mbedtls-3.6.5-1.fc44

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1]
mbedtls-3.6.5/include/mbedtls/md.h:248:12: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded_expected’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2657:9: branch_false: following ‘false’ branch (when ‘hash’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2661:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2668:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
#  246|   static inline unsigned char mbedtls_md_get_size_from_type(mbedtls_md_type_t md_type)
#  247|   {
#  248|->     return mbedtls_md_get_size(mbedtls_md_info_from_type(md_type));
#  249|   }
#  250|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
mbedtls-3.6.5/include/mbedtls/md.h:248:12: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2657:9: branch_false: following ‘false’ branch (when ‘hash’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2661:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2667:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
#  246|   static inline unsigned char mbedtls_md_get_size_from_type(mbedtls_md_type_t md_type)
#  247|   {
#  248|->     return mbedtls_md_get_size(mbedtls_md_info_from_type(md_type));
#  249|   }
#  250|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def3]
mbedtls-3.6.5/include/mbedtls/pk.h:1039:13: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/pkparse.c:1347:5: enter_function: entry to ‘mbedtls_pk_parse_keyfile’
mbedtls-3.6.5/library/pkparse.c:1355:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_keyfile’
mbedtls-3.6.5/library/pkparse.c:1355:16: return_function: returning to ‘mbedtls_pk_parse_keyfile’ from ‘mbedtls_pk_load_file’
mbedtls-3.6.5/library/pkparse.c:1355:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkparse.c:1359:8: branch_false: ...to here
mbedtls-3.6.5/library/pkparse.c:1359:8: branch_true: following ‘true’ branch (when ‘pwd’ is NULL)...
mbedtls-3.6.5/library/pkparse.c:1360:15: branch_true: ...to here
mbedtls-3.6.5/library/pkparse.c:1360:15: call_function: calling ‘mbedtls_pk_parse_key’ from ‘mbedtls_pk_parse_keyfile’
# 1037|   static inline mbedtls_rsa_context *mbedtls_pk_rsa(const mbedtls_pk_context pk)
# 1038|   {
# 1039|->     switch (mbedtls_pk_get_type(&pk)) {
# 1040|           case MBEDTLS_PK_RSA:
# 1041|               return (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
mbedtls-3.6.5/include/mbedtls/pk.h:1039:13: warning[-Wanalyzer-malloc-leak]: leak of ‘output_buf’
mbedtls-3.6.5/library/pkwrite.c:552:5: enter_function: entry to ‘mbedtls_pk_write_pubkey_pem’
mbedtls-3.6.5/library/pkwrite.c:556:18: acquire_memory: allocated here
mbedtls-3.6.5/library/pkwrite.c:557:8: branch_false: following ‘false’ branch (when ‘output_buf’ is non-NULL)...
mbedtls-3.6.5/library/pkwrite.c:560:12: branch_false: ...to here
mbedtls-3.6.5/library/pkwrite.c:562:16: call_function: calling ‘mbedtls_pk_write_pubkey_der’ from ‘mbedtls_pk_write_pubkey_pem’
# 1037|   static inline mbedtls_rsa_context *mbedtls_pk_rsa(const mbedtls_pk_context pk)
# 1038|   {
# 1039|->     switch (mbedtls_pk_get_type(&pk)) {
# 1040|           case MBEDTLS_PK_RSA:
# 1041|               return (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
mbedtls-3.6.5/include/mbedtls/pk.h:1062:13: warning[-Wanalyzer-malloc-leak]: leak of ‘output_buf’
mbedtls-3.6.5/library/pkwrite.c:552:5: enter_function: entry to ‘mbedtls_pk_write_pubkey_pem’
mbedtls-3.6.5/library/pkwrite.c:556:18: acquire_memory: allocated here
mbedtls-3.6.5/library/pkwrite.c:557:8: branch_false: following ‘false’ branch (when ‘output_buf’ is non-NULL)...
mbedtls-3.6.5/library/pkwrite.c:560:12: branch_false: ...to here
mbedtls-3.6.5/library/pkwrite.c:562:16: call_function: calling ‘mbedtls_pk_write_pubkey_der’ from ‘mbedtls_pk_write_pubkey_pem’
# 1060|   static inline mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk)
# 1061|   {
# 1062|->     switch (mbedtls_pk_get_type(&pk)) {
# 1063|           case MBEDTLS_PK_ECKEY:
# 1064|           case MBEDTLS_PK_ECKEY_DH:

Error: GCC_ANALYZER_WARNING (CWE-476): [#def6]
mbedtls-3.6.5/library/alignment.h:203:5: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘buf’
mbedtls-3.6.5/library/ssl_tls.c:5095:5: enter_function: entry to ‘mbedtls_ssl_context_save’
mbedtls-3.6.5/library/ssl_tls.c:5114:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5118:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5118:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5123:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5123:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5128:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5132:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5132:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5137:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5137:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5142:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5142:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5147:41: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5153:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5164:8: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5173:11: call_function: calling ‘ssl_session_save’ from ‘mbedtls_ssl_context_save’
#  201|       p32->x = x;
#  202|   #else
#  203|->     memcpy(p, &x, sizeof(x));
#  204|   #endif
#  205|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def7]
mbedtls-3.6.5/library/alignment.h:255:5: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘p’
mbedtls-3.6.5/library/ssl_tls.c:5095:5: enter_function: entry to ‘mbedtls_ssl_context_save’
mbedtls-3.6.5/library/ssl_tls.c:5114:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5118:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5118:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5123:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5123:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5128:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5132:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5132:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5137:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5137:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5142:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5142:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5147:41: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5153:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5164:8: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5173:11: call_function: calling ‘ssl_session_save’ from ‘mbedtls_ssl_context_save’
#  253|       p64->x = x;
#  254|   #else
#  255|->     memcpy(p, &x, sizeof(x));
#  256|   #endif
#  257|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
mbedtls-3.6.5/library/bignum.c:198:9: warning[-Wanalyzer-malloc-leak]: leak of ‘A.p’
mbedtls-3.6.5/library/bignum.c:2387:5: enter_function: entry to ‘mbedtls_mpi_self_test’
mbedtls-3.6.5/library/bignum.c:2395:5: call_function: calling ‘mbedtls_mpi_read_string’ from ‘mbedtls_mpi_self_test’
mbedtls-3.6.5/library/bignum.c:2395:5: return_function: returning to ‘mbedtls_mpi_self_test’ from ‘mbedtls_mpi_read_string’
mbedtls-3.6.5/library/bignum.c:2546:5: call_function: calling ‘mbedtls_mpi_free’ from ‘mbedtls_mpi_self_test’
#  196|   
#  197|       if (X->p != NULL) {
#  198|->         mbedtls_mpi_zeroize_and_free(X->p, X->n);
#  199|       }
#  200|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
mbedtls-3.6.5/library/bignum.c:224:13: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
mbedtls-3.6.5/library/bignum.c:284:12: enter_function: entry to ‘mbedtls_mpi_resize_clear’
mbedtls-3.6.5/library/bignum.c:294:9: call_function: calling ‘mbedtls_mpi_free’ from ‘mbedtls_mpi_resize_clear’
mbedtls-3.6.5/library/bignum.c:294:9: return_function: returning to ‘mbedtls_mpi_resize_clear’ from ‘mbedtls_mpi_free’
mbedtls-3.6.5/library/bignum.c:295:16: call_function: calling ‘mbedtls_mpi_grow’ from ‘mbedtls_mpi_resize_clear’
#  222|           if (X->p != NULL) {
#  223|               memcpy(p, X->p, X->n * ciL);
#  224|->             mbedtls_mpi_zeroize_and_free(X->p, X->n);
#  225|           }
#  226|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
mbedtls-3.6.5/library/bignum.c:1095:13: warning[-Wanalyzer-malloc-leak]: leak of ‘W.p’
mbedtls-3.6.5/library/bignum.c:2126:12: enter_function: entry to ‘mpi_miller_rabin’
mbedtls-3.6.5/library/bignum.c:2142:5: call_function: calling ‘mbedtls_mpi_sub_int’ from ‘mpi_miller_rabin’
# 1093|       }
# 1094|   
# 1095|->     carry = mbedtls_mpi_core_sub(X->p, A->p, B->p, n);
# 1096|       if (carry != 0) {
# 1097|           /* Propagate the carry through the rest of X. */

Error: CPPCHECK_WARNING (CWE-758): [#def11]
mbedtls-3.6.5/library/bignum.c:1322: error[shiftTooManyBits]: Shifting 32-bit value by 64 bits is undefined behaviour
# 1320|   
# 1321|   #if defined(MBEDTLS_HAVE_UDBL)
# 1322|->     dividend  = (mbedtls_t_udbl) u1 << biL;
# 1323|       dividend |= (mbedtls_t_udbl) u0;
# 1324|       quotient = dividend / d;

Error: CPPCHECK_WARNING (CWE-758): [#def12]
mbedtls-3.6.5/library/bignum.c:1325: error[shiftTooManyBits]: Shifting 32-bit value by 64 bits is undefined behaviour
# 1323|       dividend |= (mbedtls_t_udbl) u0;
# 1324|       quotient = dividend / d;
# 1325|->     if (quotient > ((mbedtls_t_udbl) 1 << biL) - 1) {
# 1326|           quotient = ((mbedtls_t_udbl) 1 << biL) - 1;
# 1327|       }

Error: CPPCHECK_WARNING (CWE-758): [#def13]
mbedtls-3.6.5/library/bignum.c:1326: error[shiftTooManyBits]: Shifting 32-bit value by 64 bits is undefined behaviour
# 1324|       quotient = dividend / d;
# 1325|       if (quotient > ((mbedtls_t_udbl) 1 << biL) - 1) {
# 1326|->         quotient = ((mbedtls_t_udbl) 1 << biL) - 1;
# 1327|       }
# 1328|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def14]
mbedtls-3.6.5/library/bignum.c:2307:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘Y.p’
mbedtls-3.6.5/library/bignum.c:2253:5: enter_function: entry to ‘mbedtls_mpi_gen_prime’
mbedtls-3.6.5/library/bignum.c:2270:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/bignum.c:2274:5: branch_false: ...to here
mbedtls-3.6.5/library/bignum.c:2274:5: call_function: calling ‘mbedtls_mpi_init’ from ‘mbedtls_mpi_gen_prime’
mbedtls-3.6.5/library/bignum.c:2274:5: return_function: returning to ‘mbedtls_mpi_gen_prime’ from ‘mbedtls_mpi_init’
mbedtls-3.6.5/library/bignum.c:2297:9: call_function: calling ‘mbedtls_mpi_fill_random’ from ‘mbedtls_mpi_gen_prime’
mbedtls-3.6.5/library/bignum.c:2297:9: return_function: returning to ‘mbedtls_mpi_gen_prime’ from ‘mbedtls_mpi_fill_random’
mbedtls-3.6.5/library/bignum.c:2297:9: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/bignum.c:2299:13: branch_false: ...to here
mbedtls-3.6.5/library/bignum.c:2299:13: release_memory: ‘Y.p’ is NULL
mbedtls-3.6.5/library/bignum.c:2299:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/bignum.c:2303:9: branch_false: ...to here
mbedtls-3.6.5/library/bignum.c:2307:9: release_memory: ‘Y.p’ is NULL
mbedtls-3.6.5/library/bignum.c:2307:9: danger: dereference of NULL ‘*X.p’
# 2305|               MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(X, k - nbits));
# 2306|           }
# 2307|->         X->p[0] |= 1;
# 2308|   
# 2309|           if ((flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH) == 0) {

Error: GCC_ANALYZER_WARNING (CWE-126): [#def15]
mbedtls-3.6.5/library/bignum_core.c:480:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
mbedtls-3.6.5/library/bignum_core.c:1011:6: enter_function: entry to ‘mbedtls_mpi_core_from_mont_rep’
mbedtls-3.6.5/library/bignum_core.c:1020:5: call_function: calling ‘mbedtls_mpi_core_montmul’ from ‘mbedtls_mpi_core_from_mont_rep’
#  478|   
#  479|       while (steps_x8--) {
#  480|->         MULADDC_X8_INIT
#  481|           MULADDC_X8_CORE
#  482|               MULADDC_X8_STOP

Error: GCC_ANALYZER_WARNING (CWE-126): [#def16]
mbedtls-3.6.5/library/bignum_core.c:486:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
mbedtls-3.6.5/library/bignum_core.c:1011:6: enter_function: entry to ‘mbedtls_mpi_core_from_mont_rep’
mbedtls-3.6.5/library/bignum_core.c:1020:5: call_function: calling ‘mbedtls_mpi_core_montmul’ from ‘mbedtls_mpi_core_from_mont_rep’
#  484|   
#  485|       while (steps_x1--) {
#  486|->         MULADDC_X1_INIT
#  487|           MULADDC_X1_CORE
#  488|               MULADDC_X1_STOP

Error: GCC_ANALYZER_WARNING (CWE-401): [#def17]
mbedtls-3.6.5/library/cipher_wrap.c:126:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
mbedtls-3.6.5/library/cipher_wrap.c:123:17: acquire_memory: allocated here
mbedtls-3.6.5/library/cipher_wrap.c:125:8: branch_true: following ‘true’ branch (when ‘ctx’ is non-NULL)...
mbedtls-3.6.5/library/cipher_wrap.c:126:9: branch_true: ...to here
mbedtls-3.6.5/library/cipher_wrap.c:126:9: danger: ‘ctx’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  124|   
#  125|       if (ctx != NULL) {
#  126|->         mbedtls_gcm_init((mbedtls_gcm_context *) ctx);
#  127|       }
#  128|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def18]
mbedtls-3.6.5/library/cipher_wrap.c:148:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
mbedtls-3.6.5/library/cipher_wrap.c:145:17: acquire_memory: allocated here
mbedtls-3.6.5/library/cipher_wrap.c:147:8: branch_true: following ‘true’ branch (when ‘ctx’ is non-NULL)...
mbedtls-3.6.5/library/cipher_wrap.c:148:9: branch_true: ...to here
mbedtls-3.6.5/library/cipher_wrap.c:148:9: danger: ‘ctx’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  146|   
#  147|       if (ctx != NULL) {
#  148|->         mbedtls_ccm_init((mbedtls_ccm_context *) ctx);
#  149|       }
#  150|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def19]
mbedtls-3.6.5/library/cipher_wrap.c:255:5: warning[-Wanalyzer-malloc-leak]: leak of ‘aes’
mbedtls-3.6.5/library/cipher_wrap.c:249:32: acquire_memory: allocated here
mbedtls-3.6.5/library/cipher_wrap.c:251:8: branch_false: following ‘false’ branch (when ‘aes’ is non-NULL)...
mbedtls-3.6.5/library/cipher_wrap.c:255:5: branch_false: ...to here
mbedtls-3.6.5/library/cipher_wrap.c:255:5: danger: ‘aes’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  253|       }
#  254|   
#  255|->     mbedtls_aes_init(aes);
#  256|   
#  257|       return aes;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def20]
mbedtls-3.6.5/library/cipher_wrap.c:498:9: warning[-Wanalyzer-malloc-leak]: leak of ‘xts_ctx’
mbedtls-3.6.5/library/cipher_wrap.c:495:40: acquire_memory: allocated here
mbedtls-3.6.5/library/cipher_wrap.c:497:8: branch_true: following ‘true’ branch (when ‘xts_ctx’ is non-NULL)...
mbedtls-3.6.5/library/cipher_wrap.c:498:9: branch_true: ...to here
mbedtls-3.6.5/library/cipher_wrap.c:498:9: danger: ‘xts_ctx’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  496|   
#  497|       if (xts_ctx != NULL) {
#  498|->         mbedtls_aes_xts_init(xts_ctx);
#  499|       }
#  500|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
mbedtls-3.6.5/library/cipher_wrap.c:837:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
mbedtls-3.6.5/library/cipher_wrap.c:831:11: acquire_memory: allocated here
mbedtls-3.6.5/library/cipher_wrap.c:833:8: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
mbedtls-3.6.5/library/cipher_wrap.c:837:5: branch_false: ...to here
mbedtls-3.6.5/library/cipher_wrap.c:837:5: danger: ‘ctx’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  835|       }
#  836|   
#  837|->     mbedtls_camellia_init(ctx);
#  838|   
#  839|       return ctx;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def22]
mbedtls-3.6.5/library/cipher_wrap.c:1255:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
mbedtls-3.6.5/library/cipher_wrap.c:1249:11: acquire_memory: allocated here
mbedtls-3.6.5/library/cipher_wrap.c:1251:8: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
mbedtls-3.6.5/library/cipher_wrap.c:1255:5: branch_false: ...to here
mbedtls-3.6.5/library/cipher_wrap.c:1255:5: danger: ‘ctx’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
# 1253|       }
# 1254|   
# 1255|->     mbedtls_aria_init(ctx);
# 1256|   
# 1257|       return ctx;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def23]
mbedtls-3.6.5/library/cipher_wrap.c:1700:5: warning[-Wanalyzer-malloc-leak]: leak of ‘des’
mbedtls-3.6.5/library/cipher_wrap.c:1694:32: acquire_memory: allocated here
mbedtls-3.6.5/library/cipher_wrap.c:1696:8: branch_false: following ‘false’ branch (when ‘des’ is non-NULL)...
mbedtls-3.6.5/library/cipher_wrap.c:1700:5: branch_false: ...to here
mbedtls-3.6.5/library/cipher_wrap.c:1700:5: danger: ‘des’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
# 1698|       }
# 1699|   
# 1700|->     mbedtls_des_init(des);
# 1701|   
# 1702|       return des;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def24]
mbedtls-3.6.5/library/cipher_wrap.c:1720:5: warning[-Wanalyzer-malloc-leak]: leak of ‘des3’
mbedtls-3.6.5/library/cipher_wrap.c:1714:12: acquire_memory: allocated here
mbedtls-3.6.5/library/cipher_wrap.c:1716:8: branch_false: following ‘false’ branch (when ‘des3’ is non-NULL)...
mbedtls-3.6.5/library/cipher_wrap.c:1720:5: branch_false: ...to here
mbedtls-3.6.5/library/cipher_wrap.c:1720:5: danger: ‘des3’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
# 1718|       }
# 1719|   
# 1720|->     mbedtls_des3_init(des3);
# 1721|   
# 1722|       return des3;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def25]
mbedtls-3.6.5/library/cipher_wrap.c:1923:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
mbedtls-3.6.5/library/cipher_wrap.c:1917:11: acquire_memory: allocated here
mbedtls-3.6.5/library/cipher_wrap.c:1919:8: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
mbedtls-3.6.5/library/cipher_wrap.c:1923:5: branch_false: ...to here
mbedtls-3.6.5/library/cipher_wrap.c:1923:5: danger: ‘ctx’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
# 1921|       }
# 1922|   
# 1923|->     mbedtls_chacha20_init(ctx);
# 1924|   
# 1925|       return ctx;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def26]
mbedtls-3.6.5/library/cipher_wrap.c:2000:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
mbedtls-3.6.5/library/cipher_wrap.c:1994:11: acquire_memory: allocated here
mbedtls-3.6.5/library/cipher_wrap.c:1996:8: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
mbedtls-3.6.5/library/cipher_wrap.c:2000:5: branch_false: ...to here
mbedtls-3.6.5/library/cipher_wrap.c:2000:5: danger: ‘ctx’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
# 1998|       }
# 1999|   
# 2000|->     mbedtls_chachapoly_init(ctx);
# 2001|   
# 2002|       return ctx;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def27]
mbedtls-3.6.5/library/cipher_wrap.c:2128:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
mbedtls-3.6.5/library/cipher_wrap.c:2125:17: acquire_memory: allocated here
mbedtls-3.6.5/library/cipher_wrap.c:2127:8: branch_true: following ‘true’ branch (when ‘ctx’ is non-NULL)...
mbedtls-3.6.5/library/cipher_wrap.c:2128:9: branch_true: ...to here
mbedtls-3.6.5/library/cipher_wrap.c:2128:9: danger: ‘ctx’ leaks here; was allocated at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
# 2126|   
# 2127|       if (ctx != NULL) {
# 2128|->         mbedtls_nist_kw_init((mbedtls_nist_kw_context *) ctx);
# 2129|       }
# 2130|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def28]
mbedtls-3.6.5/library/cmac.c:193:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.cmac_ctx’
mbedtls-3.6.5/library/cmac.c:387:5: enter_function: entry to ‘mbedtls_aes_cmac_prf_128’
mbedtls-3.6.5/library/cmac.c:396:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/cmac.c:401:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/cmac.c:407:8: branch_false: ...to here
mbedtls-3.6.5/library/cmac.c:407:8: branch_false: following ‘false’ branch (when ‘key_length != 16’)...
mbedtls-3.6.5/library/cmac.c:411:9: branch_false: ...to here
mbedtls-3.6.5/library/cmac.c:413:15: call_function: calling ‘mbedtls_cipher_cmac’ from ‘mbedtls_aes_cmac_prf_128’
#  191|       ctx->cmac_ctx = cmac_ctx;
#  192|   
#  193|->     mbedtls_platform_zeroize(cmac_ctx->state, sizeof(cmac_ctx->state));
#  194|   
#  195|       return 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def29]
mbedtls-3.6.5/library/ctr_drbg.c:219:5: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "wb")’
mbedtls-3.6.5/library/ctr_drbg.c:720:5: enter_function: entry to ‘mbedtls_ctr_drbg_write_seed_file’
mbedtls-3.6.5/library/ctr_drbg.c:727:14: acquire_resource: opened here
mbedtls-3.6.5/library/ctr_drbg.c:727:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ctr_drbg.c:732:5: branch_false: ...to here
mbedtls-3.6.5/library/ctr_drbg.c:734:16: call_function: calling ‘mbedtls_ctr_drbg_random’ from ‘mbedtls_ctr_drbg_write_seed_file’
#  217|       }
#  218|   #else
#  219|->     mbedtls_aes_init(&aes_ctx);
#  220|   
#  221|       if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def30]
mbedtls-3.6.5/library/ctr_drbg.c:219:5: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "wb")’
mbedtls-3.6.5/library/ctr_drbg.c:720:5: enter_function: entry to ‘mbedtls_ctr_drbg_write_seed_file’
mbedtls-3.6.5/library/ctr_drbg.c:727:14: acquire_memory: allocated here
mbedtls-3.6.5/library/ctr_drbg.c:727:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ctr_drbg.c:732:5: branch_false: ...to here
mbedtls-3.6.5/library/ctr_drbg.c:734:16: call_function: calling ‘mbedtls_ctr_drbg_random’ from ‘mbedtls_ctr_drbg_write_seed_file’
#  217|       }
#  218|   #else
#  219|->     mbedtls_aes_init(&aes_ctx);
#  220|   
#  221|       if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def31]
mbedtls-3.6.5/library/ctr_drbg.c:221:16: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "wb")’
mbedtls-3.6.5/library/ctr_drbg.c:720:5: enter_function: entry to ‘mbedtls_ctr_drbg_write_seed_file’
mbedtls-3.6.5/library/ctr_drbg.c:727:14: acquire_resource: opened here
mbedtls-3.6.5/library/ctr_drbg.c:727:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ctr_drbg.c:732:5: branch_false: ...to here
mbedtls-3.6.5/library/ctr_drbg.c:734:16: call_function: calling ‘mbedtls_ctr_drbg_random’ from ‘mbedtls_ctr_drbg_write_seed_file’
#  219|       mbedtls_aes_init(&aes_ctx);
#  220|   
#  221|->     if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key,
#  222|                                         MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
#  223|           goto exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def32]
mbedtls-3.6.5/library/ctr_drbg.c:221:16: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "wb")’
mbedtls-3.6.5/library/ctr_drbg.c:720:5: enter_function: entry to ‘mbedtls_ctr_drbg_write_seed_file’
mbedtls-3.6.5/library/ctr_drbg.c:727:14: acquire_memory: allocated here
mbedtls-3.6.5/library/ctr_drbg.c:727:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ctr_drbg.c:732:5: branch_false: ...to here
mbedtls-3.6.5/library/ctr_drbg.c:734:16: call_function: calling ‘mbedtls_ctr_drbg_random’ from ‘mbedtls_ctr_drbg_write_seed_file’
#  219|       mbedtls_aes_init(&aes_ctx);
#  220|   
#  221|->     if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key,
#  222|                                         MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
#  223|           goto exit;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def33]
mbedtls-3.6.5/library/ctr_drbg.c:249:24: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "wb")’
mbedtls-3.6.5/library/ctr_drbg.c:720:5: enter_function: entry to ‘mbedtls_ctr_drbg_write_seed_file’
mbedtls-3.6.5/library/ctr_drbg.c:727:14: acquire_resource: opened here
mbedtls-3.6.5/library/ctr_drbg.c:727:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ctr_drbg.c:732:5: branch_false: ...to here
mbedtls-3.6.5/library/ctr_drbg.c:734:16: call_function: calling ‘mbedtls_ctr_drbg_random’ from ‘mbedtls_ctr_drbg_write_seed_file’
#  247|               }
#  248|   #else
#  249|->             if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
#  250|                                                chain, chain)) != 0) {
#  251|                   goto exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def34]
mbedtls-3.6.5/library/ctr_drbg.c:249:24: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "wb")’
mbedtls-3.6.5/library/ctr_drbg.c:720:5: enter_function: entry to ‘mbedtls_ctr_drbg_write_seed_file’
mbedtls-3.6.5/library/ctr_drbg.c:727:14: acquire_memory: allocated here
mbedtls-3.6.5/library/ctr_drbg.c:727:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ctr_drbg.c:732:5: branch_false: ...to here
mbedtls-3.6.5/library/ctr_drbg.c:734:16: call_function: calling ‘mbedtls_ctr_drbg_random’ from ‘mbedtls_ctr_drbg_write_seed_file’
#  247|               }
#  248|   #else
#  249|->             if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
#  250|                                                chain, chain)) != 0) {
#  251|                   goto exit;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def35]
mbedtls-3.6.5/library/ctr_drbg.c:276:16: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "wb")’
mbedtls-3.6.5/library/ctr_drbg.c:720:5: enter_function: entry to ‘mbedtls_ctr_drbg_write_seed_file’
mbedtls-3.6.5/library/ctr_drbg.c:727:14: acquire_resource: opened here
mbedtls-3.6.5/library/ctr_drbg.c:727:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ctr_drbg.c:732:5: branch_false: ...to here
mbedtls-3.6.5/library/ctr_drbg.c:734:16: call_function: calling ‘mbedtls_ctr_drbg_random’ from ‘mbedtls_ctr_drbg_write_seed_file’
#  274|       }
#  275|   #else
#  276|->     if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp,
#  277|                                         MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
#  278|           goto exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def36]
mbedtls-3.6.5/library/ctr_drbg.c:276:16: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "wb")’
mbedtls-3.6.5/library/ctr_drbg.c:720:5: enter_function: entry to ‘mbedtls_ctr_drbg_write_seed_file’
mbedtls-3.6.5/library/ctr_drbg.c:727:14: acquire_memory: allocated here
mbedtls-3.6.5/library/ctr_drbg.c:727:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ctr_drbg.c:732:5: branch_false: ...to here
mbedtls-3.6.5/library/ctr_drbg.c:734:16: call_function: calling ‘mbedtls_ctr_drbg_random’ from ‘mbedtls_ctr_drbg_write_seed_file’
#  274|       }
#  275|   #else
#  276|->     if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp,
#  277|                                         MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
#  278|           goto exit;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def37]
mbedtls-3.6.5/library/ctr_drbg.c:293:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "wb")’
mbedtls-3.6.5/library/ctr_drbg.c:720:5: enter_function: entry to ‘mbedtls_ctr_drbg_write_seed_file’
mbedtls-3.6.5/library/ctr_drbg.c:727:14: acquire_resource: opened here
mbedtls-3.6.5/library/ctr_drbg.c:727:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ctr_drbg.c:732:5: branch_false: ...to here
mbedtls-3.6.5/library/ctr_drbg.c:734:16: call_function: calling ‘mbedtls_ctr_drbg_random’ from ‘mbedtls_ctr_drbg_write_seed_file’
#  291|           }
#  292|   #else
#  293|->         if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
#  294|                                            iv, iv)) != 0) {
#  295|               goto exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def38]
mbedtls-3.6.5/library/ctr_drbg.c:293:20: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "wb")’
mbedtls-3.6.5/library/ctr_drbg.c:720:5: enter_function: entry to ‘mbedtls_ctr_drbg_write_seed_file’
mbedtls-3.6.5/library/ctr_drbg.c:727:14: acquire_memory: allocated here
mbedtls-3.6.5/library/ctr_drbg.c:727:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ctr_drbg.c:732:5: branch_false: ...to here
mbedtls-3.6.5/library/ctr_drbg.c:734:16: call_function: calling ‘mbedtls_ctr_drbg_random’ from ‘mbedtls_ctr_drbg_write_seed_file’
#  291|           }
#  292|   #else
#  293|->         if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
#  294|                                            iv, iv)) != 0) {
#  295|               goto exit;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def39]
mbedtls-3.6.5/library/ctr_drbg.c:469:14: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "wb")’
mbedtls-3.6.5/library/ctr_drbg.c:720:5: enter_function: entry to ‘mbedtls_ctr_drbg_write_seed_file’
mbedtls-3.6.5/library/ctr_drbg.c:727:14: acquire_resource: opened here
mbedtls-3.6.5/library/ctr_drbg.c:727:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ctr_drbg.c:732:5: branch_false: ...to here
mbedtls-3.6.5/library/ctr_drbg.c:734:16: call_function: calling ‘mbedtls_ctr_drbg_random’ from ‘mbedtls_ctr_drbg_write_seed_file’
#  467|   
#  468|       /* Gather entropy_len bytes of entropy to seed state. */
#  469|->     if (0 != ctx->f_entropy(ctx->p_entropy, seed, ctx->entropy_len)) {
#  470|           return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
#  471|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def40]
mbedtls-3.6.5/library/ctr_drbg.c:469:14: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "wb")’
mbedtls-3.6.5/library/ctr_drbg.c:720:5: enter_function: entry to ‘mbedtls_ctr_drbg_write_seed_file’
mbedtls-3.6.5/library/ctr_drbg.c:727:14: acquire_memory: allocated here
mbedtls-3.6.5/library/ctr_drbg.c:727:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ctr_drbg.c:732:5: branch_false: ...to here
mbedtls-3.6.5/library/ctr_drbg.c:734:16: call_function: calling ‘mbedtls_ctr_drbg_random’ from ‘mbedtls_ctr_drbg_write_seed_file’
#  467|   
#  468|       /* Gather entropy_len bytes of entropy to seed state. */
#  469|->     if (0 != ctx->f_entropy(ctx->p_entropy, seed, ctx->entropy_len)) {
#  470|           return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
#  471|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def41]
mbedtls-3.6.5/library/ctr_drbg.c:703:16: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "wb")’
mbedtls-3.6.5/library/ctr_drbg.c:720:5: enter_function: entry to ‘mbedtls_ctr_drbg_write_seed_file’
mbedtls-3.6.5/library/ctr_drbg.c:727:14: acquire_resource: opened here
mbedtls-3.6.5/library/ctr_drbg.c:727:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ctr_drbg.c:732:5: branch_false: ...to here
mbedtls-3.6.5/library/ctr_drbg.c:734:16: call_function: calling ‘mbedtls_ctr_drbg_random’ from ‘mbedtls_ctr_drbg_write_seed_file’
#  701|   
#  702|   #if defined(MBEDTLS_THREADING_C)
#  703|->     if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
#  704|           return ret;
#  705|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def42]
mbedtls-3.6.5/library/ctr_drbg.c:703:16: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "wb")’
mbedtls-3.6.5/library/ctr_drbg.c:720:5: enter_function: entry to ‘mbedtls_ctr_drbg_write_seed_file’
mbedtls-3.6.5/library/ctr_drbg.c:727:14: acquire_memory: allocated here
mbedtls-3.6.5/library/ctr_drbg.c:727:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ctr_drbg.c:732:5: branch_false: ...to here
mbedtls-3.6.5/library/ctr_drbg.c:734:16: call_function: calling ‘mbedtls_ctr_drbg_random’ from ‘mbedtls_ctr_drbg_write_seed_file’
#  701|   
#  702|   #if defined(MBEDTLS_THREADING_C)
#  703|->     if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
#  704|           return ret;
#  705|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def43]
mbedtls-3.6.5/library/ctr_drbg.c:784:5: warning[-Wanalyzer-file-leak]: leak of FILE ‘f’
mbedtls-3.6.5/library/ctr_drbg.c:762:14: acquire_resource: opened here
mbedtls-3.6.5/library/ctr_drbg.c:762:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ctr_drbg.c:767:5: branch_false: ...to here
mbedtls-3.6.5/library/ctr_drbg.c:784:5: danger: ‘f’ leaks here; was opened at [(1)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/0)
#  782|   
#  783|   exit:
#  784|->     mbedtls_platform_zeroize(buf, sizeof(buf));
#  785|       if (f != NULL) {
#  786|           fclose(f);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def44]
mbedtls-3.6.5/library/ctr_drbg.c:784:5: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
mbedtls-3.6.5/library/ctr_drbg.c:762:14: acquire_memory: allocated here
mbedtls-3.6.5/library/ctr_drbg.c:762:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ctr_drbg.c:767:5: branch_false: ...to here
mbedtls-3.6.5/library/ctr_drbg.c:784:5: danger: ‘f’ leaks here; was allocated at [(1)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/0)
#  782|   
#  783|   exit:
#  784|->     mbedtls_platform_zeroize(buf, sizeof(buf));
#  785|       if (f != NULL) {
#  786|           fclose(f);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def45]
mbedtls-3.6.5/library/dhm.c:481:5: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/dhm.c:615:5: enter_function: entry to ‘mbedtls_dhm_parse_dhmfile’
mbedtls-3.6.5/library/dhm.c:621:16: call_function: calling ‘load_file’ from ‘mbedtls_dhm_parse_dhmfile’
mbedtls-3.6.5/library/dhm.c:621:16: return_function: returning to ‘mbedtls_dhm_parse_dhmfile’ from ‘load_file’
mbedtls-3.6.5/library/dhm.c:621:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/dhm.c:625:11: branch_false: ...to here
mbedtls-3.6.5/library/dhm.c:625:11: call_function: calling ‘mbedtls_dhm_parse_dhm’ from ‘mbedtls_dhm_parse_dhmfile’
#  479|   
#  480|   #if defined(MBEDTLS_PEM_PARSE_C)
#  481|->     mbedtls_pem_init(&pem);
#  482|   
#  483|       /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def46]
mbedtls-3.6.5/library/dhm.c:487:15: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/dhm.c:615:5: enter_function: entry to ‘mbedtls_dhm_parse_dhmfile’
mbedtls-3.6.5/library/dhm.c:621:16: call_function: calling ‘load_file’ from ‘mbedtls_dhm_parse_dhmfile’
mbedtls-3.6.5/library/dhm.c:621:16: return_function: returning to ‘mbedtls_dhm_parse_dhmfile’ from ‘load_file’
mbedtls-3.6.5/library/dhm.c:621:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/dhm.c:625:11: branch_false: ...to here
mbedtls-3.6.5/library/dhm.c:625:11: call_function: calling ‘mbedtls_dhm_parse_dhm’ from ‘mbedtls_dhm_parse_dhmfile’
#  485|           ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
#  486|       } else {
#  487|->         ret = mbedtls_pem_read_buffer(&pem,
#  488|                                         "-----BEGIN DH PARAMETERS-----",
#  489|                                         "-----END DH PARAMETERS-----",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def47]
mbedtls-3.6.5/library/dhm.c:515:16: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/dhm.c:615:5: enter_function: entry to ‘mbedtls_dhm_parse_dhmfile’
mbedtls-3.6.5/library/dhm.c:621:16: call_function: calling ‘load_file’ from ‘mbedtls_dhm_parse_dhmfile’
mbedtls-3.6.5/library/dhm.c:621:16: return_function: returning to ‘mbedtls_dhm_parse_dhmfile’ from ‘load_file’
mbedtls-3.6.5/library/dhm.c:621:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/dhm.c:625:11: branch_false: ...to here
mbedtls-3.6.5/library/dhm.c:625:11: call_function: calling ‘mbedtls_dhm_parse_dhm’ from ‘mbedtls_dhm_parse_dhmfile’
#  513|        *  }
#  514|        */
#  515|->     if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
#  516|                                       MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
#  517|           ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def48]
mbedtls-3.6.5/library/dhm.c:523:16: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/dhm.c:615:5: enter_function: entry to ‘mbedtls_dhm_parse_dhmfile’
mbedtls-3.6.5/library/dhm.c:621:16: call_function: calling ‘load_file’ from ‘mbedtls_dhm_parse_dhmfile’
mbedtls-3.6.5/library/dhm.c:621:16: return_function: returning to ‘mbedtls_dhm_parse_dhmfile’ from ‘load_file’
mbedtls-3.6.5/library/dhm.c:621:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/dhm.c:625:11: branch_false: ...to here
mbedtls-3.6.5/library/dhm.c:625:11: call_function: calling ‘mbedtls_dhm_parse_dhm’ from ‘mbedtls_dhm_parse_dhmfile’
#  521|       end = p + len;
#  522|   
#  523|->     if ((ret = mbedtls_asn1_get_mpi(&p, end, &dhm->P)) != 0 ||
#  524|           (ret = mbedtls_asn1_get_mpi(&p, end, &dhm->G)) != 0) {
#  525|           ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def49]
mbedtls-3.6.5/library/dhm.c:578:5: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/dhm.c:573:14: acquire_resource: opened here
mbedtls-3.6.5/library/dhm.c:573:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/dhm.c:578:5: branch_false: ...to here
mbedtls-3.6.5/library/dhm.c:578:5: danger: ‘fopen(path, "rb")’ leaks here; was opened at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  576|       /* The data loaded here is public, so don't bother disabling buffering. */
#  577|   
#  578|->     fseek(f, 0, SEEK_END);
#  579|       if ((size = ftell(f)) == -1) {
#  580|           fclose(f);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def50]
mbedtls-3.6.5/library/dhm.c:578:5: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/dhm.c:573:14: acquire_memory: allocated here
mbedtls-3.6.5/library/dhm.c:573:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/dhm.c:578:5: branch_false: ...to here
mbedtls-3.6.5/library/dhm.c:578:5: danger: ‘fopen(path, "rb")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  576|       /* The data loaded here is public, so don't bother disabling buffering. */
#  577|   
#  578|->     fseek(f, 0, SEEK_END);
#  579|       if ((size = ftell(f)) == -1) {
#  580|           fclose(f);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def51]
mbedtls-3.6.5/library/dhm.c:579:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/dhm.c:573:14: acquire_resource: opened here
mbedtls-3.6.5/library/dhm.c:573:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/dhm.c:578:5: branch_false: ...to here
mbedtls-3.6.5/library/dhm.c:579:17: danger: ‘fopen(path, "rb")’ leaks here; was opened at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  577|   
#  578|       fseek(f, 0, SEEK_END);
#  579|->     if ((size = ftell(f)) == -1) {
#  580|           fclose(f);
#  581|           return MBEDTLS_ERR_DHM_FILE_IO_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def52]
mbedtls-3.6.5/library/dhm.c:579:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/dhm.c:573:14: acquire_memory: allocated here
mbedtls-3.6.5/library/dhm.c:573:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/dhm.c:578:5: branch_false: ...to here
mbedtls-3.6.5/library/dhm.c:579:17: danger: ‘fopen(path, "rb")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  577|   
#  578|       fseek(f, 0, SEEK_END);
#  579|->     if ((size = ftell(f)) == -1) {
#  580|           fclose(f);
#  581|           return MBEDTLS_ERR_DHM_FILE_IO_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def53]
mbedtls-3.6.5/library/dhm.c:583:5: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/dhm.c:573:14: acquire_resource: opened here
mbedtls-3.6.5/library/dhm.c:573:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/dhm.c:578:5: branch_false: ...to here
mbedtls-3.6.5/library/dhm.c:579:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/dhm.c:583:5: branch_false: ...to here
mbedtls-3.6.5/library/dhm.c:583:5: danger: ‘fopen(path, "rb")’ leaks here; was opened at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  581|           return MBEDTLS_ERR_DHM_FILE_IO_ERROR;
#  582|       }
#  583|->     fseek(f, 0, SEEK_SET);
#  584|   
#  585|       *n = (size_t) size;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def54]
mbedtls-3.6.5/library/dhm.c:583:5: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/dhm.c:573:14: acquire_memory: allocated here
mbedtls-3.6.5/library/dhm.c:573:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/dhm.c:578:5: branch_false: ...to here
mbedtls-3.6.5/library/dhm.c:579:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/dhm.c:583:5: branch_false: ...to here
mbedtls-3.6.5/library/dhm.c:583:5: danger: ‘fopen(path, "rb")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  581|           return MBEDTLS_ERR_DHM_FILE_IO_ERROR;
#  582|       }
#  583|->     fseek(f, 0, SEEK_SET);
#  584|   
#  585|       *n = (size_t) size;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def55]
mbedtls-3.6.5/library/dhm.c:596:9: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/dhm.c:615:5: enter_function: entry to ‘mbedtls_dhm_parse_dhmfile’
mbedtls-3.6.5/library/dhm.c:621:16: call_function: calling ‘load_file’ from ‘mbedtls_dhm_parse_dhmfile’
#  594|           fclose(f);
#  595|   
#  596|->         mbedtls_zeroize_and_free(*buf, *n + 1);
#  597|   
#  598|           return MBEDTLS_ERR_DHM_FILE_IO_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def56]
mbedtls-3.6.5/library/ecp.c:505:5: warning[-Wanalyzer-malloc-leak]: leak of ‘T’
mbedtls-3.6.5/library/ecp.c:2275:12: enter_function: entry to ‘ecp_mul_comb’
mbedtls-3.6.5/library/ecp.c:2322:13: acquire_memory: allocated here
mbedtls-3.6.5/library/ecp.c:2323:12: branch_false: following ‘false’ branch (when ‘T’ is non-NULL)...
 branch_false: ...to here
mbedtls-3.6.5/library/ecp.c:2328:21: branch_true: following ‘true’ branch (when ‘i < T_size’)...
mbedtls-3.6.5/library/ecp.c:2329:38: branch_true: ...to here
mbedtls-3.6.5/library/ecp.c:2329:13: call_function: calling ‘mbedtls_ecp_point_init’ from ‘ecp_mul_comb’
#  503|   void mbedtls_ecp_point_init(mbedtls_ecp_point *pt)
#  504|   {
#  505|->     mbedtls_mpi_init(&pt->X);
#  506|       mbedtls_mpi_init(&pt->Y);
#  507|       mbedtls_mpi_init(&pt->Z);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def57]
mbedtls-3.6.5/library/ecp_curves.c:5290:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
mbedtls-3.6.5/library/ecp_curves.c:5255:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ecp_curves.c:5260:5: branch_false: ...to here
mbedtls-3.6.5/library/ecp_curves.c:5262:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ecp_curves.c:5266:5: branch_false: ...to here
mbedtls-3.6.5/library/ecp_curves.c:5276:5: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ecp_curves.c:5279:5: branch_false: ...to here
mbedtls-3.6.5/library/ecp_curves.c:5282:5: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ecp_curves.c:5283:5: branch_false: ...to here
mbedtls-3.6.5/library/ecp_curves.c:5283:5: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ecp_curves.c:5287:9: branch_false: ...to here
mbedtls-3.6.5/library/ecp_curves.c:5289:30: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/ecp_curves.c:5290:9: branch_true: ...to here
mbedtls-3.6.5/library/ecp_curves.c:5289:30: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/ecp_curves.c:5290:9: branch_true: ...to here
mbedtls-3.6.5/library/ecp_curves.c:5289:30: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/ecp_curves.c:5290:9: branch_true: ...to here
mbedtls-3.6.5/library/ecp_curves.c:5289:30: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/ecp_curves.c:5290:9: branch_true: ...to here
mbedtls-3.6.5/library/ecp_curves.c:5289:30: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/ecp_curves.c:5290:9: branch_true: ...to here
mbedtls-3.6.5/library/ecp_curves.c:5290:9: danger: out-of-bounds write from byte 64 till byte 71 but ‘Mp’ ends at byte 64
# 5288|       }
# 5289|       for (i = P224_WIDTH_MAX; i < M.n; ++i) {
# 5290|->         Mp[i] = 0;
# 5291|       }
# 5292|       MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&M, &M, &Q));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def58]
mbedtls-3.6.5/library/entropy.c:134:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/entropy.c:442:5: enter_function: entry to ‘mbedtls_entropy_update_seed_file’
mbedtls-3.6.5/library/entropy.c:449:14: acquire_resource: opened here
mbedtls-3.6.5/library/entropy.c:449:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:454:5: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:464:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:467:15: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:467:15: call_function: calling ‘mbedtls_entropy_update_manual’ from ‘mbedtls_entropy_update_seed_file’
#  132|   
#  133|       if (use_len > MBEDTLS_ENTROPY_BLOCK_SIZE) {
#  134|->         if ((ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_ENTROPY_MD),
#  135|                                 data, len, tmp)) != 0) {
#  136|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def59]
mbedtls-3.6.5/library/entropy.c:134:20: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/entropy.c:442:5: enter_function: entry to ‘mbedtls_entropy_update_seed_file’
mbedtls-3.6.5/library/entropy.c:449:14: acquire_memory: allocated here
mbedtls-3.6.5/library/entropy.c:449:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:454:5: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:464:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:467:15: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:467:15: call_function: calling ‘mbedtls_entropy_update_manual’ from ‘mbedtls_entropy_update_seed_file’
#  132|   
#  133|       if (use_len > MBEDTLS_ENTROPY_BLOCK_SIZE) {
#  134|->         if ((ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_ENTROPY_MD),
#  135|                                 data, len, tmp)) != 0) {
#  136|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def60]
mbedtls-3.6.5/library/entropy.c:151:15: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/entropy.c:442:5: enter_function: entry to ‘mbedtls_entropy_update_seed_file’
mbedtls-3.6.5/library/entropy.c:449:14: acquire_resource: opened here
mbedtls-3.6.5/library/entropy.c:449:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:454:5: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:464:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:467:15: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:467:15: call_function: calling ‘mbedtls_entropy_update_manual’ from ‘mbedtls_entropy_update_seed_file’
#  149|        */
#  150|       if (ctx->accumulator_started == 0) {
#  151|->         ret = mbedtls_md_setup(&ctx->accumulator,
#  152|                                  mbedtls_md_info_from_type(MBEDTLS_ENTROPY_MD), 0);
#  153|           if (ret != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def61]
mbedtls-3.6.5/library/entropy.c:151:15: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/entropy.c:442:5: enter_function: entry to ‘mbedtls_entropy_update_seed_file’
mbedtls-3.6.5/library/entropy.c:449:14: acquire_memory: allocated here
mbedtls-3.6.5/library/entropy.c:449:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:454:5: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:464:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:467:15: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:467:15: call_function: calling ‘mbedtls_entropy_update_manual’ from ‘mbedtls_entropy_update_seed_file’
#  149|        */
#  150|       if (ctx->accumulator_started == 0) {
#  151|->         ret = mbedtls_md_setup(&ctx->accumulator,
#  152|                                  mbedtls_md_info_from_type(MBEDTLS_ENTROPY_MD), 0);
#  153|           if (ret != 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def62]
mbedtls-3.6.5/library/entropy.c:156:15: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/entropy.c:442:5: enter_function: entry to ‘mbedtls_entropy_update_seed_file’
mbedtls-3.6.5/library/entropy.c:449:14: acquire_resource: opened here
mbedtls-3.6.5/library/entropy.c:449:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:454:5: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:464:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:467:15: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:467:15: call_function: calling ‘mbedtls_entropy_update_manual’ from ‘mbedtls_entropy_update_seed_file’
#  154|               goto cleanup;
#  155|           }
#  156|->         ret = mbedtls_md_starts(&ctx->accumulator);
#  157|           if (ret != 0) {
#  158|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def63]
mbedtls-3.6.5/library/entropy.c:156:15: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/entropy.c:442:5: enter_function: entry to ‘mbedtls_entropy_update_seed_file’
mbedtls-3.6.5/library/entropy.c:449:14: acquire_memory: allocated here
mbedtls-3.6.5/library/entropy.c:449:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:454:5: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:464:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:467:15: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:467:15: call_function: calling ‘mbedtls_entropy_update_manual’ from ‘mbedtls_entropy_update_seed_file’
#  154|               goto cleanup;
#  155|           }
#  156|->         ret = mbedtls_md_starts(&ctx->accumulator);
#  157|           if (ret != 0) {
#  158|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def64]
mbedtls-3.6.5/library/entropy.c:179:16: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/entropy.c:442:5: enter_function: entry to ‘mbedtls_entropy_update_seed_file’
mbedtls-3.6.5/library/entropy.c:449:14: acquire_resource: opened here
mbedtls-3.6.5/library/entropy.c:449:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:454:5: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:464:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:467:15: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:467:15: call_function: calling ‘mbedtls_entropy_update_manual’ from ‘mbedtls_entropy_update_seed_file’
#  177|   
#  178|   #if defined(MBEDTLS_THREADING_C)
#  179|->     if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
#  180|           return ret;
#  181|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def65]
mbedtls-3.6.5/library/entropy.c:179:16: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/entropy.c:442:5: enter_function: entry to ‘mbedtls_entropy_update_seed_file’
mbedtls-3.6.5/library/entropy.c:449:14: acquire_memory: allocated here
mbedtls-3.6.5/library/entropy.c:449:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:454:5: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:464:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:467:15: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:467:15: call_function: calling ‘mbedtls_entropy_update_manual’ from ‘mbedtls_entropy_update_seed_file’
#  177|   
#  178|   #if defined(MBEDTLS_THREADING_C)
#  179|->     if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
#  180|           return ret;
#  181|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def66]
mbedtls-3.6.5/library/entropy.c:456:5: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/entropy.c:449:14: acquire_resource: opened here
mbedtls-3.6.5/library/entropy.c:449:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:454:5: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:456:5: danger: ‘fopen(path, "rb")’ leaks here; was opened at [(1)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/0)
#  454|       mbedtls_setbuf(f, NULL);
#  455|   
#  456|->     fseek(f, 0, SEEK_END);
#  457|       n = (size_t) ftell(f);
#  458|       fseek(f, 0, SEEK_SET);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def67]
mbedtls-3.6.5/library/entropy.c:456:5: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/entropy.c:449:14: acquire_memory: allocated here
mbedtls-3.6.5/library/entropy.c:449:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:454:5: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:456:5: danger: ‘fopen(path, "rb")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/0)
#  454|       mbedtls_setbuf(f, NULL);
#  455|   
#  456|->     fseek(f, 0, SEEK_END);
#  457|       n = (size_t) ftell(f);
#  458|       fseek(f, 0, SEEK_SET);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def68]
mbedtls-3.6.5/library/entropy.c:457:18: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/entropy.c:449:14: acquire_resource: opened here
mbedtls-3.6.5/library/entropy.c:449:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:454:5: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:457:18: danger: ‘fopen(path, "rb")’ leaks here; was opened at [(1)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/0)
#  455|   
#  456|       fseek(f, 0, SEEK_END);
#  457|->     n = (size_t) ftell(f);
#  458|       fseek(f, 0, SEEK_SET);
#  459|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def69]
mbedtls-3.6.5/library/entropy.c:457:18: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/entropy.c:449:14: acquire_memory: allocated here
mbedtls-3.6.5/library/entropy.c:449:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:454:5: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:457:18: danger: ‘fopen(path, "rb")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/0)
#  455|   
#  456|       fseek(f, 0, SEEK_END);
#  457|->     n = (size_t) ftell(f);
#  458|       fseek(f, 0, SEEK_SET);
#  459|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def70]
mbedtls-3.6.5/library/entropy.c:458:5: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/entropy.c:449:14: acquire_resource: opened here
mbedtls-3.6.5/library/entropy.c:449:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:454:5: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:458:5: danger: ‘fopen(path, "rb")’ leaks here; was opened at [(1)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/0)
#  456|       fseek(f, 0, SEEK_END);
#  457|       n = (size_t) ftell(f);
#  458|->     fseek(f, 0, SEEK_SET);
#  459|   
#  460|       if (n > MBEDTLS_ENTROPY_MAX_SEED_SIZE) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def71]
mbedtls-3.6.5/library/entropy.c:458:5: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/entropy.c:449:14: acquire_memory: allocated here
mbedtls-3.6.5/library/entropy.c:449:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/entropy.c:454:5: branch_false: ...to here
mbedtls-3.6.5/library/entropy.c:458:5: danger: ‘fopen(path, "rb")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/0)
#  456|       fseek(f, 0, SEEK_END);
#  457|       n = (size_t) ftell(f);
#  458|->     fseek(f, 0, SEEK_SET);
#  459|   
#  460|       if (n > MBEDTLS_ENTROPY_MAX_SEED_SIZE) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def72]
mbedtls-3.6.5/library/hmac_drbg.c:47:21: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "wb")’
mbedtls-3.6.5/library/hmac_drbg.c:426:5: enter_function: entry to ‘mbedtls_hmac_drbg_write_seed_file’
mbedtls-3.6.5/library/hmac_drbg.c:432:14: acquire_resource: opened here
mbedtls-3.6.5/library/hmac_drbg.c:432:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/hmac_drbg.c:437:5: branch_false: ...to here
mbedtls-3.6.5/library/hmac_drbg.c:439:16: call_function: calling ‘mbedtls_hmac_drbg_random’ from ‘mbedtls_hmac_drbg_write_seed_file’
#   45|                                size_t add_len)
#   46|   {
#   47|->     size_t md_len = mbedtls_md_get_size(ctx->md_ctx.md_info);
#   48|       unsigned char rounds = (additional != NULL && add_len != 0) ? 2 : 1;
#   49|       unsigned char sep[1];

Error: GCC_ANALYZER_WARNING (CWE-401): [#def73]
mbedtls-3.6.5/library/hmac_drbg.c:47:21: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "wb")’
mbedtls-3.6.5/library/hmac_drbg.c:426:5: enter_function: entry to ‘mbedtls_hmac_drbg_write_seed_file’
mbedtls-3.6.5/library/hmac_drbg.c:432:14: acquire_memory: allocated here
mbedtls-3.6.5/library/hmac_drbg.c:432:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/hmac_drbg.c:437:5: branch_false: ...to here
mbedtls-3.6.5/library/hmac_drbg.c:439:16: call_function: calling ‘mbedtls_hmac_drbg_random’ from ‘mbedtls_hmac_drbg_write_seed_file’
#   45|                                size_t add_len)
#   46|   {
#   47|->     size_t md_len = mbedtls_md_get_size(ctx->md_ctx.md_info);
#   48|       unsigned char rounds = (additional != NULL && add_len != 0) ? 2 : 1;
#   49|       unsigned char sep[1];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def74]
mbedtls-3.6.5/library/hmac_drbg.c:55:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "wb")’
mbedtls-3.6.5/library/hmac_drbg.c:426:5: enter_function: entry to ‘mbedtls_hmac_drbg_write_seed_file’
mbedtls-3.6.5/library/hmac_drbg.c:432:14: acquire_resource: opened here
mbedtls-3.6.5/library/hmac_drbg.c:432:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/hmac_drbg.c:437:5: branch_false: ...to here
mbedtls-3.6.5/library/hmac_drbg.c:439:16: call_function: calling ‘mbedtls_hmac_drbg_random’ from ‘mbedtls_hmac_drbg_write_seed_file’
#   53|       for (sep[0] = 0; sep[0] < rounds; sep[0]++) {
#   54|           /* Step 1 or 4 */
#   55|->         if ((ret = mbedtls_md_hmac_reset(&ctx->md_ctx)) != 0) {
#   56|               goto exit;
#   57|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def75]
mbedtls-3.6.5/library/hmac_drbg.c:55:20: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "wb")’
mbedtls-3.6.5/library/hmac_drbg.c:426:5: enter_function: entry to ‘mbedtls_hmac_drbg_write_seed_file’
mbedtls-3.6.5/library/hmac_drbg.c:432:14: acquire_memory: allocated here
mbedtls-3.6.5/library/hmac_drbg.c:432:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/hmac_drbg.c:437:5: branch_false: ...to here
mbedtls-3.6.5/library/hmac_drbg.c:439:16: call_function: calling ‘mbedtls_hmac_drbg_random’ from ‘mbedtls_hmac_drbg_write_seed_file’
#   53|       for (sep[0] = 0; sep[0] < rounds; sep[0]++) {
#   54|           /* Step 1 or 4 */
#   55|->         if ((ret = mbedtls_md_hmac_reset(&ctx->md_ctx)) != 0) {
#   56|               goto exit;
#   57|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def76]
mbedtls-3.6.5/library/hmac_drbg.c:58:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "wb")’
mbedtls-3.6.5/library/hmac_drbg.c:426:5: enter_function: entry to ‘mbedtls_hmac_drbg_write_seed_file’
mbedtls-3.6.5/library/hmac_drbg.c:432:14: acquire_resource: opened here
mbedtls-3.6.5/library/hmac_drbg.c:432:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/hmac_drbg.c:437:5: branch_false: ...to here
mbedtls-3.6.5/library/hmac_drbg.c:439:16: call_function: calling ‘mbedtls_hmac_drbg_random’ from ‘mbedtls_hmac_drbg_write_seed_file’
#   56|               goto exit;
#   57|           }
#   58|->         if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,
#   59|                                             ctx->V, md_len)) != 0) {
#   60|               goto exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def77]
mbedtls-3.6.5/library/hmac_drbg.c:58:20: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "wb")’
mbedtls-3.6.5/library/hmac_drbg.c:426:5: enter_function: entry to ‘mbedtls_hmac_drbg_write_seed_file’
mbedtls-3.6.5/library/hmac_drbg.c:432:14: acquire_memory: allocated here
mbedtls-3.6.5/library/hmac_drbg.c:432:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/hmac_drbg.c:437:5: branch_false: ...to here
mbedtls-3.6.5/library/hmac_drbg.c:439:16: call_function: calling ‘mbedtls_hmac_drbg_random’ from ‘mbedtls_hmac_drbg_write_seed_file’
#   56|               goto exit;
#   57|           }
#   58|->         if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,
#   59|                                             ctx->V, md_len)) != 0) {
#   60|               goto exit;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def78]
mbedtls-3.6.5/library/hmac_drbg.c:62:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "wb")’
mbedtls-3.6.5/library/hmac_drbg.c:426:5: enter_function: entry to ‘mbedtls_hmac_drbg_write_seed_file’
mbedtls-3.6.5/library/hmac_drbg.c:432:14: acquire_resource: opened here
mbedtls-3.6.5/library/hmac_drbg.c:432:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/hmac_drbg.c:437:5: branch_false: ...to here
mbedtls-3.6.5/library/hmac_drbg.c:439:16: call_function: calling ‘mbedtls_hmac_drbg_random’ from ‘mbedtls_hmac_drbg_write_seed_file’
#   60|               goto exit;
#   61|           }
#   62|->         if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,
#   63|                                             sep, 1)) != 0) {
#   64|               goto exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def79]
mbedtls-3.6.5/library/hmac_drbg.c:62:20: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "wb")’
mbedtls-3.6.5/library/hmac_drbg.c:426:5: enter_function: entry to ‘mbedtls_hmac_drbg_write_seed_file’
mbedtls-3.6.5/library/hmac_drbg.c:432:14: acquire_memory: allocated here
mbedtls-3.6.5/library/hmac_drbg.c:432:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/hmac_drbg.c:437:5: branch_false: ...to here
mbedtls-3.6.5/library/hmac_drbg.c:439:16: call_function: calling ‘mbedtls_hmac_drbg_random’ from ‘mbedtls_hmac_drbg_write_seed_file’
#   60|               goto exit;
#   61|           }
#   62|->         if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,
#   63|                                             sep, 1)) != 0) {
#   64|               goto exit;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def80]
mbedtls-3.6.5/library/hmac_drbg.c:67:24: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "wb")’
mbedtls-3.6.5/library/hmac_drbg.c:426:5: enter_function: entry to ‘mbedtls_hmac_drbg_write_seed_file’
mbedtls-3.6.5/library/hmac_drbg.c:432:14: acquire_resource: opened here
mbedtls-3.6.5/library/hmac_drbg.c:432:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/hmac_drbg.c:437:5: branch_false: ...to here
mbedtls-3.6.5/library/hmac_drbg.c:439:16: call_function: calling ‘mbedtls_hmac_drbg_random’ from ‘mbedtls_hmac_drbg_write_seed_file’
#   65|           }
#   66|           if (rounds == 2) {
#   67|->             if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,
#   68|                                                 additional, add_len)) != 0) {
#   69|                   goto exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def81]
mbedtls-3.6.5/library/hmac_drbg.c:67:24: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "wb")’
mbedtls-3.6.5/library/hmac_drbg.c:426:5: enter_function: entry to ‘mbedtls_hmac_drbg_write_seed_file’
mbedtls-3.6.5/library/hmac_drbg.c:432:14: acquire_memory: allocated here
mbedtls-3.6.5/library/hmac_drbg.c:432:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/hmac_drbg.c:437:5: branch_false: ...to here
mbedtls-3.6.5/library/hmac_drbg.c:439:16: call_function: calling ‘mbedtls_hmac_drbg_random’ from ‘mbedtls_hmac_drbg_write_seed_file’
#   65|           }
#   66|           if (rounds == 2) {
#   67|->             if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,
#   68|                                                 additional, add_len)) != 0) {
#   69|                   goto exit;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def82]
mbedtls-3.6.5/library/hmac_drbg.c:161:16: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "wb")’
mbedtls-3.6.5/library/hmac_drbg.c:426:5: enter_function: entry to ‘mbedtls_hmac_drbg_write_seed_file’
mbedtls-3.6.5/library/hmac_drbg.c:432:14: acquire_resource: opened here
mbedtls-3.6.5/library/hmac_drbg.c:432:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/hmac_drbg.c:437:5: branch_false: ...to here
mbedtls-3.6.5/library/hmac_drbg.c:439:16: call_function: calling ‘mbedtls_hmac_drbg_random’ from ‘mbedtls_hmac_drbg_write_seed_file’
#  159|   
#  160|       /* IV. Gather entropy_len bytes of entropy for the seed */
#  161|->     if ((ret = ctx->f_entropy(ctx->p_entropy,
#  162|                                 seed, ctx->entropy_len)) != 0) {
#  163|           return MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def83]
mbedtls-3.6.5/library/hmac_drbg.c:161:16: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "wb")’
mbedtls-3.6.5/library/hmac_drbg.c:426:5: enter_function: entry to ‘mbedtls_hmac_drbg_write_seed_file’
mbedtls-3.6.5/library/hmac_drbg.c:432:14: acquire_memory: allocated here
mbedtls-3.6.5/library/hmac_drbg.c:432:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/hmac_drbg.c:437:5: branch_false: ...to here
mbedtls-3.6.5/library/hmac_drbg.c:439:16: call_function: calling ‘mbedtls_hmac_drbg_random’ from ‘mbedtls_hmac_drbg_write_seed_file’
#  159|   
#  160|       /* IV. Gather entropy_len bytes of entropy for the seed */
#  161|->     if ((ret = ctx->f_entropy(ctx->p_entropy,
#  162|                                 seed, ctx->entropy_len)) != 0) {
#  163|           return MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def84]
mbedtls-3.6.5/library/hmac_drbg.c:312:21: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "wb")’
mbedtls-3.6.5/library/hmac_drbg.c:426:5: enter_function: entry to ‘mbedtls_hmac_drbg_write_seed_file’
mbedtls-3.6.5/library/hmac_drbg.c:432:14: acquire_resource: opened here
mbedtls-3.6.5/library/hmac_drbg.c:432:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/hmac_drbg.c:437:5: branch_false: ...to here
mbedtls-3.6.5/library/hmac_drbg.c:439:16: call_function: calling ‘mbedtls_hmac_drbg_random’ from ‘mbedtls_hmac_drbg_write_seed_file’
#  310|       int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#  311|       mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;
#  312|->     size_t md_len = mbedtls_md_get_size(ctx->md_ctx.md_info);
#  313|       size_t left = out_len;
#  314|       unsigned char *out = output;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def85]
mbedtls-3.6.5/library/hmac_drbg.c:312:21: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "wb")’
mbedtls-3.6.5/library/hmac_drbg.c:426:5: enter_function: entry to ‘mbedtls_hmac_drbg_write_seed_file’
mbedtls-3.6.5/library/hmac_drbg.c:432:14: acquire_memory: allocated here
mbedtls-3.6.5/library/hmac_drbg.c:432:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/hmac_drbg.c:437:5: branch_false: ...to here
mbedtls-3.6.5/library/hmac_drbg.c:439:16: call_function: calling ‘mbedtls_hmac_drbg_random’ from ‘mbedtls_hmac_drbg_write_seed_file’
#  310|       int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#  311|       mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;
#  312|->     size_t md_len = mbedtls_md_get_size(ctx->md_ctx.md_info);
#  313|       size_t left = out_len;
#  314|       unsigned char *out = output;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def86]
mbedtls-3.6.5/library/hmac_drbg.c:388:16: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "wb")’
mbedtls-3.6.5/library/hmac_drbg.c:426:5: enter_function: entry to ‘mbedtls_hmac_drbg_write_seed_file’
mbedtls-3.6.5/library/hmac_drbg.c:432:14: acquire_resource: opened here
mbedtls-3.6.5/library/hmac_drbg.c:432:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/hmac_drbg.c:437:5: branch_false: ...to here
mbedtls-3.6.5/library/hmac_drbg.c:439:16: call_function: calling ‘mbedtls_hmac_drbg_random’ from ‘mbedtls_hmac_drbg_write_seed_file’
#  386|   
#  387|   #if defined(MBEDTLS_THREADING_C)
#  388|->     if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
#  389|           return ret;
#  390|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def87]
mbedtls-3.6.5/library/hmac_drbg.c:388:16: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "wb")’
mbedtls-3.6.5/library/hmac_drbg.c:426:5: enter_function: entry to ‘mbedtls_hmac_drbg_write_seed_file’
mbedtls-3.6.5/library/hmac_drbg.c:432:14: acquire_memory: allocated here
mbedtls-3.6.5/library/hmac_drbg.c:432:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/hmac_drbg.c:437:5: branch_false: ...to here
mbedtls-3.6.5/library/hmac_drbg.c:439:16: call_function: calling ‘mbedtls_hmac_drbg_random’ from ‘mbedtls_hmac_drbg_write_seed_file’
#  386|   
#  387|   #if defined(MBEDTLS_THREADING_C)
#  388|->     if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
#  389|           return ret;
#  390|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def88]
mbedtls-3.6.5/library/hmac_drbg.c:487:5: warning[-Wanalyzer-file-leak]: leak of FILE ‘f’
mbedtls-3.6.5/library/hmac_drbg.c:465:14: acquire_resource: opened here
mbedtls-3.6.5/library/hmac_drbg.c:465:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/hmac_drbg.c:470:5: branch_false: ...to here
mbedtls-3.6.5/library/hmac_drbg.c:487:5: danger: ‘f’ leaks here; was opened at [(1)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/0)
#  485|   
#  486|   exit:
#  487|->     mbedtls_platform_zeroize(buf, sizeof(buf));
#  488|       if (f != NULL) {
#  489|           fclose(f);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def89]
mbedtls-3.6.5/library/hmac_drbg.c:487:5: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
mbedtls-3.6.5/library/hmac_drbg.c:465:14: acquire_memory: allocated here
mbedtls-3.6.5/library/hmac_drbg.c:465:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/hmac_drbg.c:470:5: branch_false: ...to here
mbedtls-3.6.5/library/hmac_drbg.c:487:5: danger: ‘f’ leaks here; was allocated at [(1)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/0)
#  485|   
#  486|   exit:
#  487|->     mbedtls_platform_zeroize(buf, sizeof(buf));
#  488|       if (f != NULL) {
#  489|           fclose(f);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def90]
mbedtls-3.6.5/library/md.c:451:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/md.c:919:5: enter_function: entry to ‘mbedtls_md_file’
mbedtls-3.6.5/library/md.c:927:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:931:14: branch_false: ...to here
mbedtls-3.6.5/library/md.c:931:14: acquire_resource: opened here
mbedtls-3.6.5/library/md.c:931:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/md.c:936:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:940:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_file’
#  449|   #if defined(MBEDTLS_MD5_C)
#  450|           case MBEDTLS_MD_MD5:
#  451|->             ALLOC(md5);
#  452|               break;
#  453|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def91]
mbedtls-3.6.5/library/md.c:451:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.md_ctx’
mbedtls-3.6.5/library/md.c:1072:5: enter_function: entry to ‘mbedtls_md_hmac’
mbedtls-3.6.5/library/md.c:1080:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:1084:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:1086:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_hmac’
#  449|   #if defined(MBEDTLS_MD5_C)
#  450|           case MBEDTLS_MD_MD5:
#  451|->             ALLOC(md5);
#  452|               break;
#  453|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def92]
mbedtls-3.6.5/library/md.c:451:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/md.c:919:5: enter_function: entry to ‘mbedtls_md_file’
mbedtls-3.6.5/library/md.c:927:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:931:14: branch_false: ...to here
mbedtls-3.6.5/library/md.c:931:14: acquire_memory: allocated here
mbedtls-3.6.5/library/md.c:931:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/md.c:936:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:940:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_file’
#  449|   #if defined(MBEDTLS_MD5_C)
#  450|           case MBEDTLS_MD_MD5:
#  451|->             ALLOC(md5);
#  452|               break;
#  453|   #endif

Error: GCC_ANALYZER_WARNING (CWE-775): [#def93]
mbedtls-3.6.5/library/md.c:456:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/md.c:919:5: enter_function: entry to ‘mbedtls_md_file’
mbedtls-3.6.5/library/md.c:927:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:931:14: branch_false: ...to here
mbedtls-3.6.5/library/md.c:931:14: acquire_resource: opened here
mbedtls-3.6.5/library/md.c:931:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/md.c:936:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:940:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_file’
#  454|   #if defined(MBEDTLS_RIPEMD160_C)
#  455|           case MBEDTLS_MD_RIPEMD160:
#  456|->             ALLOC(ripemd160);
#  457|               break;
#  458|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def94]
mbedtls-3.6.5/library/md.c:456:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.md_ctx’
mbedtls-3.6.5/library/md.c:1072:5: enter_function: entry to ‘mbedtls_md_hmac’
mbedtls-3.6.5/library/md.c:1080:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:1084:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:1086:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_hmac’
#  454|   #if defined(MBEDTLS_RIPEMD160_C)
#  455|           case MBEDTLS_MD_RIPEMD160:
#  456|->             ALLOC(ripemd160);
#  457|               break;
#  458|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def95]
mbedtls-3.6.5/library/md.c:456:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/md.c:919:5: enter_function: entry to ‘mbedtls_md_file’
mbedtls-3.6.5/library/md.c:927:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:931:14: branch_false: ...to here
mbedtls-3.6.5/library/md.c:931:14: acquire_memory: allocated here
mbedtls-3.6.5/library/md.c:931:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/md.c:936:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:940:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_file’
#  454|   #if defined(MBEDTLS_RIPEMD160_C)
#  455|           case MBEDTLS_MD_RIPEMD160:
#  456|->             ALLOC(ripemd160);
#  457|               break;
#  458|   #endif

Error: GCC_ANALYZER_WARNING (CWE-775): [#def96]
mbedtls-3.6.5/library/md.c:461:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/md.c:919:5: enter_function: entry to ‘mbedtls_md_file’
mbedtls-3.6.5/library/md.c:927:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:931:14: branch_false: ...to here
mbedtls-3.6.5/library/md.c:931:14: acquire_resource: opened here
mbedtls-3.6.5/library/md.c:931:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/md.c:936:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:940:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_file’
#  459|   #if defined(MBEDTLS_SHA1_C)
#  460|           case MBEDTLS_MD_SHA1:
#  461|->             ALLOC(sha1);
#  462|               break;
#  463|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def97]
mbedtls-3.6.5/library/md.c:461:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.md_ctx’
mbedtls-3.6.5/library/md.c:1072:5: enter_function: entry to ‘mbedtls_md_hmac’
mbedtls-3.6.5/library/md.c:1080:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:1084:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:1086:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_hmac’
#  459|   #if defined(MBEDTLS_SHA1_C)
#  460|           case MBEDTLS_MD_SHA1:
#  461|->             ALLOC(sha1);
#  462|               break;
#  463|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def98]
mbedtls-3.6.5/library/md.c:461:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/md.c:919:5: enter_function: entry to ‘mbedtls_md_file’
mbedtls-3.6.5/library/md.c:927:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:931:14: branch_false: ...to here
mbedtls-3.6.5/library/md.c:931:14: acquire_memory: allocated here
mbedtls-3.6.5/library/md.c:931:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/md.c:936:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:940:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_file’
#  459|   #if defined(MBEDTLS_SHA1_C)
#  460|           case MBEDTLS_MD_SHA1:
#  461|->             ALLOC(sha1);
#  462|               break;
#  463|   #endif

Error: GCC_ANALYZER_WARNING (CWE-775): [#def99]
mbedtls-3.6.5/library/md.c:466:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/md.c:919:5: enter_function: entry to ‘mbedtls_md_file’
mbedtls-3.6.5/library/md.c:927:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:931:14: branch_false: ...to here
mbedtls-3.6.5/library/md.c:931:14: acquire_resource: opened here
mbedtls-3.6.5/library/md.c:931:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/md.c:936:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:940:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_file’
#  464|   #if defined(MBEDTLS_SHA224_C)
#  465|           case MBEDTLS_MD_SHA224:
#  466|->             ALLOC(sha256);
#  467|               break;
#  468|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def100]
mbedtls-3.6.5/library/md.c:466:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.md_ctx’
mbedtls-3.6.5/library/md.c:1072:5: enter_function: entry to ‘mbedtls_md_hmac’
mbedtls-3.6.5/library/md.c:1080:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:1084:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:1086:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_hmac’
#  464|   #if defined(MBEDTLS_SHA224_C)
#  465|           case MBEDTLS_MD_SHA224:
#  466|->             ALLOC(sha256);
#  467|               break;
#  468|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def101]
mbedtls-3.6.5/library/md.c:466:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/md.c:919:5: enter_function: entry to ‘mbedtls_md_file’
mbedtls-3.6.5/library/md.c:927:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:931:14: branch_false: ...to here
mbedtls-3.6.5/library/md.c:931:14: acquire_memory: allocated here
mbedtls-3.6.5/library/md.c:931:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/md.c:936:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:940:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_file’
#  464|   #if defined(MBEDTLS_SHA224_C)
#  465|           case MBEDTLS_MD_SHA224:
#  466|->             ALLOC(sha256);
#  467|               break;
#  468|   #endif

Error: GCC_ANALYZER_WARNING (CWE-775): [#def102]
mbedtls-3.6.5/library/md.c:471:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/md.c:919:5: enter_function: entry to ‘mbedtls_md_file’
mbedtls-3.6.5/library/md.c:927:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:931:14: branch_false: ...to here
mbedtls-3.6.5/library/md.c:931:14: acquire_resource: opened here
mbedtls-3.6.5/library/md.c:931:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/md.c:936:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:940:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_file’
#  469|   #if defined(MBEDTLS_SHA256_C)
#  470|           case MBEDTLS_MD_SHA256:
#  471|->             ALLOC(sha256);
#  472|               break;
#  473|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def103]
mbedtls-3.6.5/library/md.c:471:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.md_ctx’
mbedtls-3.6.5/library/md.c:1072:5: enter_function: entry to ‘mbedtls_md_hmac’
mbedtls-3.6.5/library/md.c:1080:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:1084:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:1086:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_hmac’
#  469|   #if defined(MBEDTLS_SHA256_C)
#  470|           case MBEDTLS_MD_SHA256:
#  471|->             ALLOC(sha256);
#  472|               break;
#  473|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def104]
mbedtls-3.6.5/library/md.c:471:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/md.c:919:5: enter_function: entry to ‘mbedtls_md_file’
mbedtls-3.6.5/library/md.c:927:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:931:14: branch_false: ...to here
mbedtls-3.6.5/library/md.c:931:14: acquire_memory: allocated here
mbedtls-3.6.5/library/md.c:931:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/md.c:936:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:940:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_file’
#  469|   #if defined(MBEDTLS_SHA256_C)
#  470|           case MBEDTLS_MD_SHA256:
#  471|->             ALLOC(sha256);
#  472|               break;
#  473|   #endif

Error: GCC_ANALYZER_WARNING (CWE-775): [#def105]
mbedtls-3.6.5/library/md.c:476:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/md.c:919:5: enter_function: entry to ‘mbedtls_md_file’
mbedtls-3.6.5/library/md.c:927:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:931:14: branch_false: ...to here
mbedtls-3.6.5/library/md.c:931:14: acquire_resource: opened here
mbedtls-3.6.5/library/md.c:931:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/md.c:936:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:940:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_file’
#  474|   #if defined(MBEDTLS_SHA384_C)
#  475|           case MBEDTLS_MD_SHA384:
#  476|->             ALLOC(sha512);
#  477|               break;
#  478|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def106]
mbedtls-3.6.5/library/md.c:476:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.md_ctx’
mbedtls-3.6.5/library/md.c:1072:5: enter_function: entry to ‘mbedtls_md_hmac’
mbedtls-3.6.5/library/md.c:1080:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:1084:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:1086:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_hmac’
#  474|   #if defined(MBEDTLS_SHA384_C)
#  475|           case MBEDTLS_MD_SHA384:
#  476|->             ALLOC(sha512);
#  477|               break;
#  478|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def107]
mbedtls-3.6.5/library/md.c:476:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/md.c:919:5: enter_function: entry to ‘mbedtls_md_file’
mbedtls-3.6.5/library/md.c:927:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:931:14: branch_false: ...to here
mbedtls-3.6.5/library/md.c:931:14: acquire_memory: allocated here
mbedtls-3.6.5/library/md.c:931:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/md.c:936:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:940:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_file’
#  474|   #if defined(MBEDTLS_SHA384_C)
#  475|           case MBEDTLS_MD_SHA384:
#  476|->             ALLOC(sha512);
#  477|               break;
#  478|   #endif

Error: GCC_ANALYZER_WARNING (CWE-775): [#def108]
mbedtls-3.6.5/library/md.c:481:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/md.c:919:5: enter_function: entry to ‘mbedtls_md_file’
mbedtls-3.6.5/library/md.c:927:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:931:14: branch_false: ...to here
mbedtls-3.6.5/library/md.c:931:14: acquire_resource: opened here
mbedtls-3.6.5/library/md.c:931:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/md.c:936:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:940:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_file’
#  479|   #if defined(MBEDTLS_SHA512_C)
#  480|           case MBEDTLS_MD_SHA512:
#  481|->             ALLOC(sha512);
#  482|               break;
#  483|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def109]
mbedtls-3.6.5/library/md.c:481:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.md_ctx’
mbedtls-3.6.5/library/md.c:1072:5: enter_function: entry to ‘mbedtls_md_hmac’
mbedtls-3.6.5/library/md.c:1080:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:1084:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:1086:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_hmac’
#  479|   #if defined(MBEDTLS_SHA512_C)
#  480|           case MBEDTLS_MD_SHA512:
#  481|->             ALLOC(sha512);
#  482|               break;
#  483|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def110]
mbedtls-3.6.5/library/md.c:481:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/md.c:919:5: enter_function: entry to ‘mbedtls_md_file’
mbedtls-3.6.5/library/md.c:927:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:931:14: branch_false: ...to here
mbedtls-3.6.5/library/md.c:931:14: acquire_memory: allocated here
mbedtls-3.6.5/library/md.c:931:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/md.c:936:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:940:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_file’
#  479|   #if defined(MBEDTLS_SHA512_C)
#  480|           case MBEDTLS_MD_SHA512:
#  481|->             ALLOC(sha512);
#  482|               break;
#  483|   #endif

Error: GCC_ANALYZER_WARNING (CWE-775): [#def111]
mbedtls-3.6.5/library/md.c:489:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/md.c:919:5: enter_function: entry to ‘mbedtls_md_file’
mbedtls-3.6.5/library/md.c:927:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:931:14: branch_false: ...to here
mbedtls-3.6.5/library/md.c:931:14: acquire_resource: opened here
mbedtls-3.6.5/library/md.c:931:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/md.c:936:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:940:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_file’
#  487|           case MBEDTLS_MD_SHA3_384:
#  488|           case MBEDTLS_MD_SHA3_512:
#  489|->             ALLOC(sha3);
#  490|               break;
#  491|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def112]
mbedtls-3.6.5/library/md.c:489:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.md_ctx’
mbedtls-3.6.5/library/md.c:1072:5: enter_function: entry to ‘mbedtls_md_hmac’
mbedtls-3.6.5/library/md.c:1080:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:1084:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:1086:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_hmac’
#  487|           case MBEDTLS_MD_SHA3_384:
#  488|           case MBEDTLS_MD_SHA3_512:
#  489|->             ALLOC(sha3);
#  490|               break;
#  491|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def113]
mbedtls-3.6.5/library/md.c:489:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/md.c:919:5: enter_function: entry to ‘mbedtls_md_file’
mbedtls-3.6.5/library/md.c:927:8: branch_false: following ‘false’ branch (when ‘md_info’ is non-NULL)...
mbedtls-3.6.5/library/md.c:931:14: branch_false: ...to here
mbedtls-3.6.5/library/md.c:931:14: acquire_memory: allocated here
mbedtls-3.6.5/library/md.c:931:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/md.c:936:5: branch_false: ...to here
mbedtls-3.6.5/library/md.c:940:16: call_function: calling ‘mbedtls_md_setup’ from ‘mbedtls_md_file’
#  487|           case MBEDTLS_MD_SHA3_384:
#  488|           case MBEDTLS_MD_SHA3_512:
#  489|->             ALLOC(sha3);
#  490|               break;
#  491|   #endif

Error: GCC_ANALYZER_WARNING (CWE-775): [#def114]
mbedtls-3.6.5/library/net_sockets.c:188:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘socket(*cur.ai_family, *cur.ai_socktype, *cur.ai_protocol)’
mbedtls-3.6.5/library/net_sockets.c:174:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:180:10: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:180:27: branch_true: following ‘true’ branch (when ‘cur’ is non-NULL)...
mbedtls-3.6.5/library/net_sockets.c:181:19: branch_true: ...to here
mbedtls-3.6.5/library/net_sockets.c:181:19: acquire_resource: socket created here
mbedtls-3.6.5/library/net_sockets.c:183:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:188:13: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:188:12: danger: ‘socket(*cur.ai_family, *cur.ai_socktype, *cur.ai_protocol)’ leaks here
#  186|           }
#  187|   
#  188|->         if (connect(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) == 0) {
#  189|               ret = 0;
#  190|               break;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def115]
mbedtls-3.6.5/library/net_sockets.c:245:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*ctx.fd’
mbedtls-3.6.5/library/net_sockets.c:223:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:229:10: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:229:27: branch_true: following ‘true’ branch (when ‘cur’ is non-NULL)...
mbedtls-3.6.5/library/net_sockets.c:230:19: branch_true: ...to here
mbedtls-3.6.5/library/net_sockets.c:232:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:237:9: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:238:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:245:13: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:245:12: danger: ‘*ctx.fd’ leaks here
#  243|           }
#  244|   
#  245|->         if (bind(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) != 0) {
#  246|               mbedtls_net_close(ctx);
#  247|               ret = MBEDTLS_ERR_NET_BIND_FAILED;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def116]
mbedtls-3.6.5/library/net_sockets.c:253:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*ctx.fd’
mbedtls-3.6.5/library/net_sockets.c:223:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:229:10: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:229:27: branch_true: following ‘true’ branch (when ‘cur’ is non-NULL)...
mbedtls-3.6.5/library/net_sockets.c:230:19: branch_true: ...to here
mbedtls-3.6.5/library/net_sockets.c:232:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:237:9: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:238:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:245:13: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:245:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:252:12: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:252:12: branch_true: following ‘true’ branch (when ‘proto == 0’)...
mbedtls-3.6.5/library/net_sockets.c:253:17: branch_true: ...to here
mbedtls-3.6.5/library/net_sockets.c:253:16: danger: ‘*ctx.fd’ leaks here
#  251|           /* Listen only makes sense for TCP */
#  252|           if (proto == MBEDTLS_NET_PROTO_TCP) {
#  253|->             if (listen(ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG) != 0) {
#  254|                   mbedtls_net_close(ctx);
#  255|                   ret = MBEDTLS_ERR_NET_LISTEN_FAILED;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def117]
mbedtls-3.6.5/library/net_sockets.c:265:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*ctx.fd’
mbedtls-3.6.5/library/net_sockets.c:223:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:229:10: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:229:27: branch_true: following ‘true’ branch (when ‘cur’ is non-NULL)...
mbedtls-3.6.5/library/net_sockets.c:230:19: branch_true: ...to here
mbedtls-3.6.5/library/net_sockets.c:232:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:237:9: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:245:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:252:12: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:265:5: danger: ‘*ctx.fd’ leaks here
#  263|       }
#  264|   
#  265|->     freeaddrinfo(addr_list);
#  266|   
#  267|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def118]
mbedtls-3.6.5/library/net_sockets.c:345:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor
mbedtls-3.6.5/library/net_sockets.c:337:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:339:9: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:337:9: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:343:8: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:343:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/net_sockets.c:345:32: branch_true: ...to here
mbedtls-3.6.5/library/net_sockets.c:345:15: danger: leaks here
#  343|       if (type == SOCK_STREAM) {
#  344|           /* TCP: actual accept() */
#  345|->         ret = client_ctx->fd = (int) accept(bind_ctx->fd,
#  346|                                               (struct sockaddr *) &client_addr, &n);
#  347|       } else {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def119]
mbedtls-3.6.5/library/net_sockets.c:345:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*bind_ctx.fd’
mbedtls-3.6.5/library/net_sockets.c:337:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:339:9: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:337:9: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:343:8: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:343:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/net_sockets.c:345:32: branch_true: ...to here
mbedtls-3.6.5/library/net_sockets.c:345:15: danger: ‘*bind_ctx.fd’ leaks here
#  343|       if (type == SOCK_STREAM) {
#  344|           /* TCP: actual accept() */
#  345|->         ret = client_ctx->fd = (int) accept(bind_ctx->fd,
#  346|                                               (struct sockaddr *) &client_addr, &n);
#  347|       } else {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def120]
mbedtls-3.6.5/library/net_sockets.c:377:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*bind_ctx.fd’
mbedtls-3.6.5/library/net_sockets.c:337:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:339:9: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:337:9: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:343:8: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:343:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:349:14: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:363:8: branch_false: following ‘false’ branch (when ‘ret >= 0’)...
mbedtls-3.6.5/library/net_sockets.c:373:9: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:373:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/net_sockets.c:375:13: branch_true: ...to here
mbedtls-3.6.5/library/net_sockets.c:377:12: danger: ‘*bind_ctx.fd’ leaks here
#  375|           int one = 1;
#  376|   
#  377|->         if (connect(bind_ctx->fd, (struct sockaddr *) &client_addr, n) != 0) {
#  378|               return MBEDTLS_ERR_NET_ACCEPT_FAILED;
#  379|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def121]
mbedtls-3.6.5/library/net_sockets.c:394:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*bind_ctx.fd’
mbedtls-3.6.5/library/net_sockets.c:337:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:339:9: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:337:9: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:343:8: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:343:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:349:14: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:363:8: branch_false: following ‘false’ branch (when ‘ret >= 0’)...
mbedtls-3.6.5/library/net_sockets.c:373:9: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:373:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/net_sockets.c:375:13: branch_true: ...to here
mbedtls-3.6.5/library/net_sockets.c:377:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:381:26: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:385:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:387:42: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:385:13: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:389:13: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:385:13: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:394:13: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:394:12: danger: ‘*bind_ctx.fd’ leaks here
#  392|           }
#  393|   
#  394|->         if (bind(bind_ctx->fd, (struct sockaddr *) &local_addr, n) != 0) {
#  395|               return MBEDTLS_ERR_NET_BIND_FAILED;
#  396|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def122]
mbedtls-3.6.5/library/net_sockets.c:404:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor
mbedtls-3.6.5/library/net_sockets.c:337:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:339:9: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:337:9: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:343:8: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:343:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:349:14: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:363:8: branch_false: following ‘false’ branch (when ‘ret >= 0’)...
mbedtls-3.6.5/library/net_sockets.c:373:9: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:373:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/net_sockets.c:375:13: branch_true: ...to here
mbedtls-3.6.5/library/net_sockets.c:377:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:381:26: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:385:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:387:42: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:385:13: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:389:13: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:385:13: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:394:13: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:394:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:399:8: branch_true: following ‘true’ branch (when ‘client_ip’ is non-NULL)...
mbedtls-3.6.5/library/net_sockets.c:400:13: branch_true: ...to here
mbedtls-3.6.5/library/net_sockets.c:400:12: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/net_sockets.c:402:13: branch_true: ...to here
mbedtls-3.6.5/library/net_sockets.c:404:16: danger: leaks here
#  402|               *cip_len = sizeof(addr4->sin_addr.s_addr);
#  403|   
#  404|->             if (buf_size < *cip_len) {
#  405|                   return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL;
#  406|               }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def123]
mbedtls-3.6.5/library/net_sockets.c:413:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor
mbedtls-3.6.5/library/net_sockets.c:337:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:339:9: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:337:9: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:343:8: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:343:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:349:14: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:363:8: branch_false: following ‘false’ branch (when ‘ret >= 0’)...
mbedtls-3.6.5/library/net_sockets.c:373:9: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:373:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/net_sockets.c:375:13: branch_true: ...to here
mbedtls-3.6.5/library/net_sockets.c:377:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:381:26: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:385:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:387:42: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:385:13: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:389:13: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:385:13: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:394:13: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:394:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:399:8: branch_true: following ‘true’ branch (when ‘client_ip’ is non-NULL)...
mbedtls-3.6.5/library/net_sockets.c:400:13: branch_true: ...to here
mbedtls-3.6.5/library/net_sockets.c:400:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/net_sockets.c:411:13: branch_false: ...to here
mbedtls-3.6.5/library/net_sockets.c:413:16: danger: leaks here
#  411|               *cip_len = sizeof(addr6->sin6_addr.s6_addr);
#  412|   
#  413|->             if (buf_size < *cip_len) {
#  414|                   return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL;
#  415|               }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def124]
mbedtls-3.6.5/library/pem.c:426:16: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/pem.c:287:8: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
mbedtls-3.6.5/library/pem.c:291:28: branch_false: ...to here
mbedtls-3.6.5/library/pem.c:293:8: branch_false: following ‘false’ branch (when ‘s1’ is non-NULL)...
mbedtls-3.6.5/library/pem.c:297:28: branch_false: ...to here
mbedtls-3.6.5/library/pem.c:299:8: branch_false: following ‘false’ branch (when ‘s1 < s2’)...
mbedtls-3.6.5/library/pem.c:303:11: branch_false: ...to here
mbedtls-3.6.5/library/pem.c:310:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/pem.c:311:9: branch_true: ...to here
mbedtls-3.6.5/library/pem.c:408:8: branch_false: following ‘false’ branch (when ‘s1 < s2’)...
mbedtls-3.6.5/library/pem.c:412:61: branch_false: ...to here
mbedtls-3.6.5/library/pem.c:414:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pem.c:418:9: branch_false: ...to here
mbedtls-3.6.5/library/pem.c:418:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pem.c:422:16: branch_false: ...to here
mbedtls-3.6.5/library/pem.c:422:16: acquire_memory: allocated here
mbedtls-3.6.5/library/pem.c:422:8: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
mbedtls-3.6.5/library/pem.c:426:16: branch_false: ...to here
mbedtls-3.6.5/library/pem.c:426:16: danger: ‘buf’ leaks here; was allocated at [(17)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/16)
#  424|       }
#  425|   
#  426|->     if ((ret = mbedtls_base64_decode(buf, len, &len, s1, (size_t) (s2 - s1))) != 0) {
#  427|           mbedtls_zeroize_and_free(buf, len);
#  428|           return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def125]
mbedtls-3.6.5/library/pem.c:522:16: warning[-Wanalyzer-malloc-leak]: leak of ‘encode_buf’
mbedtls-3.6.5/library/pem.c:512:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pem.c:517:8: branch_false: ...to here
mbedtls-3.6.5/library/pem.c:517:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/pem.c:518:24: branch_true: ...to here
mbedtls-3.6.5/library/pem.c:518:24: acquire_memory: allocated here
mbedtls-3.6.5/library/pem.c:517:9: branch_false: following ‘false’ branch (when ‘encode_buf’ is non-NULL)...
mbedtls-3.6.5/library/pem.c:522:16: branch_false: ...to here
mbedtls-3.6.5/library/pem.c:522:16: danger: ‘encode_buf’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  520|       }
#  521|   
#  522|->     if ((ret = mbedtls_base64_encode(encode_buf, use_len, &use_len, der_data,
#  523|                                        der_len)) != 0) {
#  524|           mbedtls_free(encode_buf);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def126]
mbedtls-3.6.5/library/pk.c:1360:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
mbedtls-3.6.5/library/pk.c:1296:5: enter_function: entry to ‘mbedtls_pk_sign_ext’
mbedtls-3.6.5/library/pk.c:1304:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pk.c:1308:10: branch_false: ...to here
mbedtls-3.6.5/library/pk.c:1308:10: call_function: calling ‘mbedtls_pk_can_do’ from ‘mbedtls_pk_sign_ext’
mbedtls-3.6.5/library/pk.c:1308:10: return_function: returning to ‘mbedtls_pk_sign_ext’ from ‘mbedtls_pk_can_do’
mbedtls-3.6.5/library/pk.c:1308:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pk.c:1312:8: branch_false: ...to here
mbedtls-3.6.5/library/pk.c:1312:8: branch_false: following ‘false’ branch (when ‘pk_type == 6’)...
mbedtls-3.6.5/library/pk.c:1347:20: call_function: inlined call to ‘mbedtls_pk_get_len’ from ‘mbedtls_pk_sign_ext’
mbedtls-3.6.5/library/pk.c:1347:20: call_function: inlined call to ‘mbedtls_pk_get_len’ from ‘mbedtls_pk_sign_ext’
mbedtls-3.6.5/library/pk.c:1347:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pk.c:1351:9: branch_false: ...to here
mbedtls-3.6.5/library/pk.c:1351:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pk.c:1355:42: call_function: inlined call to ‘mbedtls_pk_rsa’ from ‘mbedtls_pk_sign_ext’
mbedtls-3.6.5/library/pk.c:1355:42: call_function: inlined call to ‘mbedtls_pk_rsa’ from ‘mbedtls_pk_sign_ext’
mbedtls-3.6.5/library/pk.c:1355:42: branch_false: ...to here
mbedtls-3.6.5/library/pk.c:1359:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/pk.c:1360:20: branch_true: ...to here
mbedtls-3.6.5/library/pk.c:1360:20: danger: dereference of NULL ‘<unknown>’
# 1358|                                                                 (unsigned int) hash_len, hash, sig);
# 1359|       if (ret == 0) {
# 1360|->         *sig_len = rsa_ctx->len;
# 1361|       }
# 1362|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def127]
mbedtls-3.6.5/library/pk_internal.h:62:13: warning[-Wanalyzer-malloc-leak]: leak of ‘output_buf’
mbedtls-3.6.5/library/pkwrite.c:579:5: enter_function: entry to ‘mbedtls_pk_write_key_pem’
mbedtls-3.6.5/library/pkwrite.c:583:18: acquire_memory: allocated here
mbedtls-3.6.5/library/pkwrite.c:584:8: branch_false: following ‘false’ branch (when ‘output_buf’ is non-NULL)...
mbedtls-3.6.5/library/pkwrite.c:588:12: branch_false: ...to here
mbedtls-3.6.5/library/pkwrite.c:590:16: call_function: calling ‘mbedtls_pk_write_key_der’ from ‘mbedtls_pk_write_key_pem’
#   60|   static inline const mbedtls_ecp_keypair *mbedtls_pk_ec_ro(const mbedtls_pk_context pk)
#   61|   {
#   62|->     switch (mbedtls_pk_get_type(&pk)) {
#   63|           case MBEDTLS_PK_ECKEY:
#   64|           case MBEDTLS_PK_ECKEY_DH:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def128]
mbedtls-3.6.5/library/pk_internal.h:74:13: warning[-Wanalyzer-malloc-leak]: leak of ‘output_buf’
mbedtls-3.6.5/library/pkwrite.c:579:5: enter_function: entry to ‘mbedtls_pk_write_key_pem’
mbedtls-3.6.5/library/pkwrite.c:583:18: acquire_memory: allocated here
mbedtls-3.6.5/library/pkwrite.c:584:8: branch_false: following ‘false’ branch (when ‘output_buf’ is non-NULL)...
mbedtls-3.6.5/library/pkwrite.c:588:12: branch_false: ...to here
mbedtls-3.6.5/library/pkwrite.c:590:16: call_function: calling ‘mbedtls_pk_write_key_der’ from ‘mbedtls_pk_write_key_pem’
#   72|   static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk)
#   73|   {
#   74|->     switch (mbedtls_pk_get_type(&pk)) {
#   75|           case MBEDTLS_PK_ECKEY:
#   76|           case MBEDTLS_PK_ECKEY_DH:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def129]
mbedtls-3.6.5/library/pk_wrap.c:459:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
mbedtls-3.6.5/library/pk_wrap.c:456:17: acquire_memory: allocated here
mbedtls-3.6.5/library/pk_wrap.c:458:8: branch_true: following ‘true’ branch (when ‘ctx’ is non-NULL)...
mbedtls-3.6.5/library/pk_wrap.c:459:9: branch_true: ...to here
mbedtls-3.6.5/library/pk_wrap.c:459:9: danger: ‘ctx’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  457|   
#  458|       if (ctx != NULL) {
#  459|->         mbedtls_rsa_init((mbedtls_rsa_context *) ctx);
#  460|       }
#  461|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def130]
mbedtls-3.6.5/library/pk_wrap.c:1086:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
mbedtls-3.6.5/library/pk_wrap.c:1083:17: acquire_memory: allocated here
mbedtls-3.6.5/library/pk_wrap.c:1085:8: branch_true: following ‘true’ branch (when ‘ctx’ is non-NULL)...
mbedtls-3.6.5/library/pk_wrap.c:1086:9: branch_true: ...to here
mbedtls-3.6.5/library/pk_wrap.c:1086:9: danger: ‘ctx’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
# 1084|   
# 1085|       if (ctx != NULL) {
# 1086|->         mbedtls_ecp_keypair_init(ctx);
# 1087|       }
# 1088|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def131]
mbedtls-3.6.5/library/pkcs7.c:681:24: warning[-Wanalyzer-malloc-leak]: leak of ‘hash’
mbedtls-3.6.5/library/pkcs7.c:655:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:659:9: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:659:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:660:9: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:659:9: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:664:34: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:665:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:669:15: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:670:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:674:27: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:674:12: acquire_memory: allocated here
mbedtls-3.6.5/library/pkcs7.c:675:8: branch_false: following ‘false’ branch (when ‘hash’ is non-NULL)...
mbedtls-3.6.5/library/pkcs7.c:680:8: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:680:8: branch_true: following ‘true’ branch (when ‘is_data_hash != 0’)...
mbedtls-3.6.5/library/pkcs7.c:681:24: branch_true: ...to here
mbedtls-3.6.5/library/pkcs7.c:681:24: danger: ‘hash’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10)
#  679|       /* BEGIN must free hash before jumping out */
#  680|       if (is_data_hash) {
#  681|->         if (datalen != mbedtls_md_get_size(md_info)) {
#  682|               ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
#  683|           } else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def132]
mbedtls-3.6.5/library/pkcs7.c:687:15: warning[-Wanalyzer-malloc-leak]: leak of ‘hash’
mbedtls-3.6.5/library/pkcs7.c:655:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:659:9: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:659:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:660:9: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:659:9: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:664:34: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:665:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:669:15: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:670:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:674:27: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:674:12: acquire_memory: allocated here
mbedtls-3.6.5/library/pkcs7.c:675:8: branch_false: following ‘false’ branch (when ‘hash’ is non-NULL)...
mbedtls-3.6.5/library/pkcs7.c:680:8: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:680:8: branch_false: following ‘false’ branch (when ‘is_data_hash == 0’)...
mbedtls-3.6.5/library/pkcs7.c:687:15: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:687:15: danger: ‘hash’ leaks here; was allocated at [(11)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/10)
#  685|           }
#  686|       } else {
#  687|->         ret = mbedtls_md(md_info, data, datalen, hash);
#  688|       }
#  689|       if (ret != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def133]
mbedtls-3.6.5/library/pkcs7.c:708:15: warning[-Wanalyzer-malloc-leak]: leak of ‘hash’
mbedtls-3.6.5/library/pkcs7.c:655:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:659:9: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:659:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:660:9: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:659:9: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:664:34: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:665:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:669:15: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:670:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:674:27: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:674:12: acquire_memory: allocated here
mbedtls-3.6.5/library/pkcs7.c:675:8: branch_false: following ‘false’ branch (when ‘hash’ is non-NULL)...
mbedtls-3.6.5/library/pkcs7.c:680:8: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:680:8: branch_true: following ‘true’ branch (when ‘is_data_hash != 0’)...
mbedtls-3.6.5/library/pkcs7.c:681:24: branch_true: ...to here
mbedtls-3.6.5/library/pkcs7.c:681:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:684:13: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:689:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
mbedtls-3.6.5/library/pkcs7.c:707:10: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:707:48: branch_true: following ‘true’ branch (when ‘signer’ is non-NULL)...
mbedtls-3.6.5/library/pkcs7.c:708:15: branch_true: ...to here
mbedtls-3.6.5/library/pkcs7.c:708:15: danger: ‘hash’ leaks here; was allocated at [(11)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/10)
#  706|        */
#  707|       for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) {
#  708|->         ret = mbedtls_pk_verify(&pk_cxt, md_alg, hash,
#  709|                                   mbedtls_md_get_size(md_info),
#  710|                                   signer->sig.p, signer->sig.len);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def134]
mbedtls-3.6.5/library/pkcs7.c:709:33: warning[-Wanalyzer-malloc-leak]: leak of ‘hash’
mbedtls-3.6.5/library/pkcs7.c:655:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:659:9: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:659:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:660:9: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:659:9: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:664:34: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:665:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:669:15: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:670:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:674:27: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:674:12: acquire_memory: allocated here
mbedtls-3.6.5/library/pkcs7.c:675:8: branch_false: following ‘false’ branch (when ‘hash’ is non-NULL)...
mbedtls-3.6.5/library/pkcs7.c:680:8: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:680:8: branch_true: following ‘true’ branch (when ‘is_data_hash != 0’)...
mbedtls-3.6.5/library/pkcs7.c:681:24: branch_true: ...to here
mbedtls-3.6.5/library/pkcs7.c:681:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkcs7.c:684:13: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:689:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
mbedtls-3.6.5/library/pkcs7.c:707:10: branch_false: ...to here
mbedtls-3.6.5/library/pkcs7.c:707:48: branch_true: following ‘true’ branch (when ‘signer’ is non-NULL)...
mbedtls-3.6.5/library/pkcs7.c:708:15: branch_true: ...to here
mbedtls-3.6.5/library/pkcs7.c:709:33: danger: ‘hash’ leaks here; was allocated at [(11)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/10)
#  707|       for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) {
#  708|           ret = mbedtls_pk_verify(&pk_cxt, md_alg, hash,
#  709|->                                 mbedtls_md_get_size(md_info),
#  710|                                   signer->sig.p, signer->sig.len);
#  711|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def135]
mbedtls-3.6.5/library/pkparse.c:990:5: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/pkparse.c:1347:5: enter_function: entry to ‘mbedtls_pk_parse_keyfile’
mbedtls-3.6.5/library/pkparse.c:1355:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_keyfile’
mbedtls-3.6.5/library/pkparse.c:1355:16: return_function: returning to ‘mbedtls_pk_parse_keyfile’ from ‘mbedtls_pk_load_file’
mbedtls-3.6.5/library/pkparse.c:1355:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkparse.c:1359:8: branch_false: ...to here
mbedtls-3.6.5/library/pkparse.c:1359:8: branch_true: following ‘true’ branch (when ‘pwd’ is NULL)...
mbedtls-3.6.5/library/pkparse.c:1360:15: branch_true: ...to here
mbedtls-3.6.5/library/pkparse.c:1360:15: call_function: calling ‘mbedtls_pk_parse_key’ from ‘mbedtls_pk_parse_keyfile’
#  988|   
#  989|   #if defined(MBEDTLS_PEM_PARSE_C)
#  990|->     mbedtls_pem_init(&pem);
#  991|   
#  992|   #if defined(MBEDTLS_RSA_C)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def136]
mbedtls-3.6.5/library/pkparse.c:997:15: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/pkparse.c:1347:5: enter_function: entry to ‘mbedtls_pk_parse_keyfile’
mbedtls-3.6.5/library/pkparse.c:1355:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_keyfile’
mbedtls-3.6.5/library/pkparse.c:1355:16: return_function: returning to ‘mbedtls_pk_parse_keyfile’ from ‘mbedtls_pk_load_file’
mbedtls-3.6.5/library/pkparse.c:1355:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkparse.c:1359:8: branch_false: ...to here
mbedtls-3.6.5/library/pkparse.c:1359:8: branch_true: following ‘true’ branch (when ‘pwd’ is NULL)...
mbedtls-3.6.5/library/pkparse.c:1360:15: branch_true: ...to here
mbedtls-3.6.5/library/pkparse.c:1360:15: call_function: calling ‘mbedtls_pk_parse_key’ from ‘mbedtls_pk_parse_keyfile’
#  995|           ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
#  996|       } else {
#  997|->         ret = mbedtls_pem_read_buffer(&pem,
#  998|                                         PEM_BEGIN_PRIVATE_KEY_RSA, PEM_END_PRIVATE_KEY_RSA,
#  999|                                         key, pwd, pwdlen, &len);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def137]
mbedtls-3.6.5/library/pkparse.c:1003:19: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/pkparse.c:1347:5: enter_function: entry to ‘mbedtls_pk_parse_keyfile’
mbedtls-3.6.5/library/pkparse.c:1355:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_keyfile’
mbedtls-3.6.5/library/pkparse.c:1355:16: return_function: returning to ‘mbedtls_pk_parse_keyfile’ from ‘mbedtls_pk_load_file’
mbedtls-3.6.5/library/pkparse.c:1355:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkparse.c:1359:8: branch_false: ...to here
mbedtls-3.6.5/library/pkparse.c:1359:8: branch_true: following ‘true’ branch (when ‘pwd’ is NULL)...
mbedtls-3.6.5/library/pkparse.c:1360:15: branch_true: ...to here
mbedtls-3.6.5/library/pkparse.c:1360:15: call_function: calling ‘mbedtls_pk_parse_key’ from ‘mbedtls_pk_parse_keyfile’
# 1001|   
# 1002|       if (ret == 0) {
# 1003|->         pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA);
# 1004|           if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 ||
# 1005|               (ret = mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk),

Error: GCC_ANALYZER_WARNING (CWE-401): [#def138]
mbedtls-3.6.5/library/pkparse.c:1004:20: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/pkparse.c:1347:5: enter_function: entry to ‘mbedtls_pk_parse_keyfile’
mbedtls-3.6.5/library/pkparse.c:1355:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_keyfile’
mbedtls-3.6.5/library/pkparse.c:1355:16: return_function: returning to ‘mbedtls_pk_parse_keyfile’ from ‘mbedtls_pk_load_file’
mbedtls-3.6.5/library/pkparse.c:1355:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkparse.c:1359:8: branch_false: ...to here
mbedtls-3.6.5/library/pkparse.c:1359:8: branch_true: following ‘true’ branch (when ‘pwd’ is NULL)...
mbedtls-3.6.5/library/pkparse.c:1360:15: branch_true: ...to here
mbedtls-3.6.5/library/pkparse.c:1360:15: call_function: calling ‘mbedtls_pk_parse_key’ from ‘mbedtls_pk_parse_keyfile’
# 1002|       if (ret == 0) {
# 1003|           pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA);
# 1004|->         if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 ||
# 1005|               (ret = mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk),
# 1006|                                            pem.buf, pem.buflen)) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def139]
mbedtls-3.6.5/library/pkparse.c:1005:20: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/pkparse.c:1347:5: enter_function: entry to ‘mbedtls_pk_parse_keyfile’
mbedtls-3.6.5/library/pkparse.c:1355:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_keyfile’
mbedtls-3.6.5/library/pkparse.c:1355:16: return_function: returning to ‘mbedtls_pk_parse_keyfile’ from ‘mbedtls_pk_load_file’
mbedtls-3.6.5/library/pkparse.c:1355:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkparse.c:1359:8: branch_false: ...to here
mbedtls-3.6.5/library/pkparse.c:1359:8: branch_true: following ‘true’ branch (when ‘pwd’ is NULL)...
mbedtls-3.6.5/library/pkparse.c:1360:15: branch_true: ...to here
mbedtls-3.6.5/library/pkparse.c:1360:15: call_function: calling ‘mbedtls_pk_parse_key’ from ‘mbedtls_pk_parse_keyfile’
# 1003|           pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA);
# 1004|           if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 ||
# 1005|->             (ret = mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk),
# 1006|                                            pem.buf, pem.buflen)) != 0) {
# 1007|               mbedtls_pk_free(pk);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def140]
mbedtls-3.6.5/library/pkparse.c:1007:13: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/pkparse.c:1347:5: enter_function: entry to ‘mbedtls_pk_parse_keyfile’
mbedtls-3.6.5/library/pkparse.c:1355:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_keyfile’
mbedtls-3.6.5/library/pkparse.c:1355:16: return_function: returning to ‘mbedtls_pk_parse_keyfile’ from ‘mbedtls_pk_load_file’
mbedtls-3.6.5/library/pkparse.c:1355:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkparse.c:1359:8: branch_false: ...to here
mbedtls-3.6.5/library/pkparse.c:1359:8: branch_true: following ‘true’ branch (when ‘pwd’ is NULL)...
mbedtls-3.6.5/library/pkparse.c:1360:15: branch_true: ...to here
mbedtls-3.6.5/library/pkparse.c:1360:15: call_function: calling ‘mbedtls_pk_parse_key’ from ‘mbedtls_pk_parse_keyfile’
# 1005|               (ret = mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk),
# 1006|                                            pem.buf, pem.buflen)) != 0) {
# 1007|->             mbedtls_pk_free(pk);
# 1008|           }
# 1009|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def141]
mbedtls-3.6.5/library/pkparse.c:1010:9: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/pkparse.c:1347:5: enter_function: entry to ‘mbedtls_pk_parse_keyfile’
mbedtls-3.6.5/library/pkparse.c:1355:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_keyfile’
mbedtls-3.6.5/library/pkparse.c:1355:16: return_function: returning to ‘mbedtls_pk_parse_keyfile’ from ‘mbedtls_pk_load_file’
mbedtls-3.6.5/library/pkparse.c:1355:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkparse.c:1359:8: branch_false: ...to here
mbedtls-3.6.5/library/pkparse.c:1359:8: branch_false: following ‘false’ branch (when ‘pwd’ is non-NULL)...
mbedtls-3.6.5/library/pkparse.c:1363:65: branch_false: ...to here
mbedtls-3.6.5/library/pkparse.c:1362:15: call_function: calling ‘mbedtls_pk_parse_key’ from ‘mbedtls_pk_parse_keyfile’
# 1008|           }
# 1009|   
# 1010|->         mbedtls_pem_free(&pem);
# 1011|           return ret;
# 1012|       } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def142]
mbedtls-3.6.5/library/pkparse.c:1198:5: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/pkparse.c:1374:5: enter_function: entry to ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: return_function: returning to ‘mbedtls_pk_parse_public_keyfile’ from ‘mbedtls_pk_load_file’
mbedtls-3.6.5/library/pkparse.c:1380:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkparse.c:1384:11: branch_false: ...to here
mbedtls-3.6.5/library/pkparse.c:1384:11: call_function: calling ‘mbedtls_pk_parse_public_key’ from ‘mbedtls_pk_parse_public_keyfile’
# 1196|   
# 1197|   #if defined(MBEDTLS_PEM_PARSE_C)
# 1198|->     mbedtls_pem_init(&pem);
# 1199|   #if defined(MBEDTLS_RSA_C)
# 1200|       /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def143]
mbedtls-3.6.5/library/pkparse.c:1204:15: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/pkparse.c:1374:5: enter_function: entry to ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: return_function: returning to ‘mbedtls_pk_parse_public_keyfile’ from ‘mbedtls_pk_load_file’
mbedtls-3.6.5/library/pkparse.c:1380:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkparse.c:1384:11: branch_false: ...to here
mbedtls-3.6.5/library/pkparse.c:1384:11: call_function: calling ‘mbedtls_pk_parse_public_key’ from ‘mbedtls_pk_parse_public_keyfile’
# 1202|           ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
# 1203|       } else {
# 1204|->         ret = mbedtls_pem_read_buffer(&pem,
# 1205|                                         PEM_BEGIN_PUBLIC_KEY_RSA, PEM_END_PUBLIC_KEY_RSA,
# 1206|                                         key, NULL, 0, &len);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def144]
mbedtls-3.6.5/library/pkparse.c:1211:24: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/pkparse.c:1374:5: enter_function: entry to ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: return_function: returning to ‘mbedtls_pk_parse_public_keyfile’ from ‘mbedtls_pk_load_file’
mbedtls-3.6.5/library/pkparse.c:1380:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkparse.c:1384:11: branch_false: ...to here
mbedtls-3.6.5/library/pkparse.c:1384:11: call_function: calling ‘mbedtls_pk_parse_public_key’ from ‘mbedtls_pk_parse_public_keyfile’
# 1209|       if (ret == 0) {
# 1210|           p = pem.buf;
# 1211|->         if ((pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == NULL) {
# 1212|               mbedtls_pem_free(&pem);
# 1213|               return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def145]
mbedtls-3.6.5/library/pkparse.c:1212:13: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/pkparse.c:1374:5: enter_function: entry to ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: return_function: returning to ‘mbedtls_pk_parse_public_keyfile’ from ‘mbedtls_pk_load_file’
mbedtls-3.6.5/library/pkparse.c:1380:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkparse.c:1384:11: branch_false: ...to here
mbedtls-3.6.5/library/pkparse.c:1384:11: call_function: calling ‘mbedtls_pk_parse_public_key’ from ‘mbedtls_pk_parse_public_keyfile’
# 1210|           p = pem.buf;
# 1211|           if ((pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == NULL) {
# 1212|->             mbedtls_pem_free(&pem);
# 1213|               return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
# 1214|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def146]
mbedtls-3.6.5/library/pkparse.c:1216:20: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/pkparse.c:1374:5: enter_function: entry to ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: return_function: returning to ‘mbedtls_pk_parse_public_keyfile’ from ‘mbedtls_pk_load_file’
mbedtls-3.6.5/library/pkparse.c:1380:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkparse.c:1384:11: branch_false: ...to here
mbedtls-3.6.5/library/pkparse.c:1384:11: call_function: calling ‘mbedtls_pk_parse_public_key’ from ‘mbedtls_pk_parse_public_keyfile’
# 1214|           }
# 1215|   
# 1216|->         if ((ret = mbedtls_pk_setup(ctx, pk_info)) != 0) {
# 1217|               mbedtls_pem_free(&pem);
# 1218|               return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def147]
mbedtls-3.6.5/library/pkparse.c:1217:13: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/pkparse.c:1374:5: enter_function: entry to ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: return_function: returning to ‘mbedtls_pk_parse_public_keyfile’ from ‘mbedtls_pk_load_file’
mbedtls-3.6.5/library/pkparse.c:1380:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkparse.c:1384:11: branch_false: ...to here
mbedtls-3.6.5/library/pkparse.c:1384:11: call_function: calling ‘mbedtls_pk_parse_public_key’ from ‘mbedtls_pk_parse_public_keyfile’
# 1215|   
# 1216|           if ((ret = mbedtls_pk_setup(ctx, pk_info)) != 0) {
# 1217|->             mbedtls_pem_free(&pem);
# 1218|               return ret;
# 1219|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def148]
mbedtls-3.6.5/library/pkparse.c:1255:5: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/pkparse.c:1374:5: enter_function: entry to ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: return_function: returning to ‘mbedtls_pk_parse_public_keyfile’ from ‘mbedtls_pk_load_file’
mbedtls-3.6.5/library/pkparse.c:1380:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkparse.c:1384:11: branch_false: ...to here
mbedtls-3.6.5/library/pkparse.c:1384:11: call_function: calling ‘mbedtls_pk_parse_public_key’ from ‘mbedtls_pk_parse_public_keyfile’
# 1253|           return ret;
# 1254|       }
# 1255|->     mbedtls_pem_free(&pem);
# 1256|   #endif /* MBEDTLS_PEM_PARSE_C */
# 1257|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def149]
mbedtls-3.6.5/library/pkparse.c:1259:20: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/pkparse.c:1374:5: enter_function: entry to ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: return_function: returning to ‘mbedtls_pk_parse_public_keyfile’ from ‘mbedtls_pk_load_file’
mbedtls-3.6.5/library/pkparse.c:1380:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/pkparse.c:1384:11: branch_false: ...to here
mbedtls-3.6.5/library/pkparse.c:1384:11: call_function: calling ‘mbedtls_pk_parse_public_key’ from ‘mbedtls_pk_parse_public_keyfile’
# 1257|   
# 1258|   #if defined(MBEDTLS_RSA_C)
# 1259|->     if ((pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == NULL) {
# 1260|           return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
# 1261|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def150]
mbedtls-3.6.5/library/pkparse.c:1310:5: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/pkparse.c:1374:5: enter_function: entry to ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_public_keyfile’
# 1308|       mbedtls_setbuf(f, NULL);
# 1309|   
# 1310|->     fseek(f, 0, SEEK_END);
# 1311|       if ((size = ftell(f)) == -1) {
# 1312|           fclose(f);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def151]
mbedtls-3.6.5/library/pkparse.c:1310:5: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/pkparse.c:1374:5: enter_function: entry to ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_public_keyfile’
# 1308|       mbedtls_setbuf(f, NULL);
# 1309|   
# 1310|->     fseek(f, 0, SEEK_END);
# 1311|       if ((size = ftell(f)) == -1) {
# 1312|           fclose(f);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def152]
mbedtls-3.6.5/library/pkparse.c:1311:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/pkparse.c:1374:5: enter_function: entry to ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_public_keyfile’
# 1309|   
# 1310|       fseek(f, 0, SEEK_END);
# 1311|->     if ((size = ftell(f)) == -1) {
# 1312|           fclose(f);
# 1313|           return MBEDTLS_ERR_PK_FILE_IO_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def153]
mbedtls-3.6.5/library/pkparse.c:1311:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/pkparse.c:1374:5: enter_function: entry to ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_public_keyfile’
# 1309|   
# 1310|       fseek(f, 0, SEEK_END);
# 1311|->     if ((size = ftell(f)) == -1) {
# 1312|           fclose(f);
# 1313|           return MBEDTLS_ERR_PK_FILE_IO_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def154]
mbedtls-3.6.5/library/pkparse.c:1315:5: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "rb")’
mbedtls-3.6.5/library/pkparse.c:1374:5: enter_function: entry to ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_public_keyfile’
# 1313|           return MBEDTLS_ERR_PK_FILE_IO_ERROR;
# 1314|       }
# 1315|->     fseek(f, 0, SEEK_SET);
# 1316|   
# 1317|       *n = (size_t) size;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def155]
mbedtls-3.6.5/library/pkparse.c:1315:5: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "rb")’
mbedtls-3.6.5/library/pkparse.c:1374:5: enter_function: entry to ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_public_keyfile’
# 1313|           return MBEDTLS_ERR_PK_FILE_IO_ERROR;
# 1314|       }
# 1315|->     fseek(f, 0, SEEK_SET);
# 1316|   
# 1317|       *n = (size_t) size;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def156]
mbedtls-3.6.5/library/pkparse.c:1328:9: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/pkparse.c:1374:5: enter_function: entry to ‘mbedtls_pk_parse_public_keyfile’
mbedtls-3.6.5/library/pkparse.c:1380:16: call_function: calling ‘mbedtls_pk_load_file’ from ‘mbedtls_pk_parse_public_keyfile’
# 1326|           fclose(f);
# 1327|   
# 1328|->         mbedtls_zeroize_and_free(*buf, *n);
# 1329|   
# 1330|           return MBEDTLS_ERR_PK_FILE_IO_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def157]
mbedtls-3.6.5/library/pkwrite.c:85:12: warning[-Wanalyzer-malloc-leak]: leak of ‘output_buf’
mbedtls-3.6.5/library/pkwrite.c:579:5: enter_function: entry to ‘mbedtls_pk_write_key_pem’
mbedtls-3.6.5/library/pkwrite.c:583:18: acquire_memory: allocated here
mbedtls-3.6.5/library/pkwrite.c:584:8: branch_false: following ‘false’ branch (when ‘output_buf’ is non-NULL)...
mbedtls-3.6.5/library/pkwrite.c:588:12: branch_false: ...to here
mbedtls-3.6.5/library/pkwrite.c:590:16: call_function: calling ‘mbedtls_pk_write_key_der’ from ‘mbedtls_pk_write_key_pem’
#   83|       }
#   84|   #endif /* MBEDTLS_USE_PSA_CRYPTO */
#   85|->     return mbedtls_rsa_write_key(mbedtls_pk_rsa(*pk), buf, p);
#   86|   }
#   87|   #endif /* MBEDTLS_RSA_C */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def158]
mbedtls-3.6.5/library/pkwrite.c:142:20: warning[-Wanalyzer-malloc-leak]: leak of ‘output_buf’
mbedtls-3.6.5/library/pkwrite.c:552:5: enter_function: entry to ‘mbedtls_pk_write_pubkey_pem’
mbedtls-3.6.5/library/pkwrite.c:556:18: acquire_memory: allocated here
mbedtls-3.6.5/library/pkwrite.c:557:8: branch_false: following ‘false’ branch (when ‘output_buf’ is non-NULL)...
mbedtls-3.6.5/library/pkwrite.c:560:12: branch_false: ...to here
mbedtls-3.6.5/library/pkwrite.c:562:16: call_function: calling ‘mbedtls_pk_write_pubkey_der’ from ‘mbedtls_pk_write_pubkey_pem’
#  140|   #endif /* MBEDTLS_USE_PSA_CRYPTO */
#  141|       {
#  142|->         if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q,
#  143|                                                     MBEDTLS_ECP_PF_UNCOMPRESSED,
#  144|                                                     &len, buf, sizeof(buf))) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def159]
mbedtls-3.6.5/library/pkwrite.c:213:15: warning[-Wanalyzer-malloc-leak]: leak of ‘output_buf’
mbedtls-3.6.5/library/pkwrite.c:579:5: enter_function: entry to ‘mbedtls_pk_write_key_pem’
mbedtls-3.6.5/library/pkwrite.c:583:18: acquire_memory: allocated here
mbedtls-3.6.5/library/pkwrite.c:584:8: branch_false: following ‘false’ branch (when ‘output_buf’ is non-NULL)...
mbedtls-3.6.5/library/pkwrite.c:588:12: branch_false: ...to here
mbedtls-3.6.5/library/pkwrite.c:590:16: call_function: calling ‘mbedtls_pk_write_key_der’ from ‘mbedtls_pk_write_key_pem’
#  211|           byte_length = (ec->grp.pbits + 7) / 8;
#  212|   
#  213|->         ret = mbedtls_ecp_write_key_ext(ec, &byte_length, tmp, sizeof(tmp));
#  214|           if (ret != 0) {
#  215|               goto exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def160]
mbedtls-3.6.5/library/pkwrite.c:218:11: warning[-Wanalyzer-malloc-leak]: leak of ‘output_buf’
mbedtls-3.6.5/library/pkwrite.c:579:5: enter_function: entry to ‘mbedtls_pk_write_key_pem’
mbedtls-3.6.5/library/pkwrite.c:583:18: acquire_memory: allocated here
mbedtls-3.6.5/library/pkwrite.c:584:8: branch_false: following ‘false’ branch (when ‘output_buf’ is non-NULL)...
mbedtls-3.6.5/library/pkwrite.c:588:12: branch_false: ...to here
mbedtls-3.6.5/library/pkwrite.c:590:16: call_function: calling ‘mbedtls_pk_write_key_der’ from ‘mbedtls_pk_write_key_pem’
#  216|           }
#  217|       }
#  218|->     ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length);
#  219|   exit:
#  220|       mbedtls_platform_zeroize(tmp, sizeof(tmp));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def161]
mbedtls-3.6.5/library/pkwrite.c:391:33: warning[-Wanalyzer-malloc-leak]: leak of ‘output_buf’
mbedtls-3.6.5/library/pkwrite.c:579:5: enter_function: entry to ‘mbedtls_pk_write_key_pem’
mbedtls-3.6.5/library/pkwrite.c:583:18: acquire_memory: allocated here
mbedtls-3.6.5/library/pkwrite.c:584:8: branch_false: following ‘false’ branch (when ‘output_buf’ is non-NULL)...
mbedtls-3.6.5/library/pkwrite.c:588:12: branch_false: ...to here
mbedtls-3.6.5/library/pkwrite.c:590:16: call_function: calling ‘mbedtls_pk_write_key_der’ from ‘mbedtls_pk_write_key_pem’
#  389|   static mbedtls_pk_type_t pk_get_type_ext(const mbedtls_pk_context *pk)
#  390|   {
#  391|->     mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk);
#  392|   
#  393|   #if defined(MBEDTLS_USE_PSA_CRYPTO)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def162]
mbedtls-3.6.5/library/pkwrite.c:426:9: warning[-Wanalyzer-malloc-leak]: leak of ‘output_buf’
mbedtls-3.6.5/library/pkwrite.c:552:5: enter_function: entry to ‘mbedtls_pk_write_pubkey_pem’
mbedtls-3.6.5/library/pkwrite.c:556:18: acquire_memory: allocated here
mbedtls-3.6.5/library/pkwrite.c:557:8: branch_false: following ‘false’ branch (when ‘output_buf’ is non-NULL)...
mbedtls-3.6.5/library/pkwrite.c:560:12: branch_false: ...to here
mbedtls-3.6.5/library/pkwrite.c:562:16: call_function: calling ‘mbedtls_pk_write_pubkey_der’ from ‘mbedtls_pk_write_pubkey_pem’
#  424|   
#  425|   #if defined(MBEDTLS_RSA_C)
#  426|->     if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
#  427|           MBEDTLS_ASN1_CHK_ADD(len, mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(*key), start, p));
#  428|       } else

Error: GCC_ANALYZER_WARNING (CWE-401): [#def163]
mbedtls-3.6.5/library/pkwrite.c:427:9: warning[-Wanalyzer-malloc-leak]: leak of ‘output_buf’
mbedtls-3.6.5/library/pkwrite.c:552:5: enter_function: entry to ‘mbedtls_pk_write_pubkey_pem’
mbedtls-3.6.5/library/pkwrite.c:556:18: acquire_memory: allocated here
mbedtls-3.6.5/library/pkwrite.c:557:8: branch_false: following ‘false’ branch (when ‘output_buf’ is non-NULL)...
mbedtls-3.6.5/library/pkwrite.c:560:12: branch_false: ...to here
mbedtls-3.6.5/library/pkwrite.c:562:16: call_function: calling ‘mbedtls_pk_write_pubkey_der’ from ‘mbedtls_pk_write_pubkey_pem’
#  425|   #if defined(MBEDTLS_RSA_C)
#  426|       if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
#  427|->         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(*key), start, p));
#  428|       } else
#  429|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def164]
mbedtls-3.6.5/library/pkwrite.c:431:9: warning[-Wanalyzer-malloc-leak]: leak of ‘output_buf’
mbedtls-3.6.5/library/pkwrite.c:552:5: enter_function: entry to ‘mbedtls_pk_write_pubkey_pem’
mbedtls-3.6.5/library/pkwrite.c:556:18: acquire_memory: allocated here
mbedtls-3.6.5/library/pkwrite.c:557:8: branch_false: following ‘false’ branch (when ‘output_buf’ is non-NULL)...
mbedtls-3.6.5/library/pkwrite.c:560:12: branch_false: ...to here
mbedtls-3.6.5/library/pkwrite.c:562:16: call_function: calling ‘mbedtls_pk_write_pubkey_der’ from ‘mbedtls_pk_write_pubkey_pem’
#  429|   #endif
#  430|   #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#  431|->     if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
#  432|           MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key));
#  433|       } else

Error: GCC_ANALYZER_WARNING (CWE-401): [#def165]
mbedtls-3.6.5/library/pkwrite.c:474:5: warning[-Wanalyzer-malloc-leak]: leak of ‘output_buf’
mbedtls-3.6.5/library/pkwrite.c:552:5: enter_function: entry to ‘mbedtls_pk_write_pubkey_pem’
mbedtls-3.6.5/library/pkwrite.c:556:18: acquire_memory: allocated here
mbedtls-3.6.5/library/pkwrite.c:557:8: branch_false: following ‘false’ branch (when ‘output_buf’ is non-NULL)...
mbedtls-3.6.5/library/pkwrite.c:560:12: branch_false: ...to here
mbedtls-3.6.5/library/pkwrite.c:562:16: call_function: calling ‘mbedtls_pk_write_pubkey_der’ from ‘mbedtls_pk_write_pubkey_pem’
#  472|       len += 1;
#  473|   
#  474|->     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
#  475|       MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING));
#  476|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def166]
mbedtls-3.6.5/library/psa_crypto.c:130:5: warning[-Wanalyzer-malloc-leak]: leak of ‘output’
mbedtls-3.6.5/library/psa_crypto.c:8045:14: enter_function: entry to ‘psa_generate_random’
mbedtls-3.6.5/library/psa_crypto.c:8051:5: call_function: calling ‘psa_crypto_local_output_alloc’ from ‘psa_generate_random’
mbedtls-3.6.5/library/psa_crypto.c:8051:5: return_function: returning to ‘psa_generate_random’ from ‘psa_crypto_local_output_alloc’
mbedtls-3.6.5/library/psa_crypto.c:8051:5: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:8051:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:8053:14: call_function: calling ‘psa_generate_random_internal’ from ‘psa_generate_random’
#  128|   
#  129|   #if defined(MBEDTLS_THREADING_C)
#  130|->     mbedtls_mutex_lock(&mbedtls_threading_psa_rngdata_mutex);
#  131|   #endif /* defined(MBEDTLS_THREADING_C) */
#  132|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def167]
mbedtls-3.6.5/library/psa_crypto.c:136:5: warning[-Wanalyzer-malloc-leak]: leak of ‘output’
mbedtls-3.6.5/library/psa_crypto.c:8045:14: enter_function: entry to ‘psa_generate_random’
mbedtls-3.6.5/library/psa_crypto.c:8051:5: call_function: calling ‘psa_crypto_local_output_alloc’ from ‘psa_generate_random’
mbedtls-3.6.5/library/psa_crypto.c:8051:5: return_function: returning to ‘psa_generate_random’ from ‘psa_crypto_local_output_alloc’
mbedtls-3.6.5/library/psa_crypto.c:8051:5: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:8051:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:8053:14: call_function: calling ‘psa_generate_random_internal’ from ‘psa_generate_random’
#  134|   
#  135|   #if defined(MBEDTLS_THREADING_C)
#  136|->     mbedtls_mutex_unlock(&mbedtls_threading_psa_rngdata_mutex);
#  137|   #endif /* defined(MBEDTLS_THREADING_C) */
#  138|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def168]
mbedtls-3.6.5/library/psa_crypto.c:140:5: warning[-Wanalyzer-malloc-leak]: leak of ‘output’
mbedtls-3.6.5/library/psa_crypto.c:8045:14: enter_function: entry to ‘psa_generate_random’
mbedtls-3.6.5/library/psa_crypto.c:8051:5: call_function: calling ‘psa_crypto_local_output_alloc’ from ‘psa_generate_random’
mbedtls-3.6.5/library/psa_crypto.c:8051:5: return_function: returning to ‘psa_generate_random’ from ‘psa_crypto_local_output_alloc’
mbedtls-3.6.5/library/psa_crypto.c:8051:5: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:8051:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:8053:14: call_function: calling ‘psa_generate_random_internal’ from ‘psa_generate_random’
#  138|   
#  139|   #if defined(MBEDTLS_THREADING_C)
#  140|->     mbedtls_mutex_lock(&mbedtls_threading_psa_globaldata_mutex);
#  141|   #endif /* defined(MBEDTLS_THREADING_C) */
#  142|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def169]
mbedtls-3.6.5/library/psa_crypto.c:147:5: warning[-Wanalyzer-malloc-leak]: leak of ‘output’
mbedtls-3.6.5/library/psa_crypto.c:7896:14: enter_function: entry to ‘psa_raw_key_agreement’
mbedtls-3.6.5/library/psa_crypto.c:7910:5: call_function: calling ‘psa_crypto_local_output_alloc’ from ‘psa_raw_key_agreement’
mbedtls-3.6.5/library/psa_crypto.c:7910:5: return_function: returning to ‘psa_raw_key_agreement’ from ‘psa_crypto_local_output_alloc’
mbedtls-3.6.5/library/psa_crypto.c:7910:5: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7910:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7912:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7914:9: branch_true: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7946:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7954:9: branch_true: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7954:9: call_function: calling ‘psa_generate_random_internal’ from ‘psa_raw_key_agreement’
#  145|   
#  146|   #if defined(MBEDTLS_THREADING_C)
#  147|->     mbedtls_mutex_unlock(&mbedtls_threading_psa_globaldata_mutex);
#  148|   #endif /* defined(MBEDTLS_THREADING_C) */
#  149|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def170]
mbedtls-3.6.5/library/psa_crypto.c:1108:14: warning[-Wanalyzer-malloc-leak]: leak of ‘output’
mbedtls-3.6.5/library/psa_crypto.c:7896:14: enter_function: entry to ‘psa_raw_key_agreement’
mbedtls-3.6.5/library/psa_crypto.c:7910:5: call_function: calling ‘psa_crypto_local_output_alloc’ from ‘psa_raw_key_agreement’
mbedtls-3.6.5/library/psa_crypto.c:7910:5: return_function: returning to ‘psa_raw_key_agreement’ from ‘psa_crypto_local_output_alloc’
mbedtls-3.6.5/library/psa_crypto.c:7910:5: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7910:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7912:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7916:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7916:14: call_function: calling ‘psa_get_and_lock_transparent_key_slot_with_policy’ from ‘psa_raw_key_agreement’
# 1106|       psa_key_slot_t *slot = NULL;
# 1107|   
# 1108|->     status = psa_get_and_lock_key_slot(key, p_slot);
# 1109|       if (status != PSA_SUCCESS) {
# 1110|           return status;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def171]
mbedtls-3.6.5/library/psa_crypto.c:1141:5: warning[-Wanalyzer-malloc-leak]: leak of ‘output’
mbedtls-3.6.5/library/psa_crypto.c:7896:14: enter_function: entry to ‘psa_raw_key_agreement’
mbedtls-3.6.5/library/psa_crypto.c:7910:5: call_function: calling ‘psa_crypto_local_output_alloc’ from ‘psa_raw_key_agreement’
mbedtls-3.6.5/library/psa_crypto.c:7910:5: return_function: returning to ‘psa_raw_key_agreement’ from ‘psa_crypto_local_output_alloc’
mbedtls-3.6.5/library/psa_crypto.c:7910:5: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7910:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7912:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7916:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7916:14: call_function: calling ‘psa_get_and_lock_transparent_key_slot_with_policy’ from ‘psa_raw_key_agreement’
# 1139|   error:
# 1140|       *p_slot = NULL;
# 1141|->     psa_unregister_read_under_mutex(slot);
# 1142|   
# 1143|       return status;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def172]
mbedtls-3.6.5/library/psa_crypto.c:4423:15: warning[-Wanalyzer-malloc-leak]: leak of ‘output’
mbedtls-3.6.5/library/psa_crypto.c:7896:14: enter_function: entry to ‘psa_raw_key_agreement’
mbedtls-3.6.5/library/psa_crypto.c:7910:5: call_function: calling ‘psa_crypto_local_output_alloc’ from ‘psa_raw_key_agreement’
mbedtls-3.6.5/library/psa_crypto.c:7910:5: return_function: returning to ‘psa_raw_key_agreement’ from ‘psa_crypto_local_output_alloc’
mbedtls-3.6.5/library/psa_crypto.c:7910:5: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7910:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7912:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7914:9: branch_true: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7946:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7954:9: branch_true: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7954:9: call_function: calling ‘psa_generate_random_internal’ from ‘psa_raw_key_agreement’
# 4421|                output_size);
# 4422|   #if defined(MBEDTLS_CTR_DRBG_C)
# 4423|->         ret = mbedtls_ctr_drbg_random(&global_data.rng.drbg, output, request_size);
# 4424|   #elif defined(MBEDTLS_HMAC_DRBG_C)
# 4425|           ret = mbedtls_hmac_drbg_random(&global_data.rng.drbg, output, request_size);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def173]
mbedtls-3.6.5/library/psa_crypto.c:7259:13: warning[-Wanalyzer-malloc-leak]: leak of ‘pms’
mbedtls-3.6.5/library/psa_crypto.c:7226:8: branch_false: following ‘false’ branch (when ‘data_length <= 128’)...
mbedtls-3.6.5/library/psa_crypto.c:7230:20: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7230:20: acquire_memory: allocated here
mbedtls-3.6.5/library/psa_crypto.c:7231:8: branch_false: following ‘false’ branch (when ‘pms’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto.c:7254:8: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7254:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7255:18: branch_true: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7257:12: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7258:25: branch_true: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7259:13: danger: ‘pms’ leaks here; was allocated at [(3)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/2)
# 7257|           if (prf->other_secret_length != 0) {
# 7258|               memcpy(cur, prf->other_secret, prf->other_secret_length);
# 7259|->             mbedtls_platform_zeroize(prf->other_secret, prf->other_secret_length);
# 7260|               cur += prf->other_secret_length;
# 7261|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def174]
mbedtls-3.6.5/library/psa_crypto.c:7276:5: warning[-Wanalyzer-malloc-leak]: leak of ‘pms’
mbedtls-3.6.5/library/psa_crypto.c:7226:8: branch_false: following ‘false’ branch (when ‘data_length <= 128’)...
mbedtls-3.6.5/library/psa_crypto.c:7230:20: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7230:20: acquire_memory: allocated here
mbedtls-3.6.5/library/psa_crypto.c:7231:8: branch_false: following ‘false’ branch (when ‘pms’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto.c:7254:8: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7254:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7263:9: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7276:5: danger: ‘pms’ leaks here; was allocated at [(3)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/2)
# 7274|       status = psa_tls12_prf_set_key(prf, pms, (size_t) (cur - pms));
# 7275|   
# 7276|->     mbedtls_zeroize_and_free(pms, pms_len);
# 7277|       return status;
# 7278|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def175]
mbedtls-3.6.5/library/psa_crypto.c:9428:5: warning[-Wanalyzer-malloc-leak]: leak of ‘input’
mbedtls-3.6.5/library/psa_crypto.c:6994:21: enter_function: entry to ‘psa_hkdf_input’
mbedtls-3.6.5/library/psa_crypto.c:7023:16: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7043:21: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7043:20: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7057:21: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7057:20: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7060:26: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7060:26: call_function: calling ‘psa_mac_update’ from ‘psa_hkdf_input’
# 9426|   void psa_crypto_local_input_free(psa_crypto_local_input_t *local_input)
# 9427|   {
# 9428|->     mbedtls_zeroize_and_free(local_input->buffer, local_input->length);
# 9429|       local_input->buffer = NULL;
# 9430|       local_input->length = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def176]
mbedtls-3.6.5/library/psa_crypto.c:9428:5: warning[-Wanalyzer-malloc-leak]: leak of ‘peer_id’
mbedtls-3.6.5/library/psa_crypto.c:8848:14: enter_function: entry to ‘psa_pake_set_peer’
mbedtls-3.6.5/library/psa_crypto.c:8856:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:8861:8: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:8861:8: branch_false: following ‘false’ branch (when ‘peer_id_len != 0’)...
mbedtls-3.6.5/library/psa_crypto.c:8866:9: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:8866:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:8871:35: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:8872:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:8877:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:8877:5: call_function: calling ‘psa_crypto_local_input_alloc’ from ‘psa_pake_set_peer’
mbedtls-3.6.5/library/psa_crypto.c:8877:5: return_function: returning to ‘psa_pake_set_peer’ from ‘psa_crypto_local_input_alloc’
mbedtls-3.6.5/library/psa_crypto.c:8877:5: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:8877:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:8885:5: call_function: calling ‘psa_crypto_local_input_free’ from ‘psa_pake_set_peer’
# 9426|   void psa_crypto_local_input_free(psa_crypto_local_input_t *local_input)
# 9427|   {
# 9428|->     mbedtls_zeroize_and_free(local_input->buffer, local_input->length);
# 9429|       local_input->buffer = NULL;
# 9430|       local_input->length = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def177]
mbedtls-3.6.5/library/psa_crypto.c:9428:5: warning[-Wanalyzer-malloc-leak]: leak of ‘user_id’
mbedtls-3.6.5/library/psa_crypto.c:8804:14: enter_function: entry to ‘psa_pake_set_user’
mbedtls-3.6.5/library/psa_crypto.c:8812:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:8817:8: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:8817:8: branch_false: following ‘false’ branch (when ‘user_id_len != 0’)...
mbedtls-3.6.5/library/psa_crypto.c:8822:9: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:8822:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:8827:35: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:8828:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:8833:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:8833:5: call_function: calling ‘psa_crypto_local_input_alloc’ from ‘psa_pake_set_user’
mbedtls-3.6.5/library/psa_crypto.c:8833:5: return_function: returning to ‘psa_pake_set_user’ from ‘psa_crypto_local_input_alloc’
mbedtls-3.6.5/library/psa_crypto.c:8833:5: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:8833:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:8841:5: call_function: calling ‘psa_crypto_local_input_free’ from ‘psa_pake_set_user’
# 9426|   void psa_crypto_local_input_free(psa_crypto_local_input_t *local_input)
# 9427|   {
# 9428|->     mbedtls_zeroize_and_free(local_input->buffer, local_input->length);
# 9429|       local_input->buffer = NULL;
# 9430|       local_input->length = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def178]
mbedtls-3.6.5/library/psa_crypto.c:9472:5: warning[-Wanalyzer-malloc-leak]: leak of ‘output’
mbedtls-3.6.5/library/psa_crypto.c:9071:14: enter_function: entry to ‘psa_pake_output’
mbedtls-3.6.5/library/psa_crypto.c:9090:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:9095:8: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9095:8: branch_false: following ‘false’ branch (when ‘output_size != 0’)...
mbedtls-3.6.5/library/psa_crypto.c:9100:13: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9100:5: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/psa_crypto.c:9102:9: branch_true: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9104:16: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:9108:17: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9117:5: call_function: calling ‘psa_crypto_local_output_alloc’ from ‘psa_pake_output’
mbedtls-3.6.5/library/psa_crypto.c:9117:5: return_function: returning to ‘psa_pake_output’ from ‘psa_crypto_local_output_alloc’
mbedtls-3.6.5/library/psa_crypto.c:9117:5: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:9117:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9119:14: call_function: inlined call to ‘psa_driver_wrapper_pake_output’ from ‘psa_pake_output’
mbedtls-3.6.5/library/psa_crypto.c:9123:9: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9141:5: call_function: calling ‘psa_crypto_local_output_free’ from ‘psa_pake_output’
# 9470|       }
# 9471|   
# 9472|->     mbedtls_zeroize_and_free(local_output->buffer, local_output->length);
# 9473|       local_output->buffer = NULL;
# 9474|       local_output->length = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def179]
mbedtls-3.6.5/library/psa_crypto_driver_wrappers.h:2416:19: warning[-Wanalyzer-malloc-leak]: leak of ‘input’
mbedtls-3.6.5/library/psa_crypto.c:6994:21: enter_function: entry to ‘psa_hkdf_input’
mbedtls-3.6.5/library/psa_crypto.c:7023:16: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7043:21: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7043:20: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7057:21: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7057:20: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7060:26: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7060:26: call_function: calling ‘psa_mac_update’ from ‘psa_hkdf_input’
# 2414|   #if defined(MBEDTLS_PSA_BUILTIN_MAC)
# 2415|           case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
# 2416|->             return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
# 2417|                                               input, input_length ) );
# 2418|   #endif /* MBEDTLS_PSA_BUILTIN_MAC */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def180]
mbedtls-3.6.5/library/psa_crypto_driver_wrappers.h:2450:19: warning[-Wanalyzer-malloc-leak]: leak of ‘mac’
mbedtls-3.6.5/library/psa_crypto.c:9225:14: enter_function: entry to ‘psa_pake_get_implicit_key’
mbedtls-3.6.5/library/psa_crypto.c:9234:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:9240:9: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9240:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/psa_crypto.c:9243:13: branch_true: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9243:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:9254:14: call_function: inlined call to ‘psa_driver_wrapper_pake_get_implicit_key’ from ‘psa_pake_get_implicit_key’
mbedtls-3.6.5/library/psa_crypto.c:9259:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:9263:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9263:14: call_function: calling ‘psa_key_derivation_input_bytes’ from ‘psa_pake_get_implicit_key’
# 2448|   #if defined(MBEDTLS_PSA_BUILTIN_MAC)
# 2449|           case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
# 2450|->             return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
# 2451|                                                    mac, mac_size, mac_length ) );
# 2452|   #endif /* MBEDTLS_PSA_BUILTIN_MAC */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def181]
mbedtls-3.6.5/library/psa_crypto_driver_wrappers.h:2515:19: warning[-Wanalyzer-malloc-leak]: leak of ‘input’
mbedtls-3.6.5/library/psa_crypto.c:6994:21: enter_function: entry to ‘psa_hkdf_input’
mbedtls-3.6.5/library/psa_crypto.c:7023:16: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7043:21: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7043:20: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7057:21: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7057:20: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:7060:26: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:7060:26: call_function: calling ‘psa_mac_update’ from ‘psa_hkdf_input’
# 2513|   #if defined(MBEDTLS_PSA_BUILTIN_MAC)
# 2514|           case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
# 2515|->             return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
# 2516|   #endif /* MBEDTLS_PSA_BUILTIN_MAC */
# 2517|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def182]
mbedtls-3.6.5/library/psa_crypto_driver_wrappers.h:2792:19: warning[-Wanalyzer-malloc-leak]: leak of ‘output’
mbedtls-3.6.5/library/psa_crypto.c:9071:14: enter_function: entry to ‘psa_pake_output’
mbedtls-3.6.5/library/psa_crypto.c:9090:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:9095:8: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9095:8: branch_false: following ‘false’ branch (when ‘output_size != 0’)...
mbedtls-3.6.5/library/psa_crypto.c:9100:13: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9100:5: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/psa_crypto.c:9102:9: branch_true: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9104:16: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:9108:17: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9117:5: call_function: calling ‘psa_crypto_local_output_alloc’ from ‘psa_pake_output’
mbedtls-3.6.5/library/psa_crypto.c:9117:5: return_function: returning to ‘psa_pake_output’ from ‘psa_crypto_local_output_alloc’
mbedtls-3.6.5/library/psa_crypto.c:9117:5: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:9117:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9119:14: call_function: inlined call to ‘psa_driver_wrapper_pake_output’ from ‘psa_pake_output’
# 2790|   #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
# 2791|           case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
# 2792|->             return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step,
# 2793|                                                output, output_size, output_length ) );
# 2794|   #endif /* MBEDTLS_PSA_BUILTIN_PAKE */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def183]
mbedtls-3.6.5/library/psa_crypto_driver_wrappers.h:2823:19: warning[-Wanalyzer-malloc-leak]: leak of ‘input’
mbedtls-3.6.5/library/psa_crypto.c:9148:14: enter_function: entry to ‘psa_pake_input’
mbedtls-3.6.5/library/psa_crypto.c:9168:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:9173:8: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9173:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:9178:13: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9178:5: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/psa_crypto.c:9180:9: branch_true: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9181:22: call_function: calling ‘psa_jpake_prologue’ from ‘psa_pake_input’
mbedtls-3.6.5/library/psa_crypto.c:9181:22: return_function: returning to ‘psa_pake_input’ from ‘psa_jpake_prologue’
mbedtls-3.6.5/library/psa_crypto.c:9182:16: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:9186:17: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9195:5: call_function: calling ‘psa_crypto_local_input_alloc’ from ‘psa_pake_input’
mbedtls-3.6.5/library/psa_crypto.c:9195:5: return_function: returning to ‘psa_pake_input’ from ‘psa_crypto_local_input_alloc’
mbedtls-3.6.5/library/psa_crypto.c:9195:5: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto.c:9195:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto.c:9196:14: call_function: inlined call to ‘psa_driver_wrapper_pake_input’ from ‘psa_pake_input’
# 2821|   #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
# 2822|           case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
# 2823|->             return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx,
# 2824|                                               step, input,
# 2825|                                               input_length ) );

Error: GCC_ANALYZER_WARNING (CWE-401): [#def184]
mbedtls-3.6.5/library/psa_crypto_ecp.c:138:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ecp’
mbedtls-3.6.5/library/psa_crypto_ecp.c:123:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_ecp.c:134:11: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_ecp.c:134:11: acquire_memory: allocated here
mbedtls-3.6.5/library/psa_crypto_ecp.c:135:8: branch_false: following ‘false’ branch (when ‘ecp’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_ecp.c:138:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_ecp.c:138:5: danger: ‘ecp’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  136|           return PSA_ERROR_INSUFFICIENT_MEMORY;
#  137|       }
#  138|->     mbedtls_ecp_keypair_init(ecp);
#  139|   
#  140|       status = check_ecc_parameters(PSA_KEY_TYPE_ECC_GET_FAMILY(type), &curve_bits);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def185]
mbedtls-3.6.5/library/psa_crypto_pake.c:202:14: warning[-Wanalyzer-malloc-leak]: leak of ‘peer’
mbedtls-3.6.5/library/psa_crypto_pake.c:165:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:169:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:170:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:174:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:175:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:179:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:180:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:184:27: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:185:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:190:12: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:191:8: branch_false: following ‘false’ branch (when ‘user’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_pake.c:196:12: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:196:12: acquire_memory: allocated here
mbedtls-3.6.5/library/psa_crypto_pake.c:197:8: branch_false: following ‘false’ branch (when ‘peer’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_pake.c:202:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:202:14: danger: ‘peer’ leaks here; was allocated at [(13)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/12)
#  200|       }
#  201|   
#  202|->     status = psa_crypto_driver_pake_get_password(inputs, operation->password,
#  203|                                                    password_len, &actual_password_len);
#  204|       if (status != PSA_SUCCESS) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def186]
mbedtls-3.6.5/library/psa_crypto_pake.c:202:14: warning[-Wanalyzer-malloc-leak]: leak of ‘user’
mbedtls-3.6.5/library/psa_crypto_pake.c:165:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:169:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:170:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:174:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:175:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:179:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:180:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:184:27: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:185:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:190:12: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:190:12: acquire_memory: allocated here
mbedtls-3.6.5/library/psa_crypto_pake.c:191:8: branch_false: following ‘false’ branch (when ‘user’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_pake.c:196:12: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:197:8: branch_false: following ‘false’ branch (when ‘peer’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_pake.c:202:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:202:14: danger: ‘user’ leaks here; was allocated at [(11)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/10)
#  200|       }
#  201|   
#  202|->     status = psa_crypto_driver_pake_get_password(inputs, operation->password,
#  203|                                                    password_len, &actual_password_len);
#  204|       if (status != PSA_SUCCESS) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def187]
mbedtls-3.6.5/library/psa_crypto_pake.c:208:14: warning[-Wanalyzer-malloc-leak]: leak of ‘peer’
mbedtls-3.6.5/library/psa_crypto_pake.c:165:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:169:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:170:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:174:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:175:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:179:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:180:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:184:27: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:185:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:190:12: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:191:8: branch_false: following ‘false’ branch (when ‘user’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_pake.c:196:12: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:196:12: acquire_memory: allocated here
mbedtls-3.6.5/library/psa_crypto_pake.c:197:8: branch_false: following ‘false’ branch (when ‘peer’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_pake.c:202:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:204:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:208:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:208:14: danger: ‘peer’ leaks here; was allocated at [(13)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/12)
#  206|       }
#  207|   
#  208|->     status = psa_crypto_driver_pake_get_user(inputs, user,
#  209|                                                user_len, &actual_user_len);
#  210|       if (status != PSA_SUCCESS) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def188]
mbedtls-3.6.5/library/psa_crypto_pake.c:208:14: warning[-Wanalyzer-malloc-leak]: leak of ‘user’
mbedtls-3.6.5/library/psa_crypto_pake.c:165:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:169:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:170:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:174:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:175:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:179:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:180:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:184:27: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:185:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:190:12: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:190:12: acquire_memory: allocated here
mbedtls-3.6.5/library/psa_crypto_pake.c:191:8: branch_false: following ‘false’ branch (when ‘user’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_pake.c:196:12: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:197:8: branch_false: following ‘false’ branch (when ‘peer’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_pake.c:202:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:204:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:208:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:208:14: danger: ‘user’ leaks here; was allocated at [(11)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/10)
#  206|       }
#  207|   
#  208|->     status = psa_crypto_driver_pake_get_user(inputs, user,
#  209|                                                user_len, &actual_user_len);
#  210|       if (status != PSA_SUCCESS) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def189]
mbedtls-3.6.5/library/psa_crypto_pake.c:214:14: warning[-Wanalyzer-malloc-leak]: leak of ‘peer’
mbedtls-3.6.5/library/psa_crypto_pake.c:165:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:169:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:170:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:174:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:175:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:179:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:180:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:184:27: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:185:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:190:12: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:191:8: branch_false: following ‘false’ branch (when ‘user’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_pake.c:196:12: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:196:12: acquire_memory: allocated here
mbedtls-3.6.5/library/psa_crypto_pake.c:197:8: branch_false: following ‘false’ branch (when ‘peer’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_pake.c:202:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:204:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:208:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:210:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_pake.c:214:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_pake.c:214:14: danger: ‘peer’ leaks here; was allocated at [(13)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/12)
#  212|       }
#  213|   
#  214|->     status = psa_crypto_driver_pake_get_peer(inputs, peer,
#  215|                                                peer_len, &actual_peer_len);
#  216|       if (status != PSA_SUCCESS) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def190]
mbedtls-3.6.5/library/psa_crypto_rsa.c:70:5: warning[-Wanalyzer-malloc-leak]: leak of ‘rsa’
mbedtls-3.6.5/library/psa_crypto_rsa.c:109:14: enter_function: entry to ‘mbedtls_psa_rsa_import_key’
mbedtls-3.6.5/library/psa_crypto_rsa.c:119:14: call_function: calling ‘mbedtls_psa_rsa_load_representation’ from ‘mbedtls_psa_rsa_import_key’
#   68|           return PSA_ERROR_INSUFFICIENT_MEMORY;
#   69|       }
#   70|->     mbedtls_rsa_init(*p_rsa);
#   71|   
#   72|       /* Parse the data. */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def191]
mbedtls-3.6.5/library/psa_crypto_storage.c:84:14: warning[-Wanalyzer-malloc-leak]: leak of ‘loaded_data’
mbedtls-3.6.5/library/psa_crypto_storage.c:355:14: enter_function: entry to ‘psa_load_persistent_key’
mbedtls-3.6.5/library/psa_crypto_storage.c:364:14: call_function: calling ‘psa_crypto_storage_get_data_length’ from ‘psa_load_persistent_key’
mbedtls-3.6.5/library/psa_crypto_storage.c:364:14: return_function: returning to ‘psa_load_persistent_key’ from ‘psa_crypto_storage_get_data_length’
mbedtls-3.6.5/library/psa_crypto_storage.c:365:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_storage.c:369:19: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:369:19: acquire_memory: allocated here
mbedtls-3.6.5/library/psa_crypto_storage.c:371:8: branch_false: following ‘false’ branch (when ‘loaded_data’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_storage.c:375:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:375:14: call_function: calling ‘psa_crypto_storage_load’ from ‘psa_load_persistent_key’
#   82|       size_t data_length = 0;
#   83|   
#   84|->     status = psa_its_get_info(data_identifier, &data_identifier_info);
#   85|       if (status  != PSA_SUCCESS) {
#   86|           return status;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def192]
mbedtls-3.6.5/library/psa_crypto_storage.c:89:14: warning[-Wanalyzer-malloc-leak]: leak of ‘loaded_data’
mbedtls-3.6.5/library/psa_crypto_storage.c:355:14: enter_function: entry to ‘psa_load_persistent_key’
mbedtls-3.6.5/library/psa_crypto_storage.c:364:14: call_function: calling ‘psa_crypto_storage_get_data_length’ from ‘psa_load_persistent_key’
mbedtls-3.6.5/library/psa_crypto_storage.c:364:14: return_function: returning to ‘psa_load_persistent_key’ from ‘psa_crypto_storage_get_data_length’
mbedtls-3.6.5/library/psa_crypto_storage.c:365:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_storage.c:369:19: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:369:19: acquire_memory: allocated here
mbedtls-3.6.5/library/psa_crypto_storage.c:371:8: branch_false: following ‘false’ branch (when ‘loaded_data’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_storage.c:375:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:375:14: call_function: calling ‘psa_crypto_storage_load’ from ‘psa_load_persistent_key’
#   87|       }
#   88|   
#   89|->     status = psa_its_get(data_identifier, 0, (uint32_t) data_size, data, &data_length);
#   90|       if (data_size  != data_length) {
#   91|           return PSA_ERROR_DATA_INVALID;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def193]
mbedtls-3.6.5/library/psa_crypto_storage.c:103:11: warning[-Wanalyzer-malloc-leak]: leak of ‘storage_data’
mbedtls-3.6.5/library/psa_crypto_storage.c:317:14: enter_function: entry to ‘psa_save_persistent_key’
mbedtls-3.6.5/library/psa_crypto_storage.c:326:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_storage.c:330:8: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:330:8: branch_false: following ‘false’ branch (when ‘data_length <= 8191’)...
mbedtls-3.6.5/library/psa_crypto_storage.c:333:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:335:20: acquire_memory: allocated here
mbedtls-3.6.5/library/psa_crypto_storage.c:336:8: branch_false: following ‘false’ branch (when ‘storage_data’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_storage.c:340:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:342:14: call_function: calling ‘psa_crypto_storage_store’ from ‘psa_save_persistent_key’
#  101|       struct psa_storage_info_t data_identifier_info;
#  102|   
#  103|->     ret = psa_its_get_info(data_identifier, &data_identifier_info);
#  104|   
#  105|       if (ret == PSA_ERROR_DOES_NOT_EXIST) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def194]
mbedtls-3.6.5/library/psa_crypto_storage.c:140:14: warning[-Wanalyzer-malloc-leak]: leak of ‘storage_data’
mbedtls-3.6.5/library/psa_crypto_storage.c:317:14: enter_function: entry to ‘psa_save_persistent_key’
mbedtls-3.6.5/library/psa_crypto_storage.c:326:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_storage.c:330:8: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:330:8: branch_false: following ‘false’ branch (when ‘data_length <= 8191’)...
mbedtls-3.6.5/library/psa_crypto_storage.c:333:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:335:20: acquire_memory: allocated here
mbedtls-3.6.5/library/psa_crypto_storage.c:336:8: branch_false: following ‘false’ branch (when ‘storage_data’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_storage.c:340:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:342:14: call_function: calling ‘psa_crypto_storage_store’ from ‘psa_save_persistent_key’
#  138|       }
#  139|   
#  140|->     status = psa_its_set(data_identifier, (uint32_t) data_length, data, 0);
#  141|       if (status != PSA_SUCCESS) {
#  142|           return PSA_ERROR_DATA_INVALID;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def195]
mbedtls-3.6.5/library/psa_crypto_storage.c:145:14: warning[-Wanalyzer-malloc-leak]: leak of ‘storage_data’
mbedtls-3.6.5/library/psa_crypto_storage.c:317:14: enter_function: entry to ‘psa_save_persistent_key’
mbedtls-3.6.5/library/psa_crypto_storage.c:326:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_storage.c:330:8: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:330:8: branch_false: following ‘false’ branch (when ‘data_length <= 8191’)...
mbedtls-3.6.5/library/psa_crypto_storage.c:333:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:335:20: acquire_memory: allocated here
mbedtls-3.6.5/library/psa_crypto_storage.c:336:8: branch_false: following ‘false’ branch (when ‘storage_data’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_storage.c:340:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:342:14: call_function: calling ‘psa_crypto_storage_store’ from ‘psa_save_persistent_key’
#  143|       }
#  144|   
#  145|->     status = psa_its_get_info(data_identifier, &data_identifier_info);
#  146|       if (status != PSA_SUCCESS) {
#  147|           goto exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def196]
mbedtls-3.6.5/library/psa_crypto_storage.c:161:16: warning[-Wanalyzer-malloc-leak]: leak of ‘storage_data’
mbedtls-3.6.5/library/psa_crypto_storage.c:317:14: enter_function: entry to ‘psa_save_persistent_key’
mbedtls-3.6.5/library/psa_crypto_storage.c:326:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_storage.c:330:8: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:330:8: branch_false: following ‘false’ branch (when ‘data_length <= 8191’)...
mbedtls-3.6.5/library/psa_crypto_storage.c:333:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:335:20: acquire_memory: allocated here
mbedtls-3.6.5/library/psa_crypto_storage.c:336:8: branch_false: following ‘false’ branch (when ‘storage_data’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_storage.c:340:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:342:14: call_function: calling ‘psa_crypto_storage_store’ from ‘psa_save_persistent_key’
#  159|            * but the removal fails, we're already reporting an error so there's
#  160|            * nothing else we can do. */
#  161|->         (void) psa_its_remove(data_identifier);
#  162|       }
#  163|       return status;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def197]
mbedtls-3.6.5/library/psa_crypto_storage.c:345:5: warning[-Wanalyzer-malloc-leak]: leak of ‘storage_data’
mbedtls-3.6.5/library/psa_crypto_storage.c:326:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_storage.c:330:8: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:330:8: branch_false: following ‘false’ branch (when ‘data_length <= 8191’)...
mbedtls-3.6.5/library/psa_crypto_storage.c:333:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:335:20: acquire_memory: allocated here
mbedtls-3.6.5/library/psa_crypto_storage.c:336:8: branch_false: following ‘false’ branch (when ‘storage_data’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_storage.c:340:5: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:345:5: danger: ‘storage_data’ leaks here; was allocated at [(5)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/4)
#  343|                                         storage_data, storage_data_length);
#  344|   
#  345|->     mbedtls_zeroize_and_free(storage_data, storage_data_length);
#  346|   
#  347|       return status;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def198]
mbedtls-3.6.5/library/psa_crypto_storage.c:390:5: warning[-Wanalyzer-malloc-leak]: leak of ‘loaded_data’
mbedtls-3.6.5/library/psa_crypto_storage.c:355:14: enter_function: entry to ‘psa_load_persistent_key’
mbedtls-3.6.5/library/psa_crypto_storage.c:364:14: call_function: calling ‘psa_crypto_storage_get_data_length’ from ‘psa_load_persistent_key’
mbedtls-3.6.5/library/psa_crypto_storage.c:364:14: return_function: returning to ‘psa_load_persistent_key’ from ‘psa_crypto_storage_get_data_length’
mbedtls-3.6.5/library/psa_crypto_storage.c:365:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_crypto_storage.c:369:19: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:369:19: acquire_memory: allocated here
mbedtls-3.6.5/library/psa_crypto_storage.c:371:8: branch_false: following ‘false’ branch (when ‘loaded_data’ is non-NULL)...
mbedtls-3.6.5/library/psa_crypto_storage.c:375:14: branch_false: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:375:14: call_function: calling ‘psa_crypto_storage_load’ from ‘psa_load_persistent_key’
mbedtls-3.6.5/library/psa_crypto_storage.c:375:14: return_function: returning to ‘psa_load_persistent_key’ from ‘psa_crypto_storage_load’
mbedtls-3.6.5/library/psa_crypto_storage.c:376:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/psa_crypto_storage.c:377:9: branch_true: ...to here
mbedtls-3.6.5/library/psa_crypto_storage.c:390:5: danger: ‘loaded_data’ leaks here; was allocated at [(9)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/8)
#  388|   
#  389|   exit:
#  390|->     mbedtls_zeroize_and_free(loaded_data, storage_data_length);
#  391|       return status;
#  392|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def199]
mbedtls-3.6.5/library/psa_its_file.c:156:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘stream’
mbedtls-3.6.5/library/psa_its_file.c:119:14: enter_function: entry to ‘psa_its_get’
mbedtls-3.6.5/library/psa_its_file.c:130:14: call_function: calling ‘psa_its_read_file’ from ‘psa_its_get’
mbedtls-3.6.5/library/psa_its_file.c:130:14: return_function: returning to ‘psa_its_get’ from ‘psa_its_read_file’
mbedtls-3.6.5/library/psa_its_file.c:131:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_its_file.c:135:9: branch_false: ...to here
mbedtls-3.6.5/library/psa_its_file.c:135:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_its_file.c:143:37: branch_false: ...to here
mbedtls-3.6.5/library/psa_its_file.c:143:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_its_file.c:156:9: branch_false: ...to here
mbedtls-3.6.5/library/psa_its_file.c:156:9: danger: ‘stream’ leaks here; was opened at [(4)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/3)
#  154|       }
#  155|   #endif
#  156|->     if (fseek(stream, data_offset, SEEK_CUR) != 0) {
#  157|           goto exit;
#  158|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def200]
mbedtls-3.6.5/library/psa_its_file.c:156:9: warning[-Wanalyzer-malloc-leak]: leak of ‘stream’
mbedtls-3.6.5/library/psa_its_file.c:119:14: enter_function: entry to ‘psa_its_get’
mbedtls-3.6.5/library/psa_its_file.c:130:14: call_function: calling ‘psa_its_read_file’ from ‘psa_its_get’
mbedtls-3.6.5/library/psa_its_file.c:130:14: return_function: returning to ‘psa_its_get’ from ‘psa_its_read_file’
mbedtls-3.6.5/library/psa_its_file.c:131:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_its_file.c:135:9: branch_false: ...to here
mbedtls-3.6.5/library/psa_its_file.c:135:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_its_file.c:143:37: branch_false: ...to here
mbedtls-3.6.5/library/psa_its_file.c:143:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/psa_its_file.c:156:9: branch_false: ...to here
mbedtls-3.6.5/library/psa_its_file.c:156:9: danger: ‘stream’ leaks here; was allocated at [(4)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/3)
#  154|       }
#  155|   #endif
#  156|->     if (fseek(stream, data_offset, SEEK_CUR) != 0) {
#  157|           goto exit;
#  158|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def201]
mbedtls-3.6.5/library/rsa.c:647:21: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded_expected’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2668:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2673:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2673:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2682:11: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2682:11: call_function: calling ‘mbedtls_rsa_public’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
#  645|   #endif
#  646|   
#  647|->     if (ctx->len != mbedtls_mpi_size(&ctx->N) ||
#  648|           ctx->len > MBEDTLS_MPI_MAX_SIZE) {
#  649|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def202]
mbedtls-3.6.5/library/rsa.c:647:21: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2667:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2673:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2673:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2682:11: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2682:11: call_function: calling ‘mbedtls_rsa_public’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
#  645|   #endif
#  646|   
#  647|->     if (ctx->len != mbedtls_mpi_size(&ctx->N) ||
#  648|           ctx->len > MBEDTLS_MPI_MAX_SIZE) {
#  649|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def203]
mbedtls-3.6.5/library/rsa.c:647:21: warning[-Wanalyzer-malloc-leak]: leak of ‘sig_try’
mbedtls-3.6.5/library/rsa.c:2399:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2414:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2422:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2422:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2422:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2422:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2433:15: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2433:15: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2434:8: branch_false: following ‘false’ branch (when ‘sig_try’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2438:13: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2439:8: branch_false: following ‘false’ branch (when ‘verif’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2444:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2444:5: call_function: calling ‘mbedtls_rsa_private’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
#  645|   #endif
#  646|   
#  647|->     if (ctx->len != mbedtls_mpi_size(&ctx->N) ||
#  648|           ctx->len > MBEDTLS_MPI_MAX_SIZE) {
#  649|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def204]
mbedtls-3.6.5/library/rsa.c:647:21: warning[-Wanalyzer-malloc-leak]: leak of ‘verif’
mbedtls-3.6.5/library/rsa.c:2399:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2414:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2422:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2422:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2422:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2422:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2433:15: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2434:8: branch_false: following ‘false’ branch (when ‘sig_try’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2438:13: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2438:13: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2439:8: branch_false: following ‘false’ branch (when ‘verif’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2444:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2444:5: call_function: calling ‘mbedtls_rsa_private’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
#  645|   #endif
#  646|   
#  647|->     if (ctx->len != mbedtls_mpi_size(&ctx->N) ||
#  648|           ctx->len > MBEDTLS_MPI_MAX_SIZE) {
#  649|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def205]
mbedtls-3.6.5/library/rsa.c:658:9: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded_expected’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2668:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2673:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2673:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2682:11: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2682:11: call_function: calling ‘mbedtls_rsa_public’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
#  656|       /* Modular exponentiation wrt. N is always used for
#  657|        * RSA public key operations. */
#  658|->     if (mbedtls_mpi_cmp_int(&ctx->N, 0) <= 0 ||
#  659|           mbedtls_mpi_get_bit(&ctx->N, 0) == 0) {
#  660|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def206]
mbedtls-3.6.5/library/rsa.c:658:9: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2667:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2673:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2673:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2682:11: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2682:11: call_function: calling ‘mbedtls_rsa_public’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
#  656|       /* Modular exponentiation wrt. N is always used for
#  657|        * RSA public key operations. */
#  658|->     if (mbedtls_mpi_cmp_int(&ctx->N, 0) <= 0 ||
#  659|           mbedtls_mpi_get_bit(&ctx->N, 0) == 0) {
#  660|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def207]
mbedtls-3.6.5/library/rsa.c:658:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sig_try’
mbedtls-3.6.5/library/rsa.c:2399:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2414:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2422:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2422:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2422:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2422:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2433:15: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2433:15: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2434:8: branch_false: following ‘false’ branch (when ‘sig_try’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2438:13: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2439:8: branch_false: following ‘false’ branch (when ‘verif’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2444:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2444:5: call_function: calling ‘mbedtls_rsa_private’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
#  656|       /* Modular exponentiation wrt. N is always used for
#  657|        * RSA public key operations. */
#  658|->     if (mbedtls_mpi_cmp_int(&ctx->N, 0) <= 0 ||
#  659|           mbedtls_mpi_get_bit(&ctx->N, 0) == 0) {
#  660|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def208]
mbedtls-3.6.5/library/rsa.c:658:9: warning[-Wanalyzer-malloc-leak]: leak of ‘verif’
mbedtls-3.6.5/library/rsa.c:2399:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2414:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2422:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2422:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2422:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2422:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2433:15: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2434:8: branch_false: following ‘false’ branch (when ‘sig_try’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2438:13: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2438:13: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2439:8: branch_false: following ‘false’ branch (when ‘verif’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2444:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2444:5: call_function: calling ‘mbedtls_rsa_private’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
#  656|       /* Modular exponentiation wrt. N is always used for
#  657|        * RSA public key operations. */
#  658|->     if (mbedtls_mpi_cmp_int(&ctx->N, 0) <= 0 ||
#  659|           mbedtls_mpi_get_bit(&ctx->N, 0) == 0) {
#  660|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def209]
mbedtls-3.6.5/library/rsa.c:659:9: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded_expected’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2668:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2673:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2673:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2682:11: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2682:11: call_function: calling ‘mbedtls_rsa_public’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
#  657|        * RSA public key operations. */
#  658|       if (mbedtls_mpi_cmp_int(&ctx->N, 0) <= 0 ||
#  659|->         mbedtls_mpi_get_bit(&ctx->N, 0) == 0) {
#  660|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
#  661|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def210]
mbedtls-3.6.5/library/rsa.c:659:9: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2667:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2673:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2673:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2682:11: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2682:11: call_function: calling ‘mbedtls_rsa_public’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
#  657|        * RSA public key operations. */
#  658|       if (mbedtls_mpi_cmp_int(&ctx->N, 0) <= 0 ||
#  659|->         mbedtls_mpi_get_bit(&ctx->N, 0) == 0) {
#  660|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
#  661|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def211]
mbedtls-3.6.5/library/rsa.c:659:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sig_try’
mbedtls-3.6.5/library/rsa.c:2399:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2414:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2422:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2422:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2422:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2422:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2433:15: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2433:15: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2434:8: branch_false: following ‘false’ branch (when ‘sig_try’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2438:13: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2439:8: branch_false: following ‘false’ branch (when ‘verif’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2444:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2444:5: call_function: calling ‘mbedtls_rsa_private’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
#  657|        * RSA public key operations. */
#  658|       if (mbedtls_mpi_cmp_int(&ctx->N, 0) <= 0 ||
#  659|->         mbedtls_mpi_get_bit(&ctx->N, 0) == 0) {
#  660|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
#  661|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def212]
mbedtls-3.6.5/library/rsa.c:659:9: warning[-Wanalyzer-malloc-leak]: leak of ‘verif’
mbedtls-3.6.5/library/rsa.c:2399:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2414:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2422:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2422:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2422:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2422:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2433:15: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2434:8: branch_false: following ‘false’ branch (when ‘sig_try’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2438:13: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2438:13: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2439:8: branch_false: following ‘false’ branch (when ‘verif’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2444:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2444:5: call_function: calling ‘mbedtls_rsa_private’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
#  657|        * RSA public key operations. */
#  658|       if (mbedtls_mpi_cmp_int(&ctx->N, 0) <= 0 ||
#  659|->         mbedtls_mpi_get_bit(&ctx->N, 0) == 0) {
#  660|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
#  661|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def213]
mbedtls-3.6.5/library/rsa.c:668:10: warning[-Wanalyzer-malloc-leak]: leak of ‘sig_try’
mbedtls-3.6.5/library/rsa.c:2399:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2414:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2422:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2422:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2422:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2422:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2433:15: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2433:15: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2434:8: branch_false: following ‘false’ branch (when ‘sig_try’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2438:13: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2439:8: branch_false: following ‘false’ branch (when ‘verif’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2444:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2444:5: call_function: calling ‘mbedtls_rsa_private’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
#  666|        * is used. */
#  667|       if (is_priv &&
#  668|->         (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 ||
#  669|            mbedtls_mpi_get_bit(&ctx->P, 0) == 0 ||
#  670|            mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def214]
mbedtls-3.6.5/library/rsa.c:668:10: warning[-Wanalyzer-malloc-leak]: leak of ‘verif’
mbedtls-3.6.5/library/rsa.c:2399:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2414:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2422:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2422:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2422:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2422:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2433:15: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2434:8: branch_false: following ‘false’ branch (when ‘sig_try’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2438:13: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2438:13: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2439:8: branch_false: following ‘false’ branch (when ‘verif’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2444:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2444:5: call_function: calling ‘mbedtls_rsa_private’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
#  666|        * is used. */
#  667|       if (is_priv &&
#  668|->         (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 ||
#  669|            mbedtls_mpi_get_bit(&ctx->P, 0) == 0 ||
#  670|            mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def215]
mbedtls-3.6.5/library/rsa.c:669:10: warning[-Wanalyzer-malloc-leak]: leak of ‘sig_try’
mbedtls-3.6.5/library/rsa.c:2399:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2414:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2422:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2422:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2422:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2422:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2433:15: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2433:15: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2434:8: branch_false: following ‘false’ branch (when ‘sig_try’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2438:13: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2439:8: branch_false: following ‘false’ branch (when ‘verif’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2444:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2444:5: call_function: calling ‘mbedtls_rsa_private’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
#  667|       if (is_priv &&
#  668|           (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 ||
#  669|->          mbedtls_mpi_get_bit(&ctx->P, 0) == 0 ||
#  670|            mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0 ||
#  671|            mbedtls_mpi_get_bit(&ctx->Q, 0) == 0)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def216]
mbedtls-3.6.5/library/rsa.c:669:10: warning[-Wanalyzer-malloc-leak]: leak of ‘verif’
mbedtls-3.6.5/library/rsa.c:2399:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2414:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2422:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2422:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2422:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2422:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2433:15: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2434:8: branch_false: following ‘false’ branch (when ‘sig_try’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2438:13: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2438:13: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2439:8: branch_false: following ‘false’ branch (when ‘verif’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2444:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2444:5: call_function: calling ‘mbedtls_rsa_private’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
#  667|       if (is_priv &&
#  668|           (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 ||
#  669|->          mbedtls_mpi_get_bit(&ctx->P, 0) == 0 ||
#  670|            mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0 ||
#  671|            mbedtls_mpi_get_bit(&ctx->Q, 0) == 0)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def217]
mbedtls-3.6.5/library/rsa.c:670:10: warning[-Wanalyzer-malloc-leak]: leak of ‘sig_try’
mbedtls-3.6.5/library/rsa.c:2399:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2414:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2422:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2422:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2422:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2422:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2433:15: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2433:15: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2434:8: branch_false: following ‘false’ branch (when ‘sig_try’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2438:13: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2439:8: branch_false: following ‘false’ branch (when ‘verif’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2444:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2444:5: call_function: calling ‘mbedtls_rsa_private’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
#  668|           (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 ||
#  669|            mbedtls_mpi_get_bit(&ctx->P, 0) == 0 ||
#  670|->          mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0 ||
#  671|            mbedtls_mpi_get_bit(&ctx->Q, 0) == 0)) {
#  672|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def218]
mbedtls-3.6.5/library/rsa.c:670:10: warning[-Wanalyzer-malloc-leak]: leak of ‘verif’
mbedtls-3.6.5/library/rsa.c:2399:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2414:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2422:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2422:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2422:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2422:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2433:15: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2434:8: branch_false: following ‘false’ branch (when ‘sig_try’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2438:13: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2438:13: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2439:8: branch_false: following ‘false’ branch (when ‘verif’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2444:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2444:5: call_function: calling ‘mbedtls_rsa_private’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
#  668|           (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 ||
#  669|            mbedtls_mpi_get_bit(&ctx->P, 0) == 0 ||
#  670|->          mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0 ||
#  671|            mbedtls_mpi_get_bit(&ctx->Q, 0) == 0)) {
#  672|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def219]
mbedtls-3.6.5/library/rsa.c:671:10: warning[-Wanalyzer-malloc-leak]: leak of ‘sig_try’
mbedtls-3.6.5/library/rsa.c:2399:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2414:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2422:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2422:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2422:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2422:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2433:15: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2433:15: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2434:8: branch_false: following ‘false’ branch (when ‘sig_try’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2438:13: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2439:8: branch_false: following ‘false’ branch (when ‘verif’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2444:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2444:5: call_function: calling ‘mbedtls_rsa_private’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
#  669|            mbedtls_mpi_get_bit(&ctx->P, 0) == 0 ||
#  670|            mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0 ||
#  671|->          mbedtls_mpi_get_bit(&ctx->Q, 0) == 0)) {
#  672|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
#  673|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def220]
mbedtls-3.6.5/library/rsa.c:671:10: warning[-Wanalyzer-malloc-leak]: leak of ‘verif’
mbedtls-3.6.5/library/rsa.c:2399:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2414:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2422:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2422:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2422:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2422:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2433:15: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2434:8: branch_false: following ‘false’ branch (when ‘sig_try’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2438:13: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2438:13: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2439:8: branch_false: following ‘false’ branch (when ‘verif’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2444:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2444:5: call_function: calling ‘mbedtls_rsa_private’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
#  669|            mbedtls_mpi_get_bit(&ctx->P, 0) == 0 ||
#  670|            mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0 ||
#  671|->          mbedtls_mpi_get_bit(&ctx->Q, 0) == 0)) {
#  672|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
#  673|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def221]
mbedtls-3.6.5/library/rsa.c:681:9: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded_expected’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2668:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2673:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2673:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2682:11: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2682:11: call_function: calling ‘mbedtls_rsa_public’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
#  679|   
#  680|       /* Always need E for public key operations */
#  681|->     if (mbedtls_mpi_cmp_int(&ctx->E, 0) <= 0) {
#  682|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
#  683|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def222]
mbedtls-3.6.5/library/rsa.c:681:9: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2667:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2673:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2673:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2682:11: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2682:11: call_function: calling ‘mbedtls_rsa_public’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
#  679|   
#  680|       /* Always need E for public key operations */
#  681|->     if (mbedtls_mpi_cmp_int(&ctx->E, 0) <= 0) {
#  682|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
#  683|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def223]
mbedtls-3.6.5/library/rsa.c:681:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sig_try’
mbedtls-3.6.5/library/rsa.c:2399:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2414:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2422:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2422:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2422:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2422:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2433:15: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2433:15: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2434:8: branch_false: following ‘false’ branch (when ‘sig_try’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2438:13: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2439:8: branch_false: following ‘false’ branch (when ‘verif’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2444:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2444:5: call_function: calling ‘mbedtls_rsa_private’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
#  679|   
#  680|       /* Always need E for public key operations */
#  681|->     if (mbedtls_mpi_cmp_int(&ctx->E, 0) <= 0) {
#  682|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
#  683|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def224]
mbedtls-3.6.5/library/rsa.c:681:9: warning[-Wanalyzer-malloc-leak]: leak of ‘verif’
mbedtls-3.6.5/library/rsa.c:2399:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2414:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2422:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2422:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
mbedtls-3.6.5/library/rsa.c:2422:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2422:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2433:15: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2434:8: branch_false: following ‘false’ branch (when ‘sig_try’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2438:13: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2438:13: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2439:8: branch_false: following ‘false’ branch (when ‘verif’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2444:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2444:5: call_function: calling ‘mbedtls_rsa_private’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_sign’
#  679|   
#  680|       /* Always need E for public key operations */
#  681|->     if (mbedtls_mpi_cmp_int(&ctx->E, 0) <= 0) {
#  682|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
#  683|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def225]
mbedtls-3.6.5/library/rsa.c:1236:5: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded_expected’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2668:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2673:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2673:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2682:11: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2682:11: call_function: calling ‘mbedtls_rsa_public’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
# 1234|       }
# 1235|   
# 1236|->     mbedtls_mpi_init(&T);
# 1237|   
# 1238|   #if defined(MBEDTLS_THREADING_C)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def226]
mbedtls-3.6.5/library/rsa.c:1236:5: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2667:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2673:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2673:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2682:11: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2682:11: call_function: calling ‘mbedtls_rsa_public’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
# 1234|       }
# 1235|   
# 1236|->     mbedtls_mpi_init(&T);
# 1237|   
# 1238|   #if defined(MBEDTLS_THREADING_C)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def227]
mbedtls-3.6.5/library/rsa.c:1239:16: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded_expected’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2668:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2673:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2673:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2682:11: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2682:11: call_function: calling ‘mbedtls_rsa_public’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
# 1237|   
# 1238|   #if defined(MBEDTLS_THREADING_C)
# 1239|->     if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
# 1240|           return ret;
# 1241|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def228]
mbedtls-3.6.5/library/rsa.c:1239:16: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2667:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2673:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2673:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2682:11: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2682:11: call_function: calling ‘mbedtls_rsa_public’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
# 1237|   
# 1238|   #if defined(MBEDTLS_THREADING_C)
# 1239|->     if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
# 1240|           return ret;
# 1241|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def229]
mbedtls-3.6.5/library/rsa.c:1244:5: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded_expected’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2668:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2673:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2673:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2682:11: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2682:11: call_function: calling ‘mbedtls_rsa_public’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
# 1242|   #endif
# 1243|   
# 1244|->     MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&T, input, ctx->len));
# 1245|   
# 1246|       if (mbedtls_mpi_cmp_mpi(&T, &ctx->N) >= 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def230]
mbedtls-3.6.5/library/rsa.c:1244:5: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2667:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2673:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2673:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2682:11: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2682:11: call_function: calling ‘mbedtls_rsa_public’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
# 1242|   #endif
# 1243|   
# 1244|->     MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&T, input, ctx->len));
# 1245|   
# 1246|       if (mbedtls_mpi_cmp_mpi(&T, &ctx->N) >= 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def231]
mbedtls-3.6.5/library/rsa.c:1246:9: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded_expected’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2668:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2673:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2673:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2682:11: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2682:11: call_function: calling ‘mbedtls_rsa_public’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
# 1244|       MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&T, input, ctx->len));
# 1245|   
# 1246|->     if (mbedtls_mpi_cmp_mpi(&T, &ctx->N) >= 0) {
# 1247|           ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
# 1248|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def232]
mbedtls-3.6.5/library/rsa.c:1246:9: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2667:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2673:16: return_function: returning to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’ from ‘rsa_rsassa_pkcs1_v15_encode’
mbedtls-3.6.5/library/rsa.c:2673:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/rsa.c:2682:11: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2682:11: call_function: calling ‘mbedtls_rsa_public’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
# 1244|       MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&T, input, ctx->len));
# 1245|   
# 1246|->     if (mbedtls_mpi_cmp_mpi(&T, &ctx->N) >= 0) {
# 1247|           ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
# 1248|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def233]
mbedtls-3.6.5/library/rsa.c:2299:13: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded_expected’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2657:9: branch_false: following ‘false’ branch (when ‘hash’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2661:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2668:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
# 2297|           }
# 2298|   
# 2299|->         if (mbedtls_oid_get_oid_by_md(md_alg, &oid, &oid_size) != 0) {
# 2300|               return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
# 2301|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def234]
mbedtls-3.6.5/library/rsa.c:2299:13: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2657:9: branch_false: following ‘false’ branch (when ‘hash’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2661:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2667:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
# 2297|           }
# 2298|   
# 2299|->         if (mbedtls_oid_get_oid_by_md(md_alg, &oid, &oid_size) != 0) {
# 2300|               return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
# 2301|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def235]
mbedtls-3.6.5/library/rsa.c:2389:9: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded_expected’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2657:9: branch_false: following ‘false’ branch (when ‘hash’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2661:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2668:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
# 2387|        * after the initial bounds check. */
# 2388|       if (p != dst + dst_len) {
# 2389|->         mbedtls_platform_zeroize(dst, dst_len);
# 2390|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
# 2391|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def236]
mbedtls-3.6.5/library/rsa.c:2389:9: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded’
mbedtls-3.6.5/library/rsa.c:2647:5: enter_function: entry to ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
mbedtls-3.6.5/library/rsa.c:2657:9: branch_false: following ‘false’ branch (when ‘hash’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2661:5: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2667:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:16: call_function: calling ‘rsa_rsassa_pkcs1_v15_encode’ from ‘mbedtls_rsa_rsassa_pkcs1_v15_verify’
# 2387|        * after the initial bounds check. */
# 2388|       if (p != dst + dst_len) {
# 2389|->         mbedtls_platform_zeroize(dst, dst_len);
# 2390|           return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
# 2391|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def237]
mbedtls-3.6.5/library/rsa.c:2700:9: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded_expected’
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2668:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/rsa.c:2675:9: branch_true: ...to here
mbedtls-3.6.5/library/rsa.c:2700:9: danger: ‘encoded_expected’ leaks here; was allocated at [(3)](sarif:/runs/0/results/40/codeFlows/0/threadFlows/0/locations/2)
# 2698|   
# 2699|       if (encoded != NULL) {
# 2700|->         mbedtls_zeroize_and_free(encoded, sig_len);
# 2701|       }
# 2702|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def238]
mbedtls-3.6.5/library/rsa.c:2700:9: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded’
mbedtls-3.6.5/library/rsa.c:2667:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_true: following ‘true’ branch (when ‘encoded_expected’ is NULL)...
mbedtls-3.6.5/library/rsa.c:2670:9: branch_true: ...to here
mbedtls-3.6.5/library/rsa.c:2700:9: danger: ‘encoded’ leaks here; was allocated at [(1)](sarif:/runs/0/results/41/codeFlows/0/threadFlows/0/locations/0)
# 2698|   
# 2699|       if (encoded != NULL) {
# 2700|->         mbedtls_zeroize_and_free(encoded, sig_len);
# 2701|       }
# 2702|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def239]
mbedtls-3.6.5/library/rsa.c:2704:9: warning[-Wanalyzer-malloc-leak]: leak of ‘encoded_expected’
mbedtls-3.6.5/library/rsa.c:2667:8: branch_false: following ‘false’ branch (when ‘encoded’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2668:29: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2668:29: acquire_memory: allocated here
mbedtls-3.6.5/library/rsa.c:2667:9: branch_false: following ‘false’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2673:16: branch_false: ...to here
mbedtls-3.6.5/library/rsa.c:2673:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/rsa.c:2675:9: branch_true: ...to here
mbedtls-3.6.5/library/rsa.c:2703:8: branch_true: following ‘true’ branch (when ‘encoded_expected’ is non-NULL)...
mbedtls-3.6.5/library/rsa.c:2704:9: branch_true: ...to here
mbedtls-3.6.5/library/rsa.c:2704:9: danger: ‘encoded_expected’ leaks here; was allocated at [(3)](sarif:/runs/0/results/42/codeFlows/0/threadFlows/0/locations/2)
# 2702|   
# 2703|       if (encoded_expected != NULL) {
# 2704|->         mbedtls_zeroize_and_free(encoded_expected, sig_len);
# 2705|       }
# 2706|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def240]
mbedtls-3.6.5/library/ssl_cache.c:285:11: warning[-Wanalyzer-malloc-leak]: leak of ‘session_serialized’
mbedtls-3.6.5/library/ssl_cache.c:259:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_cache.c:264:11: branch_false: ...to here
mbedtls-3.6.5/library/ssl_cache.c:267:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_cache.c:273:11: branch_false: ...to here
mbedtls-3.6.5/library/ssl_cache.c:274:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_cache.c:278:26: branch_false: ...to here
mbedtls-3.6.5/library/ssl_cache.c:278:26: acquire_memory: allocated here
mbedtls-3.6.5/library/ssl_cache.c:279:8: branch_false: following ‘false’ branch (when ‘session_serialized’ is non-NULL)...
mbedtls-3.6.5/library/ssl_cache.c:285:11: branch_false: ...to here
mbedtls-3.6.5/library/ssl_cache.c:285:11: danger: ‘session_serialized’ leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  283|   
#  284|       /* Now serialize the session into the allocated buffer. */
#  285|->     ret = mbedtls_ssl_session_save(session,
#  286|                                      session_serialized,
#  287|                                      session_serialized_len,

Error: GCC_ANALYZER_WARNING (CWE-476): [#def241]
mbedtls-3.6.5/library/ssl_tls.c:3516:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘p’
mbedtls-3.6.5/library/ssl_tls.c:5095:5: enter_function: entry to ‘mbedtls_ssl_context_save’
mbedtls-3.6.5/library/ssl_tls.c:5114:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5118:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5118:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5123:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5123:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5128:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5132:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5132:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5137:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5137:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5142:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5142:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5147:41: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5153:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5164:8: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5173:11: call_function: calling ‘ssl_session_save’ from ‘mbedtls_ssl_context_save’
# 3514|   
# 3515|       if (used <= buf_len) {
# 3516|->         *p++ = MBEDTLS_BYTE_2(cert_len);
# 3517|           *p++ = MBEDTLS_BYTE_1(cert_len);
# 3518|           *p++ = MBEDTLS_BYTE_0(cert_len);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def242]
mbedtls-3.6.5/library/ssl_tls.c:3554:13: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘p’
mbedtls-3.6.5/library/ssl_tls.c:5095:5: enter_function: entry to ‘mbedtls_ssl_context_save’
mbedtls-3.6.5/library/ssl_tls.c:5114:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5118:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5118:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5123:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5123:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5128:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5132:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5132:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5137:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5137:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5142:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5142:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5147:41: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5153:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5164:8: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5173:11: call_function: calling ‘ssl_session_save’ from ‘mbedtls_ssl_context_save’
# 3552|   
# 3553|           if (used <= buf_len) {
# 3554|->             *p++ = MBEDTLS_BYTE_2(session->ticket_len);
# 3555|               *p++ = MBEDTLS_BYTE_1(session->ticket_len);
# 3556|               *p++ = MBEDTLS_BYTE_0(session->ticket_len);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def243]
mbedtls-3.6.5/library/ssl_tls.c:3587:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘p’
mbedtls-3.6.5/library/ssl_tls.c:5095:5: enter_function: entry to ‘mbedtls_ssl_context_save’
mbedtls-3.6.5/library/ssl_tls.c:5114:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5118:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5118:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5123:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5123:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5128:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5132:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5132:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5137:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5137:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5142:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5142:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5147:41: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5153:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5164:8: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5173:11: call_function: calling ‘ssl_session_save’ from ‘mbedtls_ssl_context_save’
# 3585|   
# 3586|       if (used <= buf_len) {
# 3587|->         *p++ = session->mfl_code;
# 3588|       }
# 3589|   #endif

Error: GCC_ANALYZER_WARNING (CWE-476): [#def244]
mbedtls-3.6.5/library/ssl_tls.c:3595:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘p’
mbedtls-3.6.5/library/ssl_tls.c:5095:5: enter_function: entry to ‘mbedtls_ssl_context_save’
mbedtls-3.6.5/library/ssl_tls.c:5114:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5118:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5118:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5123:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5123:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5128:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5132:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5132:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5137:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5137:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5142:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5142:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5147:41: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5153:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:5164:8: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:5173:11: call_function: calling ‘ssl_session_save’ from ‘mbedtls_ssl_context_save’
# 3593|   
# 3594|       if (used <= buf_len) {
# 3595|->         *p++ = MBEDTLS_BYTE_0(session->encrypt_then_mac);
# 3596|       }
# 3597|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def245]
mbedtls-3.6.5/library/ssl_tls.c:6865:5: warning[-Wanalyzer-malloc-leak]: leak of ‘prf_input’
mbedtls-3.6.5/library/ssl_tls.c:10060:12: enter_function: entry to ‘mbedtls_ssl_tls12_export_keying_material’
mbedtls-3.6.5/library/ssl_tls.c:10089:17: acquire_memory: allocated here
mbedtls-3.6.5/library/ssl_tls.c:10090:8: branch_false: following ‘false’ branch (when ‘prf_input’ is non-NULL)...
mbedtls-3.6.5/library/ssl_tls.c:10095:12: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:10100:8: branch_false: following ‘false’ branch (when ‘use_context == 0’)...
mbedtls-3.6.5/library/ssl_tls.c:10104:37: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:10104:11: call_function: calling ‘tls_prf_generic’ from ‘mbedtls_ssl_tls12_export_keying_material’
# 6863|       int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
# 6864|   
# 6865|->     mbedtls_md_init(&md_ctx);
# 6866|   
# 6867|       if ((md_info = mbedtls_md_info_from_type(md_type)) == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def246]
mbedtls-3.6.5/library/ssl_tls.c:6867:20: warning[-Wanalyzer-malloc-leak]: leak of ‘prf_input’
mbedtls-3.6.5/library/ssl_tls.c:10060:12: enter_function: entry to ‘mbedtls_ssl_tls12_export_keying_material’
mbedtls-3.6.5/library/ssl_tls.c:10089:17: acquire_memory: allocated here
mbedtls-3.6.5/library/ssl_tls.c:10090:8: branch_false: following ‘false’ branch (when ‘prf_input’ is non-NULL)...
mbedtls-3.6.5/library/ssl_tls.c:10095:12: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:10100:8: branch_false: following ‘false’ branch (when ‘use_context == 0’)...
mbedtls-3.6.5/library/ssl_tls.c:10104:37: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:10104:11: call_function: calling ‘tls_prf_generic’ from ‘mbedtls_ssl_tls12_export_keying_material’
# 6865|       mbedtls_md_init(&md_ctx);
# 6866|   
# 6867|->     if ((md_info = mbedtls_md_info_from_type(md_type)) == NULL) {
# 6868|           return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
# 6869|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def247]
mbedtls-3.6.5/library/ssl_tls.c:6871:14: warning[-Wanalyzer-malloc-leak]: leak of ‘prf_input’
mbedtls-3.6.5/library/ssl_tls.c:10060:12: enter_function: entry to ‘mbedtls_ssl_tls12_export_keying_material’
mbedtls-3.6.5/library/ssl_tls.c:10089:17: acquire_memory: allocated here
mbedtls-3.6.5/library/ssl_tls.c:10090:8: branch_false: following ‘false’ branch (when ‘prf_input’ is non-NULL)...
mbedtls-3.6.5/library/ssl_tls.c:10095:12: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:10100:8: branch_false: following ‘false’ branch (when ‘use_context == 0’)...
mbedtls-3.6.5/library/ssl_tls.c:10104:37: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:10104:11: call_function: calling ‘tls_prf_generic’ from ‘mbedtls_ssl_tls12_export_keying_material’
# 6869|       }
# 6870|   
# 6871|->     md_len = mbedtls_md_get_size(md_info);
# 6872|   
# 6873|       tmp_len = md_len + label_len + rlen;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def248]
mbedtls-3.6.5/library/ssl_tls.c:6888:16: warning[-Wanalyzer-malloc-leak]: leak of ‘prf_input’
mbedtls-3.6.5/library/ssl_tls.c:10060:12: enter_function: entry to ‘mbedtls_ssl_tls12_export_keying_material’
mbedtls-3.6.5/library/ssl_tls.c:10089:17: acquire_memory: allocated here
mbedtls-3.6.5/library/ssl_tls.c:10090:8: branch_false: following ‘false’ branch (when ‘prf_input’ is non-NULL)...
mbedtls-3.6.5/library/ssl_tls.c:10095:12: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:10100:8: branch_false: following ‘false’ branch (when ‘use_context == 0’)...
mbedtls-3.6.5/library/ssl_tls.c:10104:37: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:10104:11: call_function: calling ‘tls_prf_generic’ from ‘mbedtls_ssl_tls12_export_keying_material’
# 6886|        * Compute P_<hash>(secret, label + random)[0..dlen]
# 6887|        */
# 6888|->     if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) {
# 6889|           goto exit;
# 6890|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def249]
mbedtls-3.6.5/library/ssl_tls.c:6888:16: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp’
mbedtls-3.6.5/library/ssl_tls.c:6867:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:6871:14: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:6874:11: acquire_memory: allocated here
mbedtls-3.6.5/library/ssl_tls.c:6875:8: branch_false: following ‘false’ branch (when ‘tmp’ is non-NULL)...
mbedtls-3.6.5/library/ssl_tls.c:6881:12: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:6888:16: danger: ‘tmp’ leaks here; was allocated at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2)
# 6886|        * Compute P_<hash>(secret, label + random)[0..dlen]
# 6887|        */
# 6888|->     if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) {
# 6889|           goto exit;
# 6890|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def250]
mbedtls-3.6.5/library/ssl_tls.c:6892:11: warning[-Wanalyzer-malloc-leak]: leak of ‘prf_input’
mbedtls-3.6.5/library/ssl_tls.c:10060:12: enter_function: entry to ‘mbedtls_ssl_tls12_export_keying_material’
mbedtls-3.6.5/library/ssl_tls.c:10089:17: acquire_memory: allocated here
mbedtls-3.6.5/library/ssl_tls.c:10090:8: branch_false: following ‘false’ branch (when ‘prf_input’ is non-NULL)...
mbedtls-3.6.5/library/ssl_tls.c:10095:12: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:10100:8: branch_false: following ‘false’ branch (when ‘use_context == 0’)...
mbedtls-3.6.5/library/ssl_tls.c:10104:37: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:10104:11: call_function: calling ‘tls_prf_generic’ from ‘mbedtls_ssl_tls12_export_keying_material’
# 6890|       }
# 6891|   
# 6892|->     ret = mbedtls_md_hmac_starts(&md_ctx, secret, slen);
# 6893|       if (ret != 0) {
# 6894|           goto exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def251]
mbedtls-3.6.5/library/ssl_tls.c:6892:11: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp’
mbedtls-3.6.5/library/ssl_tls.c:6867:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:6871:14: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:6874:11: acquire_memory: allocated here
mbedtls-3.6.5/library/ssl_tls.c:6875:8: branch_false: following ‘false’ branch (when ‘tmp’ is non-NULL)...
mbedtls-3.6.5/library/ssl_tls.c:6881:12: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:6888:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:6892:11: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:6892:11: danger: ‘tmp’ leaks here; was allocated at [(3)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/2)
# 6890|       }
# 6891|   
# 6892|->     ret = mbedtls_md_hmac_starts(&md_ctx, secret, slen);
# 6893|       if (ret != 0) {
# 6894|           goto exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def252]
mbedtls-3.6.5/library/ssl_tls.c:6896:11: warning[-Wanalyzer-malloc-leak]: leak of ‘prf_input’
mbedtls-3.6.5/library/ssl_tls.c:10060:12: enter_function: entry to ‘mbedtls_ssl_tls12_export_keying_material’
mbedtls-3.6.5/library/ssl_tls.c:10089:17: acquire_memory: allocated here
mbedtls-3.6.5/library/ssl_tls.c:10090:8: branch_false: following ‘false’ branch (when ‘prf_input’ is non-NULL)...
mbedtls-3.6.5/library/ssl_tls.c:10095:12: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:10100:8: branch_false: following ‘false’ branch (when ‘use_context == 0’)...
mbedtls-3.6.5/library/ssl_tls.c:10104:37: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:10104:11: call_function: calling ‘tls_prf_generic’ from ‘mbedtls_ssl_tls12_export_keying_material’
# 6894|           goto exit;
# 6895|       }
# 6896|->     ret = mbedtls_md_hmac_update(&md_ctx, tmp + md_len, nb);
# 6897|       if (ret != 0) {
# 6898|           goto exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def253]
mbedtls-3.6.5/library/ssl_tls.c:6896:11: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp’
mbedtls-3.6.5/library/ssl_tls.c:6867:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:6871:14: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:6874:11: acquire_memory: allocated here
mbedtls-3.6.5/library/ssl_tls.c:6875:8: branch_false: following ‘false’ branch (when ‘tmp’ is non-NULL)...
mbedtls-3.6.5/library/ssl_tls.c:6881:12: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:6888:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:6892:11: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:6893:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:6896:11: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:6896:11: danger: ‘tmp’ leaks here; was allocated at [(3)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/2)
# 6894|           goto exit;
# 6895|       }
# 6896|->     ret = mbedtls_md_hmac_update(&md_ctx, tmp + md_len, nb);
# 6897|       if (ret != 0) {
# 6898|           goto exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def254]
mbedtls-3.6.5/library/ssl_tls.c:6900:11: warning[-Wanalyzer-malloc-leak]: leak of ‘prf_input’
mbedtls-3.6.5/library/ssl_tls.c:10060:12: enter_function: entry to ‘mbedtls_ssl_tls12_export_keying_material’
mbedtls-3.6.5/library/ssl_tls.c:10089:17: acquire_memory: allocated here
mbedtls-3.6.5/library/ssl_tls.c:10090:8: branch_false: following ‘false’ branch (when ‘prf_input’ is non-NULL)...
mbedtls-3.6.5/library/ssl_tls.c:10095:12: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:10100:8: branch_false: following ‘false’ branch (when ‘use_context == 0’)...
mbedtls-3.6.5/library/ssl_tls.c:10104:37: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:10104:11: call_function: calling ‘tls_prf_generic’ from ‘mbedtls_ssl_tls12_export_keying_material’
# 6898|           goto exit;
# 6899|       }
# 6900|->     ret = mbedtls_md_hmac_finish(&md_ctx, tmp);
# 6901|       if (ret != 0) {
# 6902|           goto exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def255]
mbedtls-3.6.5/library/ssl_tls.c:6900:11: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp’
mbedtls-3.6.5/library/ssl_tls.c:6867:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:6871:14: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:6874:11: acquire_memory: allocated here
mbedtls-3.6.5/library/ssl_tls.c:6875:8: branch_false: following ‘false’ branch (when ‘tmp’ is non-NULL)...
mbedtls-3.6.5/library/ssl_tls.c:6881:12: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:6888:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:6892:11: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:6893:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:6896:11: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:6897:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:6900:11: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:6900:11: danger: ‘tmp’ leaks here; was allocated at [(3)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/2)
# 6898|           goto exit;
# 6899|       }
# 6900|->     ret = mbedtls_md_hmac_finish(&md_ctx, tmp);
# 6901|       if (ret != 0) {
# 6902|           goto exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def256]
mbedtls-3.6.5/library/ssl_tls.c:6906:15: warning[-Wanalyzer-malloc-leak]: leak of ‘prf_input’
mbedtls-3.6.5/library/ssl_tls.c:10060:12: enter_function: entry to ‘mbedtls_ssl_tls12_export_keying_material’
mbedtls-3.6.5/library/ssl_tls.c:10089:17: acquire_memory: allocated here
mbedtls-3.6.5/library/ssl_tls.c:10090:8: branch_false: following ‘false’ branch (when ‘prf_input’ is non-NULL)...
mbedtls-3.6.5/library/ssl_tls.c:10095:12: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:10100:8: branch_false: following ‘false’ branch (when ‘use_context == 0’)...
mbedtls-3.6.5/library/ssl_tls.c:10104:37: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:10104:11: call_function: calling ‘tls_prf_generic’ from ‘mbedtls_ssl_tls12_export_keying_material’
# 6904|   
# 6905|       for (i = 0; i < dlen; i += md_len) {
# 6906|->         ret = mbedtls_md_hmac_reset(&md_ctx);
# 6907|           if (ret != 0) {
# 6908|               goto exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def257]
mbedtls-3.6.5/library/ssl_tls.c:8072:5: warning[-Wanalyzer-malloc-leak]: leak of ‘chain’
mbedtls-3.6.5/library/ssl_tls.c:8024:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:8038:16: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:8038:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:8046:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:8046:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls.c:8059:5: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:8061:13: acquire_memory: allocated here
mbedtls-3.6.5/library/ssl_tls.c:8062:8: branch_false: following ‘false’ branch (when ‘chain’ is non-NULL)...
mbedtls-3.6.5/library/ssl_tls.c:8072:5: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls.c:8072:5: danger: ‘chain’ leaks here; was allocated at [(7)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/6)
# 8070|           goto exit;
# 8071|       }
# 8072|->     mbedtls_x509_crt_init(chain);
# 8073|   
# 8074|       ret = ssl_parse_certificate_chain(ssl, chain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def258]
mbedtls-3.6.5/library/ssl_tls12_server.c:229:12: warning[-Wanalyzer-malloc-leak]: leak of ‘curves_tls_id’
mbedtls-3.6.5/library/ssl_tls12_server.c:889:12: enter_function: entry to ‘ssl_parse_client_hello’
mbedtls-3.6.5/library/ssl_tls12_server.c:956:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls12_server.c:961:5: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1036:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls12_server.c:1049:19: call_function: inlined call to ‘mbedtls_ssl_hs_hdr_len’ from ‘ssl_parse_client_hello’
mbedtls-3.6.5/library/ssl_tls12_server.c:1049:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls12_server.c:1054:5: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1056:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls12_server.c:1062:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1131:8: branch_false: following ‘false’ branch (when ‘msg_len > 37’)...
mbedtls-3.6.5/library/ssl_tls12_server.c:1139:5: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1146:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls12_server.c:1156:5: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1165:8: branch_false: following ‘false’ branch (when ‘sess_len <= 32’)...
mbedtls-3.6.5/library/ssl_tls12_server.c:1166:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1165:9: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls12_server.c:1173:5: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1237:8: branch_false: following ‘false’ branch (when ‘ciph_len > 1’)...
mbedtls-3.6.5/library/ssl_tls12_server.c:1238:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1237:9: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls12_server.c:1237:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1237:9: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls12_server.c:1246:5: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1259:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls12_server.c:1261:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1259:9: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls12_server.c:1268:5: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1275:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/ssl_tls12_server.c:1276:23: branch_true: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1276:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls12_server.c:1283:19: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1285:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls12_server.c:1295:28: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1298:12: branch_true: following ‘true’ branch (when ‘ext_len != 0’)...
mbedtls-3.6.5/library/ssl_tls12_server.c:1301:12: branch_true: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1301:12: branch_false: following ‘false’ branch (when ‘ext_len > 3’)...
mbedtls-3.6.5/library/ssl_tls12_server.c:1307:20: call_function: inlined call to ‘mbedtls_get_unaligned_uint16’ from ‘ssl_parse_client_hello’
mbedtls-3.6.5/library/ssl_tls12_server.c:1310:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls12_server.c:1316:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1298:12: branch_true: following ‘true’ branch (when ‘ext_len != 0’)...
mbedtls-3.6.5/library/ssl_tls12_server.c:1301:12: branch_true: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1301:12: branch_false: following ‘false’ branch (when ‘ext_len > 3’)...
mbedtls-3.6.5/library/ssl_tls12_server.c:1307:20: call_function: inlined call to ‘mbedtls_get_unaligned_uint16’ from ‘ssl_parse_client_hello’
mbedtls-3.6.5/library/ssl_tls12_server.c:1310:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls12_server.c:1316:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:1359:23: call_function: calling ‘ssl_parse_supported_groups_ext’ from ‘ssl_parse_client_hello’
#  227|   
#  228|       p = buf + 2;
#  229|->     while (list_size > 0 && our_size > 1) {
#  230|           uint16_t curr_tls_id = MBEDTLS_GET_UINT16_BE(p, 0);
#  231|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def259]
mbedtls-3.6.5/library/ssl_tls12_server.c:2731:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
mbedtls-3.6.5/library/ssl_tls12_server.c:2716:12: enter_function: entry to ‘ssl_get_ecdh_params_from_cert’
mbedtls-3.6.5/library/ssl_tls12_server.c:2720:45: call_function: calling ‘mbedtls_ssl_own_key’ from ‘ssl_get_ecdh_params_from_cert’
mbedtls-3.6.5/library/ssl_tls12_server.c:2720:45: return_function: returning to ‘ssl_get_ecdh_params_from_cert’ from ‘mbedtls_ssl_own_key’
mbedtls-3.6.5/library/ssl_tls12_server.c:2721:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls12_server.c:2726:10: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:2726:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls12_server.c:2732:58: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls12_server.c:2732:58: call_function: calling ‘mbedtls_ssl_own_key’ from ‘ssl_get_ecdh_params_from_cert’
mbedtls-3.6.5/library/ssl_tls12_server.c:2732:58: return_function: returning to ‘ssl_get_ecdh_params_from_cert’ from ‘mbedtls_ssl_own_key’
mbedtls-3.6.5/library/ssl_tls12_server.c:2731:16: danger: dereference of NULL ‘mbedtls_ssl_own_key(ssl)’
# 2729|       }
# 2730|   
# 2731|->     if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx,
# 2732|                                          mbedtls_pk_ec_ro(*mbedtls_ssl_own_key(ssl)),
# 2733|                                          MBEDTLS_ECDH_OURS)) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def260]
mbedtls-3.6.5/library/ssl_tls13_client.c:557:5: warning[-Wanalyzer-malloc-leak]: leak of ‘*handshake.cookie’
mbedtls-3.6.5/library/ssl_tls13_client.c:530:12: enter_function: entry to ‘ssl_tls13_parse_cookie_ext’
mbedtls-3.6.5/library/ssl_tls13_client.c:548:25: acquire_memory: allocated here
mbedtls-3.6.5/library/ssl_tls13_client.c:549:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls13_client.c:556:5: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls13_client.c:557:5: danger: ‘*handshake.cookie’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  555|   
#  556|       memcpy(handshake->cookie, p, cookie_len);
#  557|->     handshake->cookie_len = cookie_len;
#  558|   
#  559|       return 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def261]
mbedtls-3.6.5/library/ssl_tls13_client.c:2430:9: warning[-Wanalyzer-malloc-leak]: leak of ‘*handshake.certificate_request_context’
mbedtls-3.6.5/library/ssl_tls13_client.c:2398:12: enter_function: entry to ‘ssl_tls13_parse_certificate_request’
mbedtls-3.6.5/library/ssl_tls13_client.c:2417:8: branch_true: following ‘true’ branch (when ‘certificate_request_context_len != 0’)...
mbedtls-3.6.5/library/ssl_tls13_client.c:2418:9: call_function: inlined call to ‘mbedtls_ssl_chk_buf_ptr’ from ‘ssl_tls13_parse_certificate_request’
mbedtls-3.6.5/library/ssl_tls13_client.c:2423:13: acquire_memory: allocated here
mbedtls-3.6.5/library/ssl_tls13_client.c:2424:12: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls13_client.c:2428:9: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls13_client.c:2430:9: danger: ‘*handshake.certificate_request_context’ leaks here; was allocated at [(10)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/9)
# 2428|           memcpy(handshake->certificate_request_context, p,
# 2429|                  certificate_request_context_len);
# 2430|->         p += certificate_request_context_len;
# 2431|       }
# 2432|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def262]
mbedtls-3.6.5/library/ssl_tls13_keys.c:1506:22: warning[-Wanalyzer-malloc-leak]: leak of ‘shared_secret’
mbedtls-3.6.5/library/ssl_tls13_keys.c:1481:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/ssl_tls13_keys.c:1482:13: branch_true: ...to here
mbedtls-3.6.5/library/ssl_tls13_keys.c:1501:29: acquire_memory: allocated here
mbedtls-3.6.5/library/ssl_tls13_keys.c:1502:16: branch_false: following ‘false’ branch (when ‘shared_secret’ is non-NULL)...
mbedtls-3.6.5/library/ssl_tls13_keys.c:1506:22: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls13_keys.c:1506:22: danger: ‘shared_secret’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
# 1504|               }
# 1505|   
# 1506|->             status = psa_raw_key_agreement(
# 1507|                   alg, handshake->xxdh_psa_privkey,
# 1508|                   handshake->xxdh_psa_peerkey, handshake->xxdh_psa_peerkey_len,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def263]
mbedtls-3.6.5/library/ssl_tls13_server.c:219:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ticket_buffer’
mbedtls-3.6.5/library/ssl_tls13_server.c:204:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/ssl_tls13_server.c:213:21: acquire_memory: allocated here
mbedtls-3.6.5/library/ssl_tls13_server.c:214:8: branch_false: following ‘false’ branch (when ‘ticket_buffer’ is non-NULL)...
mbedtls-3.6.5/library/ssl_tls13_server.c:217:5: branch_false: ...to here
mbedtls-3.6.5/library/ssl_tls13_server.c:219:11: danger: ‘ticket_buffer’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  217|       memcpy(ticket_buffer, identity, identity_len);
#  218|   
#  219|->     ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket,
#  220|                                       session,
#  221|                                       ticket_buffer, identity_len);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def264]
mbedtls-3.6.5/library/x509.c:102:16: warning[-Wanalyzer-malloc-leak]: leak of ‘pss_opts’
mbedtls-3.6.5/library/x509.c:718:5: enter_function: entry to ‘mbedtls_x509_get_sig_alg’
mbedtls-3.6.5/library/x509.c:724:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509.c:728:16: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:728:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509.c:733:9: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:733:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/x509.c:736:20: branch_true: ...to here
mbedtls-3.6.5/library/x509.c:736:20: acquire_memory: allocated here
mbedtls-3.6.5/library/x509.c:737:12: branch_false: following ‘false’ branch (when ‘pss_opts’ is non-NULL)...
mbedtls-3.6.5/library/x509.c:741:15: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:741:15: call_function: calling ‘mbedtls_x509_get_rsassa_pss_params’ from ‘mbedtls_x509_get_sig_alg’
#  100|       int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#  101|   
#  102|->     if ((ret = mbedtls_asn1_get_alg_null(p, end, alg)) != 0) {
#  103|           return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
#  104|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def265]
mbedtls-3.6.5/library/x509.c:117:16: warning[-Wanalyzer-malloc-leak]: leak of ‘pss_opts’
mbedtls-3.6.5/library/x509.c:718:5: enter_function: entry to ‘mbedtls_x509_get_sig_alg’
mbedtls-3.6.5/library/x509.c:724:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509.c:728:16: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:728:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509.c:733:9: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:733:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/x509.c:736:20: branch_true: ...to here
mbedtls-3.6.5/library/x509.c:736:20: acquire_memory: allocated here
mbedtls-3.6.5/library/x509.c:737:12: branch_false: following ‘false’ branch (when ‘pss_opts’ is non-NULL)...
mbedtls-3.6.5/library/x509.c:741:15: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:741:15: call_function: calling ‘mbedtls_x509_get_rsassa_pss_params’ from ‘mbedtls_x509_get_sig_alg’
#  115|       int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#  116|   
#  117|->     if ((ret = mbedtls_asn1_get_alg(p, end, alg, params)) != 0) {
#  118|           return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
#  119|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def266]
mbedtls-3.6.5/library/x509.c:204:16: warning[-Wanalyzer-malloc-leak]: leak of ‘pss_opts’
mbedtls-3.6.5/library/x509.c:718:5: enter_function: entry to ‘mbedtls_x509_get_sig_alg’
mbedtls-3.6.5/library/x509.c:724:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509.c:728:16: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:728:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509.c:733:9: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:733:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/x509.c:736:20: branch_true: ...to here
mbedtls-3.6.5/library/x509.c:736:20: acquire_memory: allocated here
mbedtls-3.6.5/library/x509.c:737:12: branch_false: following ‘false’ branch (when ‘pss_opts’ is non-NULL)...
mbedtls-3.6.5/library/x509.c:741:15: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:741:15: call_function: calling ‘mbedtls_x509_get_rsassa_pss_params’ from ‘mbedtls_x509_get_sig_alg’
#  202|       md_oid.tag = *p;
#  203|   
#  204|->     if ((ret = mbedtls_asn1_get_tag(&p, end, &md_oid.len, MBEDTLS_ASN1_OID)) != 0) {
#  205|           return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
#  206|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def267]
mbedtls-3.6.5/library/x509.c:212:16: warning[-Wanalyzer-malloc-leak]: leak of ‘pss_opts’
mbedtls-3.6.5/library/x509.c:718:5: enter_function: entry to ‘mbedtls_x509_get_sig_alg’
mbedtls-3.6.5/library/x509.c:724:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509.c:728:16: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:728:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509.c:733:9: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:733:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/x509.c:736:20: branch_true: ...to here
mbedtls-3.6.5/library/x509.c:736:20: acquire_memory: allocated here
mbedtls-3.6.5/library/x509.c:737:12: branch_false: following ‘false’ branch (when ‘pss_opts’ is non-NULL)...
mbedtls-3.6.5/library/x509.c:741:15: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:741:15: call_function: calling ‘mbedtls_x509_get_rsassa_pss_params’ from ‘mbedtls_x509_get_sig_alg’
#  210|   
#  211|       /* Get md_alg from md_oid */
#  212|->     if ((ret = mbedtls_oid_get_md_alg(&md_oid, md_alg)) != 0) {
#  213|           return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
#  214|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def268]
mbedtls-3.6.5/library/x509.c:276:16: warning[-Wanalyzer-malloc-leak]: leak of ‘pss_opts’
mbedtls-3.6.5/library/x509.c:718:5: enter_function: entry to ‘mbedtls_x509_get_sig_alg’
mbedtls-3.6.5/library/x509.c:724:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509.c:728:16: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:728:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509.c:733:9: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:733:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/x509.c:736:20: branch_true: ...to here
mbedtls-3.6.5/library/x509.c:736:20: acquire_memory: allocated here
mbedtls-3.6.5/library/x509.c:737:12: branch_false: following ‘false’ branch (when ‘pss_opts’ is non-NULL)...
mbedtls-3.6.5/library/x509.c:741:15: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:741:15: call_function: calling ‘mbedtls_x509_get_rsassa_pss_params’ from ‘mbedtls_x509_get_sig_alg’
#  274|        * HashAlgorithm
#  275|        */
#  276|->     if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
#  277|                                       MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
#  278|                                       0)) == 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def269]
mbedtls-3.6.5/library/x509.c:286:20: warning[-Wanalyzer-malloc-leak]: leak of ‘pss_opts’
mbedtls-3.6.5/library/x509.c:718:5: enter_function: entry to ‘mbedtls_x509_get_sig_alg’
mbedtls-3.6.5/library/x509.c:724:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509.c:728:16: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:728:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509.c:733:9: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:733:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/x509.c:736:20: branch_true: ...to here
mbedtls-3.6.5/library/x509.c:736:20: acquire_memory: allocated here
mbedtls-3.6.5/library/x509.c:737:12: branch_false: following ‘false’ branch (when ‘pss_opts’ is non-NULL)...
mbedtls-3.6.5/library/x509.c:741:15: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:741:15: call_function: calling ‘mbedtls_x509_get_rsassa_pss_params’ from ‘mbedtls_x509_get_sig_alg’
#  284|           }
#  285|   
#  286|->         if ((ret = mbedtls_oid_get_md_alg(&alg_id, md_alg)) != 0) {
#  287|               return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
#  288|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def270]
mbedtls-3.6.5/library/x509.c:305:16: warning[-Wanalyzer-malloc-leak]: leak of ‘pss_opts’
mbedtls-3.6.5/library/x509.c:718:5: enter_function: entry to ‘mbedtls_x509_get_sig_alg’
mbedtls-3.6.5/library/x509.c:724:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509.c:728:16: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:728:8: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509.c:733:9: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:733:8: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/x509.c:736:20: branch_true: ...to here
mbedtls-3.6.5/library/x509.c:736:20: acquire_memory: allocated here
mbedtls-3.6.5/library/x509.c:737:12: branch_false: following ‘false’ branch (when ‘pss_opts’ is non-NULL)...
mbedtls-3.6.5/library/x509.c:741:15: branch_false: ...to here
mbedtls-3.6.5/library/x509.c:741:15: call_function: calling ‘mbedtls_x509_get_rsassa_pss_params’ from ‘mbedtls_x509_get_sig_alg’
#  303|        * MaskGenAlgorithm
#  304|        */
#  305|->     if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
#  306|                                       MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
#  307|                                       1)) == 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def271]
mbedtls-3.6.5/library/x509_create.c:247:13: warning[-Wanalyzer-malloc-leak]: leak of ‘der’
mbedtls-3.6.5/library/x509_create.c:281:5: enter_function: entry to ‘mbedtls_x509_string_to_names’
mbedtls-3.6.5/library/x509_create.c:298:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
mbedtls-3.6.5/library/x509_create.c:302:12: branch_true: following ‘true’ branch (when ‘c <= end’)...
mbedtls-3.6.5/library/x509_create.c:303:12: branch_true: ...to here
mbedtls-3.6.5/library/x509_create.c:303:12: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/x509_create.c:304:31: call_function: calling ‘x509_attr_descr_from_name’ from ‘mbedtls_x509_string_to_names’
mbedtls-3.6.5/library/x509_create.c:304:31: return_function: returning to ‘mbedtls_x509_string_to_names’ from ‘x509_attr_descr_from_name’
mbedtls-3.6.5/library/x509_create.c:304:16: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509_create.c:311:34: branch_false: ...to here
mbedtls-3.6.5/library/x509_create.c:321:13: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509_create.c:321:30: branch_false: ...to here
mbedtls-3.6.5/library/x509_create.c:321:30: branch_true: following ‘true’ branch (when ‘c == end’)...
mbedtls-3.6.5/library/x509_create.c:322:16: branch_true: ...to here
mbedtls-3.6.5/library/x509_create.c:322:16: branch_false: following ‘false’ branch (when ‘c != s’)...
mbedtls-3.6.5/library/x509_create.c:325:24: branch_false: ...to here
mbedtls-3.6.5/library/x509_create.c:325:23: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/x509_create.c:329:37: branch_true: ...to here
mbedtls-3.6.5/library/x509_create.c:328:29: call_function: calling ‘parse_attribute_value_hex_der_encoded’ from ‘mbedtls_x509_string_to_names’
#  245|       {
#  246|           unsigned char *p = der + 1;
#  247|->         if (mbedtls_asn1_get_len(&p, der + der_length, data_len) != 0) {
#  248|               goto error;
#  249|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def272]
mbedtls-3.6.5/library/x509_create.c:247:13: warning[-Wanalyzer-malloc-leak]: leak of ‘oid.p’
mbedtls-3.6.5/library/x509_create.c:281:5: enter_function: entry to ‘mbedtls_x509_string_to_names’
mbedtls-3.6.5/library/x509_create.c:298:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
mbedtls-3.6.5/library/x509_create.c:302:12: branch_true: following ‘true’ branch (when ‘c <= end’)...
mbedtls-3.6.5/library/x509_create.c:303:12: branch_true: ...to here
mbedtls-3.6.5/library/x509_create.c:303:12: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/x509_create.c:304:31: call_function: calling ‘x509_attr_descr_from_name’ from ‘mbedtls_x509_string_to_names’
mbedtls-3.6.5/library/x509_create.c:304:31: return_function: returning to ‘mbedtls_x509_string_to_names’ from ‘x509_attr_descr_from_name’
mbedtls-3.6.5/library/x509_create.c:304:16: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509_create.c:311:34: branch_false: ...to here
mbedtls-3.6.5/library/x509_create.c:312:25: acquire_memory: allocated here
mbedtls-3.6.5/library/x509_create.c:321:13: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509_create.c:321:30: branch_false: ...to here
mbedtls-3.6.5/library/x509_create.c:321:30: branch_true: following ‘true’ branch (when ‘c == end’)...
mbedtls-3.6.5/library/x509_create.c:322:16: branch_true: ...to here
mbedtls-3.6.5/library/x509_create.c:322:16: branch_false: following ‘false’ branch (when ‘c != s’)...
mbedtls-3.6.5/library/x509_create.c:325:24: branch_false: ...to here
mbedtls-3.6.5/library/x509_create.c:325:23: branch_true: following ‘true’ branch...
mbedtls-3.6.5/library/x509_create.c:329:37: branch_true: ...to here
mbedtls-3.6.5/library/x509_create.c:328:29: call_function: calling ‘parse_attribute_value_hex_der_encoded’ from ‘mbedtls_x509_string_to_names’
#  245|       {
#  246|           unsigned char *p = der + 1;
#  247|->         if (mbedtls_asn1_get_len(&p, der + der_length, data_len) != 0) {
#  248|               goto error;
#  249|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def273]
mbedtls-3.6.5/library/x509write.c:112:17: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/x509write.c:63:17: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509write.c:63:17: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:64:17: branch_false: following ‘false’ branch (when ‘buflen <= 18446744073709551610’)...
mbedtls-3.6.5/library/x509write.c:64:17: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:88:5: branch_false: following ‘false’ branch (when ‘buflen <= 18446744073709551610’)...
mbedtls-3.6.5/library/x509write.c:88:5: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:91:11: acquire_memory: allocated here
mbedtls-3.6.5/library/x509write.c:92:8: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
mbedtls-3.6.5/library/x509write.c:95:9: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:100:12: branch_true: following ‘true’ branch (when ‘cur’ is non-NULL)...
mbedtls-3.6.5/library/x509write.c:102:17: branch_true: ...to here
mbedtls-3.6.5/library/x509write.c:112:17: danger: ‘buf’ leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  110|                   size_t unstructured_name_len = cur->node.san.unstructured_name.len;
#  111|   
#  112|->                 MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
#  113|                                                mbedtls_asn1_write_raw_buffer(
#  114|                                                    &p, buf,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def274]
mbedtls-3.6.5/library/x509write.c:116:17: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/x509write.c:63:17: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509write.c:63:17: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:64:17: branch_false: following ‘false’ branch (when ‘buflen <= 18446744073709551610’)...
mbedtls-3.6.5/library/x509write.c:64:17: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:88:5: branch_false: following ‘false’ branch (when ‘buflen <= 18446744073709551610’)...
mbedtls-3.6.5/library/x509write.c:88:5: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:91:11: acquire_memory: allocated here
mbedtls-3.6.5/library/x509write.c:92:8: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
mbedtls-3.6.5/library/x509write.c:95:9: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:100:12: branch_true: following ‘true’ branch (when ‘cur’ is non-NULL)...
mbedtls-3.6.5/library/x509write.c:102:17: branch_true: ...to here
mbedtls-3.6.5/library/x509write.c:112:17: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509write.c:112:17: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:116:17: danger: ‘buf’ leaks here; was allocated at [(7)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/6)
#  114|                                                    &p, buf,
#  115|                                                    unstructured_name, unstructured_name_len));
#  116|->                 MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, mbedtls_asn1_write_len(
#  117|                                                    &p, buf, unstructured_name_len));
#  118|                   MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def275]
mbedtls-3.6.5/library/x509write.c:118:17: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/x509write.c:63:17: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509write.c:63:17: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:64:17: branch_false: following ‘false’ branch (when ‘buflen <= 18446744073709551610’)...
mbedtls-3.6.5/library/x509write.c:64:17: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:88:5: branch_false: following ‘false’ branch (when ‘buflen <= 18446744073709551610’)...
mbedtls-3.6.5/library/x509write.c:88:5: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:91:11: acquire_memory: allocated here
mbedtls-3.6.5/library/x509write.c:92:8: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
mbedtls-3.6.5/library/x509write.c:95:9: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:100:12: branch_true: following ‘true’ branch (when ‘cur’ is non-NULL)...
mbedtls-3.6.5/library/x509write.c:102:17: branch_true: ...to here
mbedtls-3.6.5/library/x509write.c:112:17: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509write.c:112:17: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:116:17: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509write.c:116:17: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:118:17: danger: ‘buf’ leaks here; was allocated at [(7)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/6)
#  116|                   MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, mbedtls_asn1_write_len(
#  117|                                                    &p, buf, unstructured_name_len));
#  118|->                 MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
#  119|                                                mbedtls_asn1_write_tag(
#  120|                                                    &p, buf,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def276]
mbedtls-3.6.5/library/x509write.c:125:17: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/x509write.c:69:24: branch_true: following ‘true’ branch (when ‘chunk’ is non-NULL)...
mbedtls-3.6.5/library/x509write.c:73:21: branch_true: ...to here
mbedtls-3.6.5/library/x509write.c:73:21: branch_false: following ‘false’ branch (when ‘buflen <= 18446744073709551605’)...
mbedtls-3.6.5/library/x509write.c:73:21: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:74:21: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509write.c:74:21: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:75:21: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509write.c:75:21: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:78:17: branch_false: following ‘false’ branch (when ‘buflen <= 18446744073709551610’)...
mbedtls-3.6.5/library/x509write.c:78:17: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:88:5: branch_false: following ‘false’ branch (when ‘buflen <= 18446744073709551610’)...
mbedtls-3.6.5/library/x509write.c:88:5: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:91:11: acquire_memory: allocated here
mbedtls-3.6.5/library/x509write.c:92:8: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
mbedtls-3.6.5/library/x509write.c:95:9: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:100:12: branch_true: following ‘true’ branch (when ‘cur’ is non-NULL)...
mbedtls-3.6.5/library/x509write.c:102:17: branch_true: ...to here
mbedtls-3.6.5/library/x509write.c:125:17: danger: ‘buf’ leaks here; was allocated at [(13)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/12)
#  123|               break;
#  124|               case MBEDTLS_X509_SAN_DIRECTORY_NAME:
#  125|->                 MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
#  126|                                                mbedtls_x509_write_names(&p, buf,
#  127|                                                                         (mbedtls_asn1_named_data *) &

Error: GCC_ANALYZER_WARNING (CWE-401): [#def277]
mbedtls-3.6.5/library/x509write.c:152:5: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/x509write.c:88:5: branch_false: following ‘false’ branch (when ‘buflen <= 18446744073709551610’)...
mbedtls-3.6.5/library/x509write.c:88:5: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:91:11: acquire_memory: allocated here
mbedtls-3.6.5/library/x509write.c:92:8: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
mbedtls-3.6.5/library/x509write.c:95:9: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:152:5: danger: ‘buf’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  150|       }
#  151|   
#  152|->     MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf, len));
#  153|       MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
#  154|                                    mbedtls_asn1_write_tag(&p, buf,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def278]
mbedtls-3.6.5/library/x509write.c:153:5: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/x509write.c:88:5: branch_false: following ‘false’ branch (when ‘buflen <= 18446744073709551610’)...
mbedtls-3.6.5/library/x509write.c:88:5: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:91:11: acquire_memory: allocated here
mbedtls-3.6.5/library/x509write.c:92:8: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
mbedtls-3.6.5/library/x509write.c:95:9: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:152:5: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509write.c:152:5: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:153:5: danger: ‘buf’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  151|   
#  152|       MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf, len));
#  153|->     MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
#  154|                                    mbedtls_asn1_write_tag(&p, buf,
#  155|                                                           MBEDTLS_ASN1_CONSTRUCTED |

Error: GCC_ANALYZER_WARNING (CWE-401): [#def279]
mbedtls-3.6.5/library/x509write.c:158:11: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
mbedtls-3.6.5/library/x509write.c:88:5: branch_false: following ‘false’ branch (when ‘buflen <= 18446744073709551610’)...
mbedtls-3.6.5/library/x509write.c:88:5: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:91:11: acquire_memory: allocated here
mbedtls-3.6.5/library/x509write.c:92:8: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
mbedtls-3.6.5/library/x509write.c:95:9: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:152:5: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509write.c:152:5: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:153:5: branch_false: following ‘false’ branch...
mbedtls-3.6.5/library/x509write.c:153:5: branch_false: ...to here
mbedtls-3.6.5/library/x509write.c:158:11: danger: ‘buf’ leaks here; was allocated at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
#  156|                                                           MBEDTLS_ASN1_SEQUENCE));
#  157|   
#  158|->     ret = mbedtls_x509_set_extension(extensions,
#  159|                                        MBEDTLS_OID_SUBJECT_ALT_NAME,
#  160|                                        MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_ALT_NAME),

Error: GCC_ANALYZER_WARNING (CWE-401): [#def280]
mbedtls-3.6.5/library/x509write_csr.c:158:5: warning[-Wanalyzer-malloc-leak]: leak of ‘sig’
mbedtls-3.6.5/library/x509write_csr.c:289:5: enter_function: entry to ‘mbedtls_x509write_csr_der’
mbedtls-3.6.5/library/x509write_csr.c:297:16: acquire_memory: allocated here
mbedtls-3.6.5/library/x509write_csr.c:297:8: branch_false: following ‘false’ branch (when ‘sig’ is non-NULL)...
mbedtls-3.6.5/library/x509write_csr.c:301:11: branch_false: ...to here
mbedtls-3.6.5/library/x509write_csr.c:301:11: call_function: calling ‘x509write_csr_der_internal’ from ‘mbedtls_x509write_csr_der’
#  156|       c = buf + size;
#  157|   
#  158|->     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_extensions(&c, buf,
#  159|                                                               ctx->extensions));
#  160|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def281]
mbedtls-3.6.5/library/x509write_csr.c:162:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sig’
mbedtls-3.6.5/library/x509write_csr.c:289:5: enter_function: entry to ‘mbedtls_x509write_csr_der’
mbedtls-3.6.5/library/x509write_csr.c:297:16: acquire_memory: allocated here
mbedtls-3.6.5/library/x509write_csr.c:297:8: branch_false: following ‘false’ branch (when ‘sig’ is non-NULL)...
mbedtls-3.6.5/library/x509write_csr.c:301:11: branch_false: ...to here
mbedtls-3.6.5/library/x509write_csr.c:301:11: call_function: calling ‘x509write_csr_der_internal’ from ‘mbedtls_x509write_csr_der’
#  160|   
#  161|       if (len) {
#  162|->         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
#  163|           MBEDTLS_ASN1_CHK_ADD(len,
#  164|                                mbedtls_asn1_write_tag(

Error: GCC_ANALYZER_WARNING (CWE-401): [#def282]
mbedtls-3.6.5/library/x509write_csr.c:163:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sig’
mbedtls-3.6.5/library/x509write_csr.c:289:5: enter_function: entry to ‘mbedtls_x509write_csr_der’
mbedtls-3.6.5/library/x509write_csr.c:297:16: acquire_memory: allocated here
mbedtls-3.6.5/library/x509write_csr.c:297:8: branch_false: following ‘false’ branch (when ‘sig’ is non-NULL)...
mbedtls-3.6.5/library/x509write_csr.c:301:11: branch_false: ...to here
mbedtls-3.6.5/library/x509write_csr.c:301:11: call_function: calling ‘x509write_csr_der_internal’ from ‘mbedtls_x509write_csr_der’
#  161|       if (len) {
#  162|           MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
#  163|->         MBEDTLS_ASN1_CHK_ADD(len,
#  164|                                mbedtls_asn1_write_tag(
#  165|                                    &c, buf,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def283]
mbedtls-3.6.5/library/x509write_csr.c:168:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sig’
mbedtls-3.6.5/library/x509write_csr.c:289:5: enter_function: entry to ‘mbedtls_x509write_csr_der’
mbedtls-3.6.5/library/x509write_csr.c:297:16: acquire_memory: allocated here
mbedtls-3.6.5/library/x509write_csr.c:297:8: branch_false: following ‘false’ branch (when ‘sig’ is non-NULL)...
mbedtls-3.6.5/library/x509write_csr.c:301:11: branch_false: ...to here
mbedtls-3.6.5/library/x509write_csr.c:301:11: call_function: calling ‘x509write_csr_der_internal’ from ‘mbedtls_x509write_csr_der’
#  166|                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
#  167|   
#  168|->         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
#  169|           MBEDTLS_ASN1_CHK_ADD(len,
#  170|                                mbedtls_asn1_write_tag(

Error: GCC_ANALYZER_WARNING (CWE-401): [#def284]
mbedtls-3.6.5/library/x509write_csr.c:169:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sig’
mbedtls-3.6.5/library/x509write_csr.c:289:5: enter_function: entry to ‘mbedtls_x509write_csr_der’
mbedtls-3.6.5/library/x509write_csr.c:297:16: acquire_memory: allocated here
mbedtls-3.6.5/library/x509write_csr.c:297:8: branch_false: following ‘false’ branch (when ‘sig’ is non-NULL)...
mbedtls-3.6.5/library/x509write_csr.c:301:11: branch_false: ...to here
mbedtls-3.6.5/library/x509write_csr.c:301:11: call_function: calling ‘x509write_csr_der_internal’ from ‘mbedtls_x509write_csr_der’
#  167|   
#  168|           MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
#  169|->         MBEDTLS_ASN1_CHK_ADD(len,
#  170|                                mbedtls_asn1_write_tag(
#  171|                                    &c, buf,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def285]
mbedtls-3.6.5/library/x509write_csr.c:174:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sig’
mbedtls-3.6.5/library/x509write_csr.c:289:5: enter_function: entry to ‘mbedtls_x509write_csr_der’
mbedtls-3.6.5/library/x509write_csr.c:297:16: acquire_memory: allocated here
mbedtls-3.6.5/library/x509write_csr.c:297:8: branch_false: following ‘false’ branch (when ‘sig’ is non-NULL)...
mbedtls-3.6.5/library/x509write_csr.c:301:11: branch_false: ...to here
mbedtls-3.6.5/library/x509write_csr.c:301:11: call_function: calling ‘x509write_csr_der_internal’ from ‘mbedtls_x509write_csr_der’
#  172|                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET));
#  173|   
#  174|->         MBEDTLS_ASN1_CHK_ADD(len,
#  175|                                mbedtls_asn1_write_oid(
#  176|                                    &c, buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def286]
mbedtls-3.6.5/library/x509write_csr.c:179:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sig’
mbedtls-3.6.5/library/x509write_csr.c:289:5: enter_function: entry to ‘mbedtls_x509write_csr_der’
mbedtls-3.6.5/library/x509write_csr.c:297:16: acquire_memory: allocated here
mbedtls-3.6.5/library/x509write_csr.c:297:8: branch_false: following ‘false’ branch (when ‘sig’ is non-NULL)...
mbedtls-3.6.5/library/x509write_csr.c:301:11: branch_false: ...to here
mbedtls-3.6.5/library/x509write_csr.c:301:11: call_function: calling ‘x509write_csr_der_internal’ from ‘mbedtls_x509write_csr_der’
#  177|                                    MBEDTLS_OID_SIZE(MBEDTLS_OID_PKCS9_CSR_EXT_REQ)));
#  178|   
#  179|->         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
#  180|           MBEDTLS_ASN1_CHK_ADD(len,
#  181|                                mbedtls_asn1_write_tag(

Error: GCC_ANALYZER_WARNING (CWE-401): [#def287]
mbedtls-3.6.5/library/x509write_csr.c:180:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sig’
mbedtls-3.6.5/library/x509write_csr.c:289:5: enter_function: entry to ‘mbedtls_x509write_csr_der’
mbedtls-3.6.5/library/x509write_csr.c:297:16: acquire_memory: allocated here
mbedtls-3.6.5/library/x509write_csr.c:297:8: branch_false: following ‘false’ branch (when ‘sig’ is non-NULL)...
mbedtls-3.6.5/library/x509write_csr.c:301:11: branch_false: ...to here
mbedtls-3.6.5/library/x509write_csr.c:301:11: call_function: calling ‘x509write_csr_der_internal’ from ‘mbedtls_x509write_csr_der’
#  178|   
#  179|           MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
#  180|->         MBEDTLS_ASN1_CHK_ADD(len,
#  181|                                mbedtls_asn1_write_tag(
#  182|                                    &c, buf,