1);
#   95|   	close(fd);
#   96|-> 	if (ret < 0)
#   97|   		goto err3;
#   98|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def210]
libselinux-3.9/src/stringrep.c:111:18: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(&path)’
libselinux-3.9/src/stringrep.c:213:18: enter_function: entry to ‘mode_to_security_class’
libselinux-3.9/src/stringrep.c:215:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/stringrep.c:216:24: branch_true: ...to here
libselinux-3.9/src/stringrep.c:216:24: call_function: calling ‘string_to_security_class’ from ‘mode_to_security_class’
#  109|   		goto err3;
#  110|   
#  111|-> 	dentry = readdir(dir);
#  112|   	while (dentry != NULL) {
#  113|   		unsigned int value;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def211]
libselinux-3.9/src/stringrep.c:148:20: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(&*dentry.d_name)’
libselinux-3.9/src/stringrep.c:213:18: enter_function: entry to ‘mode_to_security_class’
libselinux-3.9/src/stringrep.c:215:12: branch_true: following ‘true’ branch...
libselinux-3.9/src/stringrep.c:216:24: branch_true: ...to here
libselinux-3.9/src/stringrep.c:216:24: call_function: calling ‘string_to_security_class’ from ‘mode_to_security_class’
#  146|   
#  147|   		node->perms[value-1] = strdup(dentry->d_name);
#  148|-> 		if (node->perms[value-1] == NULL)
#  149|   			goto err4;
#  150|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def212]
libselinux-3.9/src/validatetrans.c:41:65: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524289)’
libselinux-3.9/src/validatetrans.c:24:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/validatetrans.c:28:9: branch_false: ...to here
libselinux-3.9/src/validatetrans.c:29:14: acquire_resource: opened here
libselinux-3.9/src/validatetrans.c:30:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/validatetrans.c:34:9: branch_false: ...to here
libselinux-3.9/src/validatetrans.c:37:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/validatetrans.c:41:65: branch_false: ...to here
libselinux-3.9/src/validatetrans.c:41:65: danger: ‘open(&path, 524289)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   39|   	}
#   40|   
#   41|-> 	bufsz = snprintf(buf, size, "%s %s %hu %s", scon, tcon, unmap_class(tclass), newcon);
#   42|   	if (bufsz >= size || bufsz < 0) {
#   43|   		// It got truncated or there was an encoding error

Error: GCC_ANALYZER_WARNING (CWE-401): [#def213]
libselinux-3.9/src/validatetrans.c:41:65: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
libselinux-3.9/src/validatetrans.c:24:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/validatetrans.c:28:9: branch_false: ...to here
libselinux-3.9/src/validatetrans.c:30:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/validatetrans.c:34:9: branch_false: ...to here
libselinux-3.9/src/validatetrans.c:36:15: acquire_memory: allocated here
libselinux-3.9/src/validatetrans.c:37:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/validatetrans.c:41:65: branch_false: ...to here
libselinux-3.9/src/validatetrans.c:41:65: danger: ‘buf’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#   39|   	}
#   40|   
#   41|-> 	bufsz = snprintf(buf, size, "%s %s %hu %s", scon, tcon, unmap_class(tclass), newcon);
#   42|   	if (bufsz >= size || bufsz < 0) {
#   43|   		// It got truncated or there was an encoding error

Error: GCC_ANALYZER_WARNING (CWE-775): [#def214]
libselinux-3.9/src/validatetrans.c:49:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524289)’
libselinux-3.9/src/validatetrans.c:24:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/validatetrans.c:28:9: branch_false: ...to here
libselinux-3.9/src/validatetrans.c:29:14: acquire_resource: opened here
libselinux-3.9/src/validatetrans.c:30:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/validatetrans.c:34:9: branch_false: ...to here
libselinux-3.9/src/validatetrans.c:37:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
libselinux-3.9/src/validatetrans.c:41:65: branch_false: ...to here
libselinux-3.9/src/validatetrans.c:42:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/validatetrans.c:48:9: branch_false: ...to here
libselinux-3.9/src/validatetrans.c:49:15: danger: ‘open(&path, 524289)’ leaks here; was opened at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#   47|   	// clear errno for write()
#   48|   	errno = 0;
#   49|-> 	ret = write(fd, buf, strlen(buf));
#   50|   	if (ret > 0) {
#   51|   		// The kernel returns the bytes written on success, not 0 as noted in the commit message

Error: GCC_ANALYZER_WARNING (CWE-775): [#def215]
libselinux-3.9/src/validatetrans.c:56:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&path, 524289)’
libselinux-3.9/src/validatetrans.c:24:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/validatetrans.c:28:9: branch_false: ...to here
libselinux-3.9/src/validatetrans.c:29:14: acquire_resource: opened here
libselinux-3.9/src/validatetrans.c:30:12: branch_false: following ‘false’ branch...
libselinux-3.9/src/validatetrans.c:34:9: branch_false: ...to here
libselinux-3.9/src/validatetrans.c:56:9: danger: ‘open(&path, 524289)’ leaks here; was opened at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#   54|   out:
#   55|   	free(buf);
#   56|-> 	close(fd);
#   57|   	return ret;
#   58|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def216]
libselinux-3.9/utils/avcstat.c:160:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&avcstatfile, 0)’
libselinux-3.9/utils/avcstat.c:95:5: enter_function: entry to ‘main’
libselinux-3.9/utils/avcstat.c:146:12: branch_false: following ‘false’ branch (when ‘i >= 0’)...
libselinux-3.9/utils/avcstat.c:149:9: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:149:9: call_function: calling ‘set_window_rows’ from ‘main’
libselinux-3.9/utils/avcstat.c:149:9: return_function: returning to ‘main’ from ‘set_window_rows’
libselinux-3.9/utils/avcstat.c:150:14: acquire_resource: opened here
libselinux-3.9/utils/avcstat.c:151:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
libselinux-3.9/utils/avcstat.c:160:20: danger: ‘open(&avcstatfile, 0)’ leaks here; was opened at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#  158|   		memset(buf, 0, DEF_BUF_SIZE);
#  159|   		ret = read(fd, buf, DEF_BUF_SIZE-1);
#  160|-> 		if (ret < 0)
#  161|   			die("read");
#  162|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def217]
libselinux-3.9/utils/avcstat.c:163:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&avcstatfile, 0)’
libselinux-3.9/utils/avcstat.c:95:5: enter_function: entry to ‘main’
libselinux-3.9/utils/avcstat.c:146:12: branch_false: following ‘false’ branch (when ‘i >= 0’)...
libselinux-3.9/utils/avcstat.c:149:9: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:149:9: call_function: calling ‘set_window_rows’ from ‘main’
libselinux-3.9/utils/avcstat.c:149:9: return_function: returning to ‘main’ from ‘set_window_rows’
libselinux-3.9/utils/avcstat.c:150:14: acquire_resource: opened here
libselinux-3.9/utils/avcstat.c:151:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
libselinux-3.9/utils/avcstat.c:160:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/avcstat.c:163:20: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:163:20: danger: ‘open(&avcstatfile, 0)’ leaks here; was opened at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8)
#  161|   			die("read");
#  162|   
#  163|-> 		if (ret == 0)
#  164|   			die("read: \'%s\': unexpected end of file",
#  165|   			    avcstatfile);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def218]
libselinux-3.9/utils/avcstat.c:168:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&avcstatfile, 0)’
libselinux-3.9/utils/avcstat.c:95:5: enter_function: entry to ‘main’
libselinux-3.9/utils/avcstat.c:146:12: branch_false: following ‘false’ branch (when ‘i >= 0’)...
libselinux-3.9/utils/avcstat.c:149:9: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:149:9: call_function: calling ‘set_window_rows’ from ‘main’
libselinux-3.9/utils/avcstat.c:149:9: return_function: returning to ‘main’ from ‘set_window_rows’
libselinux-3.9/utils/avcstat.c:150:14: acquire_resource: opened here
libselinux-3.9/utils/avcstat.c:151:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
libselinux-3.9/utils/avcstat.c:160:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/avcstat.c:163:20: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:163:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/avcstat.c:167:24: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:168:20: danger: ‘open(&avcstatfile, 0)’ leaks here; was opened at [(9)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/8)
#  166|   
#  167|   		line = strtok(buf, "\n");
#  168|-> 		if (!line)
#  169|   			die("unable to parse \'%s\': end of line not found",
#  170|   			    avcstatfile);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def219]
libselinux-3.9/utils/avcstat.c:172:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&avcstatfile, 0)’
libselinux-3.9/utils/avcstat.c:95:5: enter_function: entry to ‘main’
libselinux-3.9/utils/avcstat.c:146:12: branch_false: following ‘false’ branch (when ‘i >= 0’)...
libselinux-3.9/utils/avcstat.c:149:9: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:149:9: call_function: calling ‘set_window_rows’ from ‘main’
libselinux-3.9/utils/avcstat.c:149:9: return_function: returning to ‘main’ from ‘set_window_rows’
libselinux-3.9/utils/avcstat.c:150:14: acquire_resource: opened here
libselinux-3.9/utils/avcstat.c:151:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
libselinux-3.9/utils/avcstat.c:160:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/avcstat.c:163:20: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:163:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/avcstat.c:167:24: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:168:20: branch_false: following ‘false’ branch (when ‘line’ is non-NULL)...
libselinux-3.9/utils/avcstat.c:172:21: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:172:20: danger: ‘open(&avcstatfile, 0)’ leaks here; was opened at [(9)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/8)
#  170|   			    avcstatfile);
#  171|   
#  172|-> 		if (strcmp(line, HEADERS))
#  173|   			die("unable to parse \'%s\': invalid headers",
#  174|   			    avcstatfile);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def220]
libselinux-3.9/utils/avcstat.c:191:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&avcstatfile, 0)’
libselinux-3.9/utils/avcstat.c:146:12: branch_false: following ‘false’ branch (when ‘i >= 0’)...
libselinux-3.9/utils/avcstat.c:149:9: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:150:14: acquire_resource: opened here
libselinux-3.9/utils/avcstat.c:151:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
libselinux-3.9/utils/avcstat.c:160:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/avcstat.c:163:20: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:163:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/avcstat.c:167:24: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:168:20: branch_false: following ‘false’ branch (when ‘line’ is non-NULL)...
libselinux-3.9/utils/avcstat.c:172:21: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:172:20: branch_false: following ‘false’ branch (when the strings are equal)...
libselinux-3.9/utils/avcstat.c:176:20: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:176:20: branch_true: following ‘true’ branch (when ‘i == 0’)...
libselinux-3.9/utils/avcstat.c:177:25: branch_true: ...to here
libselinux-3.9/utils/avcstat.c:182:24: branch_true: following ‘true’ branch (when ‘line’ is non-NULL)...
libselinux-3.9/utils/avcstat.c:185:31: branch_true: ...to here
libselinux-3.9/utils/avcstat.c:191:28: danger: ‘open(&avcstatfile, 0)’ leaks here; was opened at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  189|   				     &tmp.allocations,
#  190|   				     &tmp.reclaims, &tmp.frees);
#  191|-> 			if (ret != 6)
#  192|   				die("unable to parse \'%s\': scan error",
#  193|   				    avcstatfile);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def221]
libselinux-3.9/utils/avcstat.c:195:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&avcstatfile, 0)’
libselinux-3.9/utils/avcstat.c:146:12: branch_false: following ‘false’ branch (when ‘i >= 0’)...
libselinux-3.9/utils/avcstat.c:149:9: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:150:14: acquire_resource: opened here
libselinux-3.9/utils/avcstat.c:151:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
libselinux-3.9/utils/avcstat.c:160:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/avcstat.c:163:20: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:163:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/avcstat.c:167:24: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:168:20: branch_false: following ‘false’ branch (when ‘line’ is non-NULL)...
libselinux-3.9/utils/avcstat.c:172:21: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:172:20: branch_false: following ‘false’ branch (when the strings are equal)...
libselinux-3.9/utils/avcstat.c:176:20: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:176:20: branch_true: following ‘true’ branch (when ‘i == 0’)...
libselinux-3.9/utils/avcstat.c:177:25: branch_true: ...to here
libselinux-3.9/utils/avcstat.c:182:24: branch_true: following ‘true’ branch (when ‘line’ is non-NULL)...
libselinux-3.9/utils/avcstat.c:185:31: branch_true: ...to here
libselinux-3.9/utils/avcstat.c:191:28: branch_false: following ‘false’ branch...
libselinux-3.9/utils/avcstat.c:195:25: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:182:24: branch_true: following ‘true’ branch (when ‘line’ is non-NULL)...
libselinux-3.9/utils/avcstat.c:185:31: branch_true: ...to here
libselinux-3.9/utils/avcstat.c:195:25: danger: ‘open(&avcstatfile, 0)’ leaks here; was opened at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  193|   				    avcstatfile);
#  194|   
#  195|-> 			tot.lookups += tmp.lookups;
#  196|   			tot.hits += tmp.hits;
#  197|   			tot.misses += tmp.misses;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def222]
libselinux-3.9/utils/avcstat.c:204:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&avcstatfile, 0)’
libselinux-3.9/utils/avcstat.c:95:5: enter_function: entry to ‘main’
libselinux-3.9/utils/avcstat.c:146:12: branch_false: following ‘false’ branch (when ‘i >= 0’)...
libselinux-3.9/utils/avcstat.c:149:9: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:149:9: call_function: calling ‘set_window_rows’ from ‘main’
libselinux-3.9/utils/avcstat.c:149:9: return_function: returning to ‘main’ from ‘set_window_rows’
libselinux-3.9/utils/avcstat.c:150:14: acquire_resource: opened here
libselinux-3.9/utils/avcstat.c:151:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
libselinux-3.9/utils/avcstat.c:160:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/avcstat.c:163:20: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:163:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/avcstat.c:167:24: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:168:20: branch_false: following ‘false’ branch (when ‘line’ is non-NULL)...
libselinux-3.9/utils/avcstat.c:172:21: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:172:20: branch_false: following ‘false’ branch (when the strings are equal)...
libselinux-3.9/utils/avcstat.c:176:20: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:176:20: branch_true: following ‘true’ branch (when ‘i == 0’)...
libselinux-3.9/utils/avcstat.c:177:25: branch_true: ...to here
libselinux-3.9/utils/avcstat.c:182:24: branch_false: following ‘false’ branch (when ‘line’ is NULL)...
libselinux-3.9/utils/avcstat.c:204:20: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:204:20: danger: ‘open(&avcstatfile, 0)’ leaks here; was opened at [(9)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/8)
#  202|   		}
#  203|   
#  204|-> 		if (!parsed)
#  205|   			die("unable to parse \'%s\': no data", avcstatfile);
#  206|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def223]
libselinux-3.9/utils/avcstat.c:227:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&avcstatfile, 0)’
libselinux-3.9/utils/avcstat.c:130:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/avcstat.c:134:20: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:134:20: branch_false: following ‘false’ branch (when ‘n != 0’)...
libselinux-3.9/utils/avcstat.c:138:17: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:146:12: branch_false: following ‘false’ branch (when ‘i >= 0’)...
libselinux-3.9/utils/avcstat.c:149:9: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:150:14: acquire_resource: opened here
libselinux-3.9/utils/avcstat.c:151:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
libselinux-3.9/utils/avcstat.c:160:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/avcstat.c:163:20: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:163:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/avcstat.c:167:24: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:168:20: branch_false: following ‘false’ branch (when ‘line’ is non-NULL)...
libselinux-3.9/utils/avcstat.c:172:21: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:172:20: branch_false: following ‘false’ branch (when the strings are equal)...
libselinux-3.9/utils/avcstat.c:176:20: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:176:20: branch_true: following ‘true’ branch (when ‘i == 0’)...
libselinux-3.9/utils/avcstat.c:177:25: branch_true: ...to here
libselinux-3.9/utils/avcstat.c:182:24: branch_true: following ‘true’ branch (when ‘line’ is non-NULL)...
libselinux-3.9/utils/avcstat.c:185:31: branch_true: ...to here
libselinux-3.9/utils/avcstat.c:191:28: branch_false: following ‘false’ branch...
libselinux-3.9/utils/avcstat.c:195:25: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:182:24: branch_false: following ‘false’ branch (when ‘line’ is NULL)...
libselinux-3.9/utils/avcstat.c:204:20: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:204:20: branch_false: following ‘false’ branch (when ‘parsed != 0’)...
libselinux-3.9/utils/avcstat.c:207:21: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:207:20: branch_true: following ‘true’ branch...
libselinux-3.9/utils/avcstat.c:208:25: branch_true: ...to here
libselinux-3.9/utils/avcstat.c:223:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/avcstat.c:226:17: branch_false: ...to here
libselinux-3.9/utils/avcstat.c:227:17: danger: ‘open(&avcstatfile, 0)’ leaks here; was opened at [(7)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/6)
#  225|   
#  226|   		memcpy(&last, &tot, sizeof(last));
#  227|-> 		sleep(interval);
#  228|   
#  229|   		ret = lseek(fd, 0, 0);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def224]
libselinux-3.9/utils/getconlist.c:47:14: warning[-Wanalyzer-malloc-leak]: leak of ‘level’
libselinux-3.9/utils/getconlist.c:27:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
libselinux-3.9/utils/getconlist.c:28:17: branch_true: ...to here
libselinux-3.9/utils/getconlist.c:28:17: branch_true: following ‘true’ branch (when ‘opt == 108’)...
libselinux-3.9/utils/getconlist.c:29:17: branch_true: ...to here
libselinux-3.9/utils/getconlist.c:31:33: acquire_memory: allocated here
libselinux-3.9/utils/getconlist.c:32:28: branch_false: following ‘false’ branch (when ‘level’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/utils/getconlist.c:43:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getconlist.c:47:14: branch_false: ...to here
libselinux-3.9/utils/getconlist.c:47:14: danger: ‘level’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#   45|   
#   46|   	/* If selinux isn't available, bail out. */
#   47|-> 	if (!is_selinux_enabled()) {
#   48|   		fprintf(stderr,
#   49|   			"getconlist may be used only on a SELinux kernel.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def225]
libselinux-3.9/utils/getconlist.c:58:21: warning[-Wanalyzer-malloc-leak]: leak of ‘level’
libselinux-3.9/utils/getconlist.c:27:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
libselinux-3.9/utils/getconlist.c:28:17: branch_true: ...to here
libselinux-3.9/utils/getconlist.c:28:17: branch_true: following ‘true’ branch (when ‘opt == 108’)...
libselinux-3.9/utils/getconlist.c:29:17: branch_true: ...to here
libselinux-3.9/utils/getconlist.c:31:33: acquire_memory: allocated here
libselinux-3.9/utils/getconlist.c:32:28: branch_false: following ‘false’ branch (when ‘level’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/utils/getconlist.c:43:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getconlist.c:47:14: branch_false: ...to here
libselinux-3.9/utils/getconlist.c:47:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getconlist.c:54:20: branch_false: ...to here
libselinux-3.9/utils/getconlist.c:57:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/getconlist.c:58:21: branch_true: ...to here
libselinux-3.9/utils/getconlist.c:58:21: danger: ‘level’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#   56|   	/* If a context wasn't passed, use the current context. */
#   57|   	if (((argc - optind) < 2)) {
#   58|-> 		if (getcon(&cur_con) < 0) {
#   59|   			fprintf(stderr, "Couldn't get current context:  %s\n", strerror(errno));
#   60|   			free(level);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def226]
libselinux-3.9/utils/getconlist.c:66:21: warning[-Wanalyzer-malloc-leak]: leak of ‘level’
libselinux-3.9/utils/getconlist.c:27:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
libselinux-3.9/utils/getconlist.c:28:17: branch_true: ...to here
libselinux-3.9/utils/getconlist.c:28:17: branch_true: following ‘true’ branch (when ‘opt == 108’)...
libselinux-3.9/utils/getconlist.c:29:17: branch_true: ...to here
libselinux-3.9/utils/getconlist.c:31:33: acquire_memory: allocated here
libselinux-3.9/utils/getconlist.c:32:28: branch_false: following ‘false’ branch (when ‘level’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/utils/getconlist.c:43:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getconlist.c:47:14: branch_false: ...to here
libselinux-3.9/utils/getconlist.c:47:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getconlist.c:54:20: branch_false: ...to here
libselinux-3.9/utils/getconlist.c:57:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getconlist.c:65:36: branch_false: ...to here
libselinux-3.9/utils/getconlist.c:66:21: danger: ‘level’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#   64|   	} else {
#   65|   		cur_context = argv[optind + 1];
#   66|-> 		if (security_check_context(cur_context) != 0) {
#   67|   			fprintf(stderr, "Given context '%s' is invalid.\n", cur_context);
#   68|   			free(level);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def227]
libselinux-3.9/utils/getconlist.c:76:21: warning[-Wanalyzer-malloc-leak]: leak of ‘level’
libselinux-3.9/utils/getconlist.c:27:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
libselinux-3.9/utils/getconlist.c:28:17: branch_true: ...to here
libselinux-3.9/utils/getconlist.c:28:17: branch_true: following ‘true’ branch (when ‘opt == 108’)...
libselinux-3.9/utils/getconlist.c:29:17: branch_true: ...to here
libselinux-3.9/utils/getconlist.c:31:33: acquire_memory: allocated here
libselinux-3.9/utils/getconlist.c:32:28: branch_false: following ‘false’ branch (when ‘level’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/utils/getconlist.c:43:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getconlist.c:47:14: branch_false: ...to here
libselinux-3.9/utils/getconlist.c:47:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getconlist.c:54:20: branch_false: ...to here
libselinux-3.9/utils/getconlist.c:57:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getconlist.c:65:36: branch_false: ...to here
libselinux-3.9/utils/getconlist.c:66:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getconlist.c:74:12: branch_false: ...to here
libselinux-3.9/utils/getconlist.c:74:12: branch_true: following ‘true’ branch (when ‘level’ is non-NULL)...
libselinux-3.9/utils/getconlist.c:76:21: branch_true: ...to here
libselinux-3.9/utils/getconlist.c:76:21: danger: ‘level’ leaks here; was allocated at [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
#   74|   	if (level)
#   75|   		ret =
#   76|-> 		    get_ordered_context_list_with_level(user, level,
#   77|   							cur_context, &list);
#   78|   	else

Error: GCC_ANALYZER_WARNING (CWE-401): [#def228]
libselinux-3.9/utils/getdefaultcon.c:55:14: warning[-Wanalyzer-malloc-leak]: leak of ‘level’
libselinux-3.9/utils/getdefaultcon.c:29:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
libselinux-3.9/utils/getdefaultcon.c:30:17: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:33:33: acquire_memory: allocated here
libselinux-3.9/utils/getdefaultcon.c:51:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:55:14: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:55:14: danger: ‘level’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#   53|   
#   54|   	/* If selinux isn't available, bail out. */
#   55|-> 	if (!is_selinux_enabled()) {
#   56|   		fprintf(stderr,
#   57|   			"%s may be used only on a SELinux kernel.\n", argv[0]);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def229]
libselinux-3.9/utils/getdefaultcon.c:55:14: warning[-Wanalyzer-malloc-leak]: leak of ‘role’
libselinux-3.9/utils/getdefaultcon.c:29:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
libselinux-3.9/utils/getdefaultcon.c:30:17: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:37:32: acquire_memory: allocated here
libselinux-3.9/utils/getdefaultcon.c:51:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:55:14: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:55:14: danger: ‘role’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#   53|   
#   54|   	/* If selinux isn't available, bail out. */
#   55|-> 	if (!is_selinux_enabled()) {
#   56|   		fprintf(stderr,
#   57|   			"%s may be used only on a SELinux kernel.\n", argv[0]);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def230]
libselinux-3.9/utils/getdefaultcon.c:55:14: warning[-Wanalyzer-malloc-leak]: leak of ‘service’
libselinux-3.9/utils/getdefaultcon.c:29:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
libselinux-3.9/utils/getdefaultcon.c:30:17: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:41:35: acquire_memory: allocated here
libselinux-3.9/utils/getdefaultcon.c:51:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:55:14: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:55:14: danger: ‘service’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   53|   
#   54|   	/* If selinux isn't available, bail out. */
#   55|-> 	if (!is_selinux_enabled()) {
#   56|   		fprintf(stderr,
#   57|   			"%s may be used only on a SELinux kernel.\n", argv[0]);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def231]
libselinux-3.9/utils/getdefaultcon.c:68:21: warning[-Wanalyzer-malloc-leak]: leak of ‘level’
libselinux-3.9/utils/getdefaultcon.c:29:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
libselinux-3.9/utils/getdefaultcon.c:30:17: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:33:33: acquire_memory: allocated here
libselinux-3.9/utils/getdefaultcon.c:51:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:55:14: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:55:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:64:20: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:67:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/getdefaultcon.c:68:21: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:68:21: danger: ‘level’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#   66|   	/* If a context wasn't passed, use the current context. */
#   67|   	if ((argc - optind) < 2) {
#   68|-> 		if (getcon(&cur_con) < 0) {
#   69|   			fprintf(stderr, "%s:  couldn't get current context:  %s\n", argv[0], strerror(errno));
#   70|   			free(level);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def232]
libselinux-3.9/utils/getdefaultcon.c:68:21: warning[-Wanalyzer-malloc-leak]: leak of ‘role’
libselinux-3.9/utils/getdefaultcon.c:29:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
libselinux-3.9/utils/getdefaultcon.c:30:17: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:37:32: acquire_memory: allocated here
libselinux-3.9/utils/getdefaultcon.c:51:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:55:14: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:55:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:64:20: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:67:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/getdefaultcon.c:68:21: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:68:21: danger: ‘role’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#   66|   	/* If a context wasn't passed, use the current context. */
#   67|   	if ((argc - optind) < 2) {
#   68|-> 		if (getcon(&cur_con) < 0) {
#   69|   			fprintf(stderr, "%s:  couldn't get current context:  %s\n", argv[0], strerror(errno));
#   70|   			free(level);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def233]
libselinux-3.9/utils/getdefaultcon.c:68:21: warning[-Wanalyzer-malloc-leak]: leak of ‘service’
libselinux-3.9/utils/getdefaultcon.c:29:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
libselinux-3.9/utils/getdefaultcon.c:30:17: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:41:35: acquire_memory: allocated here
libselinux-3.9/utils/getdefaultcon.c:51:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:55:14: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:55:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:64:20: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:67:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/getdefaultcon.c:68:21: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:68:21: danger: ‘service’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#   66|   	/* If a context wasn't passed, use the current context. */
#   67|   	if ((argc - optind) < 2) {
#   68|-> 		if (getcon(&cur_con) < 0) {
#   69|   			fprintf(stderr, "%s:  couldn't get current context:  %s\n", argv[0], strerror(errno));
#   70|   			free(level);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def234]
libselinux-3.9/utils/getdefaultcon.c:79:13: warning[-Wanalyzer-malloc-leak]: leak of ‘level’
libselinux-3.9/utils/getdefaultcon.c:29:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
libselinux-3.9/utils/getdefaultcon.c:30:17: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:33:33: acquire_memory: allocated here
libselinux-3.9/utils/getdefaultcon.c:51:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:55:14: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:55:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:64:20: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:67:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/getdefaultcon.c:68:21: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:68:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:75:17: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:79:13: danger: ‘level’ leaks here; was allocated at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
#   77|   		cur_context = argv[optind + 1];
#   78|   
#   79|-> 	if (security_check_context(cur_context)) {
#   80|   		fprintf(stderr, "%s:  invalid from context '%s'\n", argv[0], cur_context);
#   81|   		free(cur_con);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def235]
libselinux-3.9/utils/getdefaultcon.c:79:13: warning[-Wanalyzer-malloc-leak]: leak of ‘role’
libselinux-3.9/utils/getdefaultcon.c:29:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
libselinux-3.9/utils/getdefaultcon.c:30:17: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:37:32: acquire_memory: allocated here
libselinux-3.9/utils/getdefaultcon.c:51:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:55:14: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:55:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:64:20: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:67:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/getdefaultcon.c:68:21: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:68:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:75:17: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:79:13: danger: ‘role’ leaks here; was allocated at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#   77|   		cur_context = argv[optind + 1];
#   78|   
#   79|-> 	if (security_check_context(cur_context)) {
#   80|   		fprintf(stderr, "%s:  invalid from context '%s'\n", argv[0], cur_context);
#   81|   		free(cur_con);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def236]
libselinux-3.9/utils/getdefaultcon.c:88:15: warning[-Wanalyzer-malloc-leak]: leak of ‘level’
libselinux-3.9/utils/getdefaultcon.c:29:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
libselinux-3.9/utils/getdefaultcon.c:30:17: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:33:33: acquire_memory: allocated here
libselinux-3.9/utils/getdefaultcon.c:51:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:55:14: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:55:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:64:20: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:67:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/getdefaultcon.c:68:21: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:68:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:75:17: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:79:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:88:15: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:88:15: danger: ‘level’ leaks here; was allocated at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2)
#   86|   	}
#   87|   
#   88|-> 	ret = getseuser(user, service, &seuser, &dlevel);
#   89|   	if (ret) {
#   90|   		fprintf(stderr, "%s:  failed to get seuser:  %s\n", argv[0], strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def237]
libselinux-3.9/utils/getdefaultcon.c:88:15: warning[-Wanalyzer-malloc-leak]: leak of ‘role’
libselinux-3.9/utils/getdefaultcon.c:29:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
libselinux-3.9/utils/getdefaultcon.c:30:17: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:37:32: acquire_memory: allocated here
libselinux-3.9/utils/getdefaultcon.c:51:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:55:14: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:55:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:64:20: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:67:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/getdefaultcon.c:68:21: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:68:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:75:17: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:79:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:88:15: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:88:15: danger: ‘role’ leaks here; was allocated at [(3)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/2)
#   86|   	}
#   87|   
#   88|-> 	ret = getseuser(user, service, &seuser, &dlevel);
#   89|   	if (ret) {
#   90|   		fprintf(stderr, "%s:  failed to get seuser:  %s\n", argv[0], strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def238]
libselinux-3.9/utils/getdefaultcon.c:96:23: warning[-Wanalyzer-malloc-leak]: leak of ‘role’
libselinux-3.9/utils/getdefaultcon.c:29:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
libselinux-3.9/utils/getdefaultcon.c:30:17: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:37:32: acquire_memory: allocated here
libselinux-3.9/utils/getdefaultcon.c:51:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:55:14: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:55:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:64:20: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:67:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/getdefaultcon.c:68:21: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:68:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:75:17: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:79:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:88:15: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:89:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:94:12: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:94:12: branch_true: following ‘true’ branch (when ‘level’ is NULL)...
libselinux-3.9/utils/getdefaultcon.c:94:22: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:95:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/getdefaultcon.c:96:23: danger: ‘role’ leaks here; was allocated at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2)
#   94|   	if (! level) level=dlevel;
#   95|   	if (role != NULL && role[0])
#   96|-> 		ret = get_default_context_with_rolelevel(seuser, role, level, cur_context, &usercon);
#   97|   	else
#   98|   		ret = get_default_context_with_level(seuser, level, cur_context, &usercon);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def239]
libselinux-3.9/utils/getdefaultcon.c:98:23: warning[-Wanalyzer-malloc-leak]: leak of ‘level’
libselinux-3.9/utils/getdefaultcon.c:29:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
libselinux-3.9/utils/getdefaultcon.c:30:17: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:33:33: acquire_memory: allocated here
libselinux-3.9/utils/getdefaultcon.c:51:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:55:14: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:55:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:64:20: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:67:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/getdefaultcon.c:68:21: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:68:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:75:17: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:79:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:88:15: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:89:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:94:12: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:94:12: branch_false: following ‘false’ branch (when ‘level’ is non-NULL)...
libselinux-3.9/utils/getdefaultcon.c:95:12: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:95:12: branch_false: following ‘false’ branch (when ‘role’ is NULL)...
libselinux-3.9/utils/getdefaultcon.c:98:23: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:98:23: danger: ‘level’ leaks here; was allocated at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2)
#   96|   		ret = get_default_context_with_rolelevel(seuser, role, level, cur_context, &usercon);
#   97|   	else
#   98|-> 		ret = get_default_context_with_level(seuser, level, cur_context, &usercon);
#   99|   	if (ret) {
#  100|   		fprintf(stderr, "%s:  failed to get default context:  %s\n", argv[0], strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def240]
libselinux-3.9/utils/getdefaultcon.c:98:23: warning[-Wanalyzer-malloc-leak]: leak of ‘role’
libselinux-3.9/utils/getdefaultcon.c:29:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
libselinux-3.9/utils/getdefaultcon.c:30:17: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:37:32: acquire_memory: allocated here
libselinux-3.9/utils/getdefaultcon.c:51:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:55:14: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:55:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:64:20: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:67:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/getdefaultcon.c:68:21: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:68:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:75:17: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:79:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:88:15: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:89:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:94:12: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:94:12: branch_true: following ‘true’ branch (when ‘level’ is NULL)...
libselinux-3.9/utils/getdefaultcon.c:94:22: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:95:12: branch_true: following ‘true’ branch (when ‘role’ is non-NULL)...
libselinux-3.9/utils/getdefaultcon.c:95:29: branch_true: ...to here
libselinux-3.9/utils/getdefaultcon.c:95:13: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getdefaultcon.c:98:23: branch_false: ...to here
libselinux-3.9/utils/getdefaultcon.c:98:23: danger: ‘role’ leaks here; was allocated at [(3)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/2)
#   96|   		ret = get_default_context_with_rolelevel(seuser, role, level, cur_context, &usercon);
#   97|   	else
#   98|-> 		ret = get_default_context_with_level(seuser, level, cur_context, &usercon);
#   99|   	if (ret) {
#  100|   		fprintf(stderr, "%s:  failed to get default context:  %s\n", argv[0], strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def241]
libselinux-3.9/utils/getsebool.c:75:26: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
libselinux-3.9/utils/getsebool.c:49:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getsebool.c:54:13: branch_false: ...to here
libselinux-3.9/utils/getsebool.c:54:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/getsebool.c:55:20: branch_true: ...to here
libselinux-3.9/utils/getsebool.c:55:20: branch_false: following ‘false’ branch (when ‘argc > 1’)...
libselinux-3.9/utils/getsebool.c:57:23: branch_false: ...to here
libselinux-3.9/utils/getsebool.c:59:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
libselinux-3.9/utils/getsebool.c:63:29: branch_true: following ‘true’ branch...
libselinux-3.9/utils/getsebool.c:64:48: branch_true: ...to here
libselinux-3.9/utils/getsebool.c:64:36: acquire_memory: allocated here
libselinux-3.9/utils/getsebool.c:65:28: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getsebool.c:63:38: branch_false: ...to here
libselinux-3.9/utils/getsebool.c:63:29: branch_false: following ‘false’ branch...
 branch_false: ...to here
libselinux-3.9/utils/getsebool.c:74:21: branch_true: following ‘true’ branch...
libselinux-3.9/utils/getsebool.c:75:59: branch_true: ...to here
libselinux-3.9/utils/getsebool.c:75:26: danger: ‘<unknown>’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10)
#   73|   
#   74|   	for (i = 0; i < len; i++) {
#   75|-> 		active = security_get_boolean_active(names[i]);
#   76|   		if (active < 0) {
#   77|   			if (get_all && errno == EACCES) 

Error: GCC_ANALYZER_WARNING (CWE-401): [#def242]
libselinux-3.9/utils/getsebool.c:75:26: warning[-Wanalyzer-malloc-leak]: leak of ‘names’
libselinux-3.9/utils/getsebool.c:49:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getsebool.c:54:13: branch_false: ...to here
libselinux-3.9/utils/getsebool.c:54:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/getsebool.c:55:20: branch_true: ...to here
libselinux-3.9/utils/getsebool.c:55:20: branch_false: following ‘false’ branch (when ‘argc > 1’)...
libselinux-3.9/utils/getsebool.c:57:23: branch_false: ...to here
libselinux-3.9/utils/getsebool.c:58:25: acquire_memory: allocated here
libselinux-3.9/utils/getsebool.c:59:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
libselinux-3.9/utils/getsebool.c:63:29: branch_true: following ‘true’ branch...
libselinux-3.9/utils/getsebool.c:64:48: branch_true: ...to here
libselinux-3.9/utils/getsebool.c:65:28: branch_false: following ‘false’ branch...
libselinux-3.9/utils/getsebool.c:63:38: branch_false: ...to here
libselinux-3.9/utils/getsebool.c:63:29: branch_false: following ‘false’ branch...
 branch_false: ...to here
libselinux-3.9/utils/getsebool.c:74:21: branch_true: following ‘true’ branch...
libselinux-3.9/utils/getsebool.c:75:59: branch_true: ...to here
libselinux-3.9/utils/getsebool.c:75:26: danger: ‘names’ leaks here; was allocated at [(7)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/6)
#   73|   
#   74|   	for (i = 0; i < len; i++) {
#   75|-> 		active = security_get_boolean_active(names[i]);
#   76|   		if (active < 0) {
#   77|   			if (get_all && errno == EACCES) 

Error: GCC_ANALYZER_WARNING (CWE-401): [#def243]
libselinux-3.9/utils/sefcontext_compile.c:209:9: warning[-Wanalyzer-malloc-leak]: leak of ‘bin_file’
libselinux-3.9/utils/sefcontext_compile.c:413:12: enter_function: entry to ‘write_binary_file’
libselinux-3.9/utils/sefcontext_compile.c:424:20: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:425:12: branch_false: following ‘false’ branch (when ‘bin_file’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:432:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:434:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:438:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:440:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:444:23: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:445:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:447:27: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:448:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:450:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:452:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:454:15: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:455:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:459:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:460:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:462:24: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:463:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:465:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:467:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:469:15: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:470:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:474:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:476:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:480:14: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:480:14: call_function: calling ‘write_sidtab’ from ‘write_binary_file’
#  207|   	}
#  208|   	assert(index == stab->nel);
#  209|-> 	qsort(sids, stab->nel, sizeof(struct security_id), security_id_compare);
#  210|   
#  211|   	/* write raw contexts sorted by id */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def244]
libselinux-3.9/utils/sefcontext_compile.c:209:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sids’
libselinux-3.9/utils/sefcontext_compile.c:189:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:192:13: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:192:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:196:16: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:196:16: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:197:12: branch_false: following ‘false’ branch (when ‘sids’ is non-NULL)...
 branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:200:30: branch_true: following ‘true’ branch (when ‘i != 128’)...
libselinux-3.9/utils/sefcontext_compile.c:201:49: branch_true: ...to here
libselinux-3.9/utils/sefcontext_compile.c:200:30: branch_true: following ‘true’ branch (when ‘i != 128’)...
libselinux-3.9/utils/sefcontext_compile.c:201:49: branch_true: ...to here
libselinux-3.9/utils/sefcontext_compile.c:203:24: branch_false: following ‘false’ branch (when ‘cur’ is NULL)...
libselinux-3.9/utils/sefcontext_compile.c:200:47: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:208:9: branch_true: following ‘true’ branch...
libselinux-3.9/utils/sefcontext_compile.c:209:9: branch_true: ...to here
libselinux-3.9/utils/sefcontext_compile.c:209:9: danger: ‘sids’ leaks here; was allocated at [(5)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/4)
#  207|   	}
#  208|   	assert(index == stab->nel);
#  209|-> 	qsort(sids, stab->nel, sizeof(struct security_id), security_id_compare);
#  210|   
#  211|   	/* write raw contexts sorted by id */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def245]
libselinux-3.9/utils/sefcontext_compile.c:248:15: warning[-Wanalyzer-malloc-leak]: leak of ‘bin_file’
libselinux-3.9/utils/sefcontext_compile.c:413:12: enter_function: entry to ‘write_binary_file’
libselinux-3.9/utils/sefcontext_compile.c:424:20: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:425:12: branch_false: following ‘false’ branch (when ‘bin_file’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:432:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:434:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:438:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:440:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:444:23: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:445:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:447:27: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:448:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:450:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:452:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:454:15: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:455:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:459:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:460:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:462:24: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:463:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:465:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:467:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:469:15: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:470:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:474:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:476:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:480:14: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:481:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:484:63: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:484:14: call_function: calling ‘write_spec_node’ from ‘write_binary_file’
#  246|   
#  247|   	/* write raw context sid */
#  248|-> 	sid = sidtab_context_lookup(stab, lspec->lr.ctx_raw);
#  249|   	assert(sid); /* should be set via create_sidtab() */
#  250|   	data_u32 = htobe32(sid->id);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def246]
libselinux-3.9/utils/sefcontext_compile.c:304:15: warning[-Wanalyzer-malloc-leak]: leak of ‘bin_file’
libselinux-3.9/utils/sefcontext_compile.c:413:12: enter_function: entry to ‘write_binary_file’
libselinux-3.9/utils/sefcontext_compile.c:424:20: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:425:12: branch_false: following ‘false’ branch (when ‘bin_file’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:432:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:434:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:438:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:440:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:444:23: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:445:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:447:27: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:448:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:450:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:452:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:454:15: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:455:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:459:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:460:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:462:24: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:463:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:465:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:467:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:469:15: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:470:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:474:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:476:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:480:14: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:481:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:484:63: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:484:14: call_function: calling ‘write_spec_node’ from ‘write_binary_file’
#  302|   
#  303|   	/* write raw context sid */
#  304|-> 	sid = sidtab_context_lookup(stab, rspec->lr.ctx_raw);
#  305|   	assert(sid); /* should be set via create_sidtab() */
#  306|   	data_u32 = htobe32(sid->id);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def247]
libselinux-3.9/utils/sefcontext_compile.c:344:14: warning[-Wanalyzer-malloc-leak]: leak of ‘bin_file’
libselinux-3.9/utils/sefcontext_compile.c:413:12: enter_function: entry to ‘write_binary_file’
libselinux-3.9/utils/sefcontext_compile.c:424:20: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:425:12: branch_false: following ‘false’ branch (when ‘bin_file’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:432:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:434:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:438:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:440:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:444:23: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:445:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:447:27: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:448:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:450:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:452:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:454:15: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:455:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:459:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:460:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:462:24: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:463:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:465:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:467:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:469:15: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:470:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:474:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:476:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:480:14: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:481:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:484:63: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:484:14: call_function: calling ‘write_spec_node’ from ‘write_binary_file’
#  342|   
#  343|   	/* Write serialized regex */
#  344|-> 	rc = regex_writef(rspec->regex, bin_file, do_write_precompregex);
#  345|   	if (rc < 0)
#  346|   		return rc;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def248]
libselinux-3.9/utils/sefcontext_compile.c:444:23: warning[-Wanalyzer-malloc-leak]: leak of ‘bin_file’
libselinux-3.9/utils/sefcontext_compile.c:424:20: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:425:12: branch_false: following ‘false’ branch (when ‘bin_file’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:432:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:434:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:438:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:440:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:444:23: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:444:23: danger: ‘bin_file’ leaks here; was allocated at [(1)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/0)
#  442|   
#  443|   	/* write version of the regex back-end */
#  444|-> 	reg_version = regex_version();
#  445|   	if (!reg_version)
#  446|   		goto err_check;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def249]
libselinux-3.9/utils/sefcontext_compile.c:459:20: warning[-Wanalyzer-malloc-leak]: leak of ‘bin_file’
libselinux-3.9/utils/sefcontext_compile.c:424:20: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:425:12: branch_false: following ‘false’ branch (when ‘bin_file’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:432:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:434:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:438:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:440:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:444:23: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:445:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:447:27: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:448:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:450:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:452:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:454:15: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:455:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:459:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:459:20: danger: ‘bin_file’ leaks here; was allocated at [(1)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/0)
#  457|   
#  458|   	/* write regex arch string */
#  459|-> 	reg_arch = regex_arch_string();
#  460|   	if (!reg_arch)
#  461|   		goto err_check;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def250]
libselinux-3.9/utils/sefcontext_compile.c:598:21: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(policy_file, "re")’
libselinux-3.9/utils/sefcontext_compile.c:554:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:579:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:582:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:583:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:589:13: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:589:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/sefcontext_compile.c:590:29: branch_true: ...to here
libselinux-3.9/utils/sefcontext_compile.c:590:29: acquire_resource: opened here
libselinux-3.9/utils/sefcontext_compile.c:592:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:598:21: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:598:21: danger: ‘fopen(policy_file, "re")’ leaks here; was opened at [(9)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/8)
#  596|   		}
#  597|   
#  598|-> 		if (sepol_set_policydb_from_file(policy_fp) < 0) {
#  599|   			fprintf(stderr, "%s: failed to load policy from %s\n",
#  600|   				argv[0], policy_file);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def251]
libselinux-3.9/utils/sefcontext_compile.c:598:21: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(policy_file, "re")’
libselinux-3.9/utils/sefcontext_compile.c:554:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:579:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:582:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:583:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:589:13: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:589:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/sefcontext_compile.c:590:29: branch_true: ...to here
libselinux-3.9/utils/sefcontext_compile.c:590:29: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:592:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:598:21: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:598:21: danger: ‘fopen(policy_file, "re")’ leaks here; was allocated at [(9)](sarif:/runs/0/results/32/codeFlows/0/threadFlows/0/locations/8)
#  596|   		}
#  597|   
#  598|-> 		if (sepol_set_policydb_from_file(policy_fp) < 0) {
#  599|   			fprintf(stderr, "%s: failed to load policy from %s\n",
#  600|   				argv[0], policy_file);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def252]
libselinux-3.9/utils/sefcontext_compile.c:623:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rec’
libselinux-3.9/utils/sefcontext_compile.c:554:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:579:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:582:20: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:583:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:589:13: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:589:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/sefcontext_compile.c:607:40: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:607:40: acquire_memory: allocated here
libselinux-3.9/utils/sefcontext_compile.c:608:12: branch_false: following ‘false’ branch (when ‘rec’ is non-NULL)...
libselinux-3.9/utils/sefcontext_compile.c:622:9: branch_false: ...to here
libselinux-3.9/utils/sefcontext_compile.c:623:9: danger: ‘rec’ leaks here; was allocated at [(9)](sarif:/runs/0/results/33/codeFlows/0/threadFlows/0/locations/8)
#  621|   	 * error is detected, the process will be aborted. */
#  622|   	rec->validating = 1;
#  623|-> 	selinux_set_callback(SELINUX_CB_VALIDATE,
#  624|   			    (union selinux_callback) { .func_validate = &validate_context });
#  625|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def253]
libselinux-3.9/utils/selabel_digest.c:33:14: warning[-Wanalyzer-malloc-leak]: leak of ‘sha256_buf’
libselinux-3.9/utils/selabel_digest.c:58:5: enter_function: entry to ‘main’
libselinux-3.9/utils/selabel_digest.c:78:12: branch_false: following ‘false’ branch (when ‘argc > 2’)...
 branch_false: ...to here
libselinux-3.9/utils/selabel_digest.c:126:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/selabel_digest.c:139:14: branch_false: ...to here
libselinux-3.9/utils/selabel_digest.c:142:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/selabel_digest.c:154:29: branch_false: ...to here
libselinux-3.9/utils/selabel_digest.c:154:22: acquire_memory: allocated here
libselinux-3.9/utils/selabel_digest.c:155:12: branch_false: following ‘false’ branch (when ‘sha256_buf’ is non-NULL)...
libselinux-3.9/utils/selabel_digest.c:162:9: branch_false: ...to here
libselinux-3.9/utils/selabel_digest.c:163:21: branch_false: following ‘false’ branch...
libselinux-3.9/utils/selabel_digest.c:166:9: branch_false: ...to here
libselinux-3.9/utils/selabel_digest.c:169:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/selabel_digest.c:173:20: branch_true: ...to here
libselinux-3.9/utils/selabel_digest.c:173:20: branch_true: following ‘true’ branch (when ‘validate != 0’)...
libselinux-3.9/utils/selabel_digest.c:175:31: branch_true: ...to here
libselinux-3.9/utils/selabel_digest.c:176:28: branch_false: following ‘false’ branch...
libselinux-3.9/utils/selabel_digest.c:185:29: branch_false: following ‘false’ branch...
libselinux-3.9/utils/selabel_digest.c:200:20: branch_false: ...to here
libselinux-3.9/utils/selabel_digest.c:200:20: branch_true: following ‘true’ branch (when ‘validate != 0’)...
libselinux-3.9/utils/selabel_digest.c:201:31: branch_true: ...to here
libselinux-3.9/utils/selabel_digest.c:202:28: branch_false: following ‘false’ branch...
libselinux-3.9/utils/selabel_digest.c:208:30: call_function: calling ‘run_check_digest’ from ‘main’
#   31|   	int rc = 0;
#   32|   
#   33|-> 	fp = popen(cmd, "r");
#   34|   	if (!fp) {
#   35|   		fprintf(stderr, "Failed to run command '%s':  %s\n", cmd, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def254]
libselinux-3.9/utils/selabel_digest.c:54:9: warning[-Wanalyzer-malloc-leak]: leak of ‘popen(cmd, "r")’
libselinux-3.9/utils/selabel_digest.c:33:14: acquire_memory: allocated here
libselinux-3.9/utils/selabel_digest.c:34:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
libselinux-3.9/utils/selabel_digest.c:54:9: danger: ‘popen(cmd, "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   52|   	}
#   53|   
#   54|-> 	pclose(fp);
#   55|   	return rc;
#   56|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def255]
libselinux-3.9/utils/selabel_digest.c:54:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sha256_buf’
libselinux-3.9/utils/selabel_digest.c:58:5: enter_function: entry to ‘main’
libselinux-3.9/utils/selabel_digest.c:78:12: branch_false: following ‘false’ branch (when ‘argc > 2’)...
 branch_false: ...to here
libselinux-3.9/utils/selabel_digest.c:126:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/selabel_digest.c:139:14: branch_false: ...to here
libselinux-3.9/utils/selabel_digest.c:142:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/selabel_digest.c:154:29: branch_false: ...to here
libselinux-3.9/utils/selabel_digest.c:154:22: acquire_memory: allocated here
libselinux-3.9/utils/selabel_digest.c:155:12: branch_false: following ‘false’ branch (when ‘sha256_buf’ is non-NULL)...
libselinux-3.9/utils/selabel_digest.c:162:9: branch_false: ...to here
libselinux-3.9/utils/selabel_digest.c:163:21: branch_false: following ‘false’ branch...
libselinux-3.9/utils/selabel_digest.c:166:9: branch_false: ...to here
libselinux-3.9/utils/selabel_digest.c:169:12: branch_true: following ‘true’ branch...
libselinux-3.9/utils/selabel_digest.c:173:20: branch_true: ...to here
libselinux-3.9/utils/selabel_digest.c:173:20: branch_true: following ‘true’ branch (when ‘validate != 0’)...
libselinux-3.9/utils/selabel_digest.c:175:31: branch_true: ...to here
libselinux-3.9/utils/selabel_digest.c:176:28: branch_false: following ‘false’ branch...
libselinux-3.9/utils/selabel_digest.c:185:29: branch_false: following ‘false’ branch...
libselinux-3.9/utils/selabel_digest.c:200:20: branch_false: ...to here
libselinux-3.9/utils/selabel_digest.c:200:20: branch_true: following ‘true’ branch (when ‘validate != 0’)...
libselinux-3.9/utils/selabel_digest.c:201:31: branch_true: ...to here
libselinux-3.9/utils/selabel_digest.c:202:28: branch_false: following ‘false’ branch...
libselinux-3.9/utils/selabel_digest.c:208:30: call_function: calling ‘run_check_digest’ from ‘main’
#   52|   	}
#   53|   
#   54|-> 	pclose(fp);
#   55|   	return rc;
#   56|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def256]
libselinux-3.9/utils/selinuxexeccon.c:22:19: warning[-Wanalyzer-malloc-leak]: leak of ‘con’
libselinux-3.9/utils/selinuxexeccon.c:32:5: enter_function: entry to ‘main’
libselinux-3.9/utils/selinuxexeccon.c:36:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/selinuxexeccon.c:39:12: branch_false: ...to here
libselinux-3.9/utils/selinuxexeccon.c:39:12: branch_false: following ‘false’ branch (when ‘argc != 2’)...
libselinux-3.9/utils/selinuxexeccon.c:45:23: branch_false: ...to here
libselinux-3.9/utils/selinuxexeccon.c:45:23: acquire_memory: allocated here
libselinux-3.9/utils/selinuxexeccon.c:46:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/selinuxexeccon.c:53:19: branch_false: ...to here
libselinux-3.9/utils/selinuxexeccon.c:53:19: call_function: calling ‘get_selinux_proc_context’ from ‘main’
#   20|   	char * fcon = NULL, *newcon = NULL;
#   21|   
#   22|-> 	int ret = getfilecon(command, &fcon);
#   23|   	if (ret < 0) goto err;
#   24|   	ret = security_compute_create(execcon, fcon, string_to_security_class("process"), &newcon);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def257]
libselinux-3.9/utils/selinuxexeccon.c:24:15: warning[-Wanalyzer-malloc-leak]: leak of ‘con’
libselinux-3.9/utils/selinuxexeccon.c:32:5: enter_function: entry to ‘main’
libselinux-3.9/utils/selinuxexeccon.c:36:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/selinuxexeccon.c:39:12: branch_false: ...to here
libselinux-3.9/utils/selinuxexeccon.c:39:12: branch_false: following ‘false’ branch (when ‘argc != 2’)...
libselinux-3.9/utils/selinuxexeccon.c:45:23: branch_false: ...to here
libselinux-3.9/utils/selinuxexeccon.c:45:23: acquire_memory: allocated here
libselinux-3.9/utils/selinuxexeccon.c:46:20: branch_false: following ‘false’ branch...
libselinux-3.9/utils/selinuxexeccon.c:53:19: branch_false: ...to here
libselinux-3.9/utils/selinuxexeccon.c:53:19: call_function: calling ‘get_selinux_proc_context’ from ‘main’
#   22|   	int ret = getfilecon(command, &fcon);
#   23|   	if (ret < 0) goto err;
#   24|-> 	ret = security_compute_create(execcon, fcon, string_to_security_class("process"), &newcon);
#   25|   	if (ret < 0) goto err;
#   26|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def258]
libselinux-3.9/utils/selinuxexeccon.c:46:21: warning[-Wanalyzer-malloc-leak]: leak of ‘con’
libselinux-3.9/utils/selinuxexeccon.c:36:12: branch_false: following ‘false’ branch...
libselinux-3.9/utils/selinuxexeccon.c:39:12: branch_false: ...to here
libselinux-3.9/utils/selinuxexeccon.c:39:12: branch_false: following ‘false’ branch (when ‘argc != 2’)...
libselinux-3.9/utils/selinuxexeccon.c:45:23: branch_false: ...to here
libselinux-3.9/utils/selinuxexeccon.c:45:23: acquire_memory: allocated here
libselinux-3.9/utils/selinuxexeccon.c:46:21: danger: ‘con’ leaks here; was allocated at [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
#   44|   	} else {
#   45|   		con = strdup(argv[2]);
#   46|-> 		if (security_check_context(con)) {
#   47|   			fprintf(stderr, "%s:  invalid from context '%s'\n", argv[0], con);
#   48|   			free(con);