Error: GCC_ANALYZER_WARNING (CWE-404): [#def1] openssl-3.5.1/apps/storeutl.c:338:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' openssl-3.5.1/apps/storeutl.c:336:5: acquire_resource: 'va_start' called here openssl-3.5.1/apps/storeutl.c:338:11: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0) # 336| va_start(args, format); # 337| # 338|-> ret = BIO_printf(bio, "%*s", indent, "") + BIO_vprintf(bio, format, args); # 339| # 340| va_end(args); Error: GCC_ANALYZER_WARNING (CWE-404): [#def2] openssl-3.5.1/apps/storeutl.c:338:48: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' openssl-3.5.1/apps/storeutl.c:336:5: acquire_resource: 'va_start' called here openssl-3.5.1/apps/storeutl.c:338:48: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0) # 336| va_start(args, format); # 337| # 338|-> ret = BIO_printf(bio, "%*s", indent, "") + BIO_vprintf(bio, format, args); # 339| # 340| va_end(args); Error: COMPILER_WARNING (CWE-590): [#def3] openssl-3.5.1/crypto/mem.c:353:5: warning[-Wfree-nonheap-object]: 'free' called on unallocated object 'recp' # 353 | free(str); # | ^ openssl-3.5.1/crypto/bn/bn_exp.c: scope_hint: In function 'BN_mod_exp_recp' openssl-3.5.1/crypto/bn/bn_exp.c:177:17: note: declared here # 177 | BN_RECP_CTX recp; # | ^ # 351| } # 352| # 353|-> free(str); # 354| } # 355| Error: GCC_ANALYZER_WARNING (CWE-401): [#def4] openssl-3.5.1/fuzz/test-corpus.c:47:5: warning[-Wanalyzer-malloc-leak]: leak of 'pathname' openssl-3.5.1/fuzz/test-corpus.c:61:5: enter_function: entry to 'main' openssl-3.5.1/fuzz/test-corpus.c:66:17: branch_true: following 'true' branch... openssl-3.5.1/fuzz/test-corpus.c:67:41: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:76:16: branch_true: following 'true' branch... openssl-3.5.1/fuzz/test-corpus.c:78:16: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:78:16: branch_true: following 'true' branch (when 'pathname' is NULL)... openssl-3.5.1/fuzz/test-corpus.c:79:28: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:79:28: acquire_memory: allocated here openssl-3.5.1/fuzz/test-corpus.c:80:20: branch_false: following 'false' branch (when 'pathname' is non-NULL)... openssl-3.5.1/fuzz/test-corpus.c:82:38: branch_false: ...to here openssl-3.5.1/fuzz/test-corpus.c:90:13: call_function: calling 'testfile' from 'main' # 45| return; # 46| printf("# %s\n", pathname); # 47|-> fflush(stdout); # 48| f = fopen(pathname, "rb"); # 49| if (f == NULL) Error: GCC_ANALYZER_WARNING (CWE-775): [#def5] openssl-3.5.1/fuzz/test-corpus.c:51:18: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen(pathname, "rb")' openssl-3.5.1/fuzz/test-corpus.c:61:5: enter_function: entry to 'main' openssl-3.5.1/fuzz/test-corpus.c:66:17: branch_true: following 'true' branch... openssl-3.5.1/fuzz/test-corpus.c:67:41: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:95:12: branch_true: following 'true' branch (when 'wasdir == 0')... openssl-3.5.1/fuzz/test-corpus.c:96:26: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:96:13: call_function: calling 'testfile' from 'main' # 49| if (f == NULL) # 50| return; # 51|-> buf = malloc(st.st_size); # 52| if (buf != NULL) { # 53| s = fread(buf, 1, st.st_size, f); Error: GCC_ANALYZER_WARNING (CWE-401): [#def6] openssl-3.5.1/fuzz/test-corpus.c:51:18: warning[-Wanalyzer-malloc-leak]: leak of 'fopen(pathname, "rb")' openssl-3.5.1/fuzz/test-corpus.c:61:5: enter_function: entry to 'main' openssl-3.5.1/fuzz/test-corpus.c:66:17: branch_true: following 'true' branch... openssl-3.5.1/fuzz/test-corpus.c:67:41: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:95:12: branch_true: following 'true' branch (when 'wasdir == 0')... openssl-3.5.1/fuzz/test-corpus.c:96:26: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:96:13: call_function: calling 'testfile' from 'main' # 49| if (f == NULL) # 50| return; # 51|-> buf = malloc(st.st_size); # 52| if (buf != NULL) { # 53| s = fread(buf, 1, st.st_size, f); Error: GCC_ANALYZER_WARNING (CWE-401): [#def7] openssl-3.5.1/fuzz/test-corpus.c:54:9: warning[-Wanalyzer-malloc-leak]: leak of 'buf' openssl-3.5.1/fuzz/test-corpus.c:61:5: enter_function: entry to 'main' openssl-3.5.1/fuzz/test-corpus.c:66:17: branch_true: following 'true' branch... openssl-3.5.1/fuzz/test-corpus.c:67:41: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:95:12: branch_true: following 'true' branch (when 'wasdir == 0')... openssl-3.5.1/fuzz/test-corpus.c:96:26: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:96:13: call_function: calling 'testfile' from 'main' # 52| if (buf != NULL) { # 53| s = fread(buf, 1, st.st_size, f); # 54|-> OPENSSL_assert(s == (size_t)st.st_size); # 55| FuzzerTestOneInput(buf, s); # 56| free(buf); Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] openssl-3.5.1/fuzz/test-corpus.c:54:9: warning[-Wanalyzer-malloc-leak]: leak of 'pathname' openssl-3.5.1/fuzz/test-corpus.c:61:5: enter_function: entry to 'main' openssl-3.5.1/fuzz/test-corpus.c:66:17: branch_true: following 'true' branch... openssl-3.5.1/fuzz/test-corpus.c:67:41: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:76:16: branch_true: following 'true' branch... openssl-3.5.1/fuzz/test-corpus.c:78:16: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:78:16: branch_true: following 'true' branch (when 'pathname' is NULL)... openssl-3.5.1/fuzz/test-corpus.c:79:28: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:79:28: acquire_memory: allocated here openssl-3.5.1/fuzz/test-corpus.c:80:20: branch_false: following 'false' branch (when 'pathname' is non-NULL)... openssl-3.5.1/fuzz/test-corpus.c:82:38: branch_false: ...to here openssl-3.5.1/fuzz/test-corpus.c:90:13: call_function: calling 'testfile' from 'main' # 52| if (buf != NULL) { # 53| s = fread(buf, 1, st.st_size, f); # 54|-> OPENSSL_assert(s == (size_t)st.st_size); # 55| FuzzerTestOneInput(buf, s); # 56| free(buf); Error: GCC_ANALYZER_WARNING (CWE-775): [#def9] openssl-3.5.1/fuzz/test-corpus.c:55:9: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen(pathname, "rb")' openssl-3.5.1/fuzz/test-corpus.c:61:5: enter_function: entry to 'main' openssl-3.5.1/fuzz/test-corpus.c:66:17: branch_true: following 'true' branch... openssl-3.5.1/fuzz/test-corpus.c:67:41: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:95:12: branch_true: following 'true' branch (when 'wasdir == 0')... openssl-3.5.1/fuzz/test-corpus.c:96:26: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:96:13: call_function: calling 'testfile' from 'main' # 53| s = fread(buf, 1, st.st_size, f); # 54| OPENSSL_assert(s == (size_t)st.st_size); # 55|-> FuzzerTestOneInput(buf, s); # 56| free(buf); # 57| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def10] openssl-3.5.1/fuzz/test-corpus.c:55:9: warning[-Wanalyzer-malloc-leak]: leak of 'buf' openssl-3.5.1/fuzz/test-corpus.c:61:5: enter_function: entry to 'main' openssl-3.5.1/fuzz/test-corpus.c:66:17: branch_true: following 'true' branch... openssl-3.5.1/fuzz/test-corpus.c:67:41: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:95:12: branch_true: following 'true' branch (when 'wasdir == 0')... openssl-3.5.1/fuzz/test-corpus.c:96:26: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:96:13: call_function: calling 'testfile' from 'main' # 53| s = fread(buf, 1, st.st_size, f); # 54| OPENSSL_assert(s == (size_t)st.st_size); # 55|-> FuzzerTestOneInput(buf, s); # 56| free(buf); # 57| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def11] openssl-3.5.1/fuzz/test-corpus.c:55:9: warning[-Wanalyzer-malloc-leak]: leak of 'fopen(pathname, "rb")' openssl-3.5.1/fuzz/test-corpus.c:61:5: enter_function: entry to 'main' openssl-3.5.1/fuzz/test-corpus.c:66:17: branch_true: following 'true' branch... openssl-3.5.1/fuzz/test-corpus.c:67:41: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:95:12: branch_true: following 'true' branch (when 'wasdir == 0')... openssl-3.5.1/fuzz/test-corpus.c:96:26: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:96:13: call_function: calling 'testfile' from 'main' # 53| s = fread(buf, 1, st.st_size, f); # 54| OPENSSL_assert(s == (size_t)st.st_size); # 55|-> FuzzerTestOneInput(buf, s); # 56| free(buf); # 57| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def12] openssl-3.5.1/fuzz/test-corpus.c:55:9: warning[-Wanalyzer-malloc-leak]: leak of 'pathname' openssl-3.5.1/fuzz/test-corpus.c:61:5: enter_function: entry to 'main' openssl-3.5.1/fuzz/test-corpus.c:66:17: branch_true: following 'true' branch... openssl-3.5.1/fuzz/test-corpus.c:67:41: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:76:16: branch_true: following 'true' branch... openssl-3.5.1/fuzz/test-corpus.c:78:16: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:78:16: branch_true: following 'true' branch (when 'pathname' is NULL)... openssl-3.5.1/fuzz/test-corpus.c:79:28: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:79:28: acquire_memory: allocated here openssl-3.5.1/fuzz/test-corpus.c:80:20: branch_false: following 'false' branch (when 'pathname' is non-NULL)... openssl-3.5.1/fuzz/test-corpus.c:82:38: branch_false: ...to here openssl-3.5.1/fuzz/test-corpus.c:90:13: call_function: calling 'testfile' from 'main' # 53| s = fread(buf, 1, st.st_size, f); # 54| OPENSSL_assert(s == (size_t)st.st_size); # 55|-> FuzzerTestOneInput(buf, s); # 56| free(buf); # 57| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def13] openssl-3.5.1/fuzz/test-corpus.c:76:28: warning[-Wanalyzer-malloc-leak]: leak of 'pathname' openssl-3.5.1/fuzz/test-corpus.c:66:17: branch_true: following 'true' branch... openssl-3.5.1/fuzz/test-corpus.c:67:41: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:76:16: branch_true: following 'true' branch... openssl-3.5.1/fuzz/test-corpus.c:78:16: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:78:16: branch_true: following 'true' branch (when 'pathname' is NULL)... openssl-3.5.1/fuzz/test-corpus.c:79:28: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:79:28: acquire_memory: allocated here openssl-3.5.1/fuzz/test-corpus.c:80:20: branch_false: following 'false' branch (when 'pathname' is non-NULL)... openssl-3.5.1/fuzz/test-corpus.c:82:38: branch_false: ...to here openssl-3.5.1/fuzz/test-corpus.c:76:28: danger: 'pathname' leaks here; was allocated at [(7)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/6) # 74| * We start with trying to read the given path as a directory. # 75| */ # 76|-> while ((filename = OPENSSL_DIR_read(&ctx, argv[n])) != NULL) { # 77| wasdir = 1; # 78| if (pathname == NULL) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def14] openssl-3.5.1/fuzz/test-corpus.c:92:9: warning[-Wanalyzer-malloc-leak]: leak of 'pathname' openssl-3.5.1/fuzz/test-corpus.c:66:17: branch_true: following 'true' branch... openssl-3.5.1/fuzz/test-corpus.c:67:41: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:76:16: branch_true: following 'true' branch... openssl-3.5.1/fuzz/test-corpus.c:78:16: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:78:16: branch_true: following 'true' branch (when 'pathname' is NULL)... openssl-3.5.1/fuzz/test-corpus.c:79:28: branch_true: ...to here openssl-3.5.1/fuzz/test-corpus.c:79:28: acquire_memory: allocated here openssl-3.5.1/fuzz/test-corpus.c:80:20: branch_false: following 'false' branch (when 'pathname' is non-NULL)... openssl-3.5.1/fuzz/test-corpus.c:82:38: branch_false: ...to here openssl-3.5.1/fuzz/test-corpus.c:76:16: branch_false: following 'false' branch... openssl-3.5.1/fuzz/test-corpus.c:92:9: branch_false: ...to here openssl-3.5.1/fuzz/test-corpus.c:92:9: danger: 'pathname' leaks here; was allocated at [(7)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/6) # 90| testfile(pathname); # 91| } # 92|-> OPENSSL_DIR_end(&ctx); # 93| # 94| /* If it wasn't a directory, treat it as a file instead */ Error: GCC_ANALYZER_WARNING (CWE-476): [#def15] openssl-3.5.1/ssl/d1_lib.c:871:11: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sc' openssl-3.5.1/ssl/d1_lib.c:864:26: branch_true: following 'true' branch (when 's' is non-NULL)... openssl-3.5.1/ssl/d1_lib.c:864:26: branch_true: ...to here openssl-3.5.1/ssl/d1_lib.c:864:26: branch_false: following 'false' branch... branch_false: ...to here openssl-3.5.1/ssl/d1_lib.c:870:8: branch_true: following 'true' branch... openssl-3.5.1/ssl/d1_lib.c:871:11: danger: dereference of NULL 'sc' # 869| wbio = SSL_get_wbio(s); # 870| if (wbio != NULL && BIO_dgram_is_sctp(wbio) && # 871|-> !(sc->shutdown & SSL_SENT_SHUTDOWN)) { # 872| ret = BIO_dgram_sctp_wait_for_dry(wbio); # 873| if (ret < 0)
| analyzer-version-clippy | 1.90.0 |
| analyzer-version-cppcheck | 2.18.3 |
| analyzer-version-gcc | 15.2.1 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.90.0 |
| diffbase-analyzer-version-cppcheck | 2.18.3 |
| diffbase-analyzer-version-gcc | 15.2.1 |
| diffbase-analyzer-version-gcc-analyzer | 16.0.0 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-253.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-gcc-latest-x86_64 |
| diffbase-project-name | openssl-3.5.4-1.fc44 |
| diffbase-store-results-to | /tmp/tmp9ux4irij/openssl-3.5.4-1.fc44.tar.xz |
| diffbase-time-created | 2025-10-28 20:14:59 |
| diffbase-time-finished | 2025-10-28 20:31:53 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'gcc,cppcheck,shellcheck,clippy,unicontrol' '-o' '/tmp/tmp9ux4irij/openssl-3.5.4-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmp9ux4irij/openssl-3.5.4-1.fc44.src.rpm' |
| diffbase-tool-version | csmock-3.8.3.20251027.143044.ge6b947b-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-253.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-gcc-latest-x86_64 |
| project-name | openssl-3.5.1-2.fc43 |
| store-results-to | /tmp/tmpjcd5bg85/openssl-3.5.1-2.fc43.tar.xz |
| time-created | 2025-10-28 19:32:37 |
| time-finished | 2025-10-28 20:14:25 |
| title | Fixed findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'gcc,cppcheck,shellcheck,clippy,unicontrol' '-o' '/tmp/tmpjcd5bg85/openssl-3.5.1-2.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpjcd5bg85/openssl-3.5.1-2.fc43.src.rpm' |
| tool-version | csmock-3.8.3.20251027.143044.ge6b947b-1.el9 |