openssl-3.5.4-1.fc44

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-404): [#def1]
openssl-3.5.4/apps/lib/apps.c:632:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/apps.c:631:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/apps.c:632:5: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  630|   
#  631|       va_start(args, fmt);
#  632|->     BIO_vprintf(bio_err, fmt, args);
#  633|       va_end(args);
#  634|       ERR_print_errors(bio_err);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
openssl-3.5.4/apps/lib/apps.c:3136:9: warning[-Wanalyzer-malloc-leak]: leak of 'fp'
openssl-3.5.4/apps/lib/apps.c:3083:6: enter_function: entry to 'bio_open_owner'
openssl-3.5.4/apps/lib/apps.c:3124:8: branch_false: following 'false' branch...
openssl-3.5.4/apps/lib/apps.c:3126:10: branch_false: ...to here
openssl-3.5.4/apps/lib/apps.c:3126:10: call_function: calling 'modestr' from 'bio_open_owner'
openssl-3.5.4/apps/lib/apps.c:3126:10: return_function: returning to 'bio_open_owner' from 'modestr'
openssl-3.5.4/apps/lib/apps.c:3126:10: acquire_memory: allocated here
openssl-3.5.4/apps/lib/apps.c:3131:8: branch_false: following 'false' branch (when 'fp' is non-NULL)...
openssl-3.5.4/apps/lib/apps.c:3134:8: branch_false: ...to here
openssl-3.5.4/apps/lib/apps.c:3136:9: danger: 'fp' leaks here; was allocated at [(11)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/10)
# 3134|       if (textmode)
# 3135|           bflags |= BIO_FP_TEXT;
# 3136|->     b = BIO_new_fp(fp, bflags);
# 3137|       if (b != NULL)
# 3138|           return b;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def3]
openssl-3.5.4/apps/lib/apps_opt_printf.c:21:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/apps_opt_printf.c:20:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/apps_opt_printf.c:21:11: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   19|   
#   20|       va_start(ap, fmt);
#   21|->     ret = BIO_vprintf(bio_err, fmt, ap);
#   22|       va_end(ap);
#   23|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def4]
openssl-3.5.4/apps/lib/log.c:47:22: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:71:6: enter_function: entry to 'trace_log_message'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:95:8: branch_false: following 'false' branch...
openssl-3.5.4/apps/lib/log.c:106:5: branch_false: ...to here
openssl-3.5.4/apps/lib/log.c:106:5: call_function: calling 'log_with_prefix' from 'trace_log_message'
#   45|   {
#   46|       char prefix[80];
#   47|->     BIO *bio, *pre = BIO_new(BIO_f_prefix());
#   48|   
#   49|       (void)BIO_snprintf(prefix, sizeof(prefix), "%s: ", prog);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def5]
openssl-3.5.4/apps/lib/log.c:49:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:71:6: enter_function: entry to 'trace_log_message'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:95:8: branch_false: following 'false' branch...
openssl-3.5.4/apps/lib/log.c:106:5: branch_false: ...to here
openssl-3.5.4/apps/lib/log.c:106:5: call_function: calling 'log_with_prefix' from 'trace_log_message'
#   47|       BIO *bio, *pre = BIO_new(BIO_f_prefix());
#   48|   
#   49|->     (void)BIO_snprintf(prefix, sizeof(prefix), "%s: ", prog);
#   50|       (void)BIO_set_prefix(pre, prefix);
#   51|       bio = BIO_push(pre, bio_err);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def6]
openssl-3.5.4/apps/lib/log.c:50:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:71:6: enter_function: entry to 'trace_log_message'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:95:8: branch_false: following 'false' branch...
openssl-3.5.4/apps/lib/log.c:106:5: branch_false: ...to here
openssl-3.5.4/apps/lib/log.c:106:5: call_function: calling 'log_with_prefix' from 'trace_log_message'
#   48|   
#   49|       (void)BIO_snprintf(prefix, sizeof(prefix), "%s: ", prog);
#   50|->     (void)BIO_set_prefix(pre, prefix);
#   51|       bio = BIO_push(pre, bio_err);
#   52|       (void)BIO_vprintf(bio, fmt, ap);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def7]
openssl-3.5.4/apps/lib/log.c:51:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:71:6: enter_function: entry to 'trace_log_message'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:95:8: branch_false: following 'false' branch...
openssl-3.5.4/apps/lib/log.c:106:5: branch_false: ...to here
openssl-3.5.4/apps/lib/log.c:106:5: call_function: calling 'log_with_prefix' from 'trace_log_message'
#   49|       (void)BIO_snprintf(prefix, sizeof(prefix), "%s: ", prog);
#   50|       (void)BIO_set_prefix(pre, prefix);
#   51|->     bio = BIO_push(pre, bio_err);
#   52|       (void)BIO_vprintf(bio, fmt, ap);
#   53|       (void)BIO_printf(bio, "\n");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def8]
openssl-3.5.4/apps/lib/log.c:52:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:71:6: enter_function: entry to 'trace_log_message'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:95:8: branch_false: following 'false' branch...
openssl-3.5.4/apps/lib/log.c:106:5: branch_false: ...to here
openssl-3.5.4/apps/lib/log.c:106:5: call_function: calling 'log_with_prefix' from 'trace_log_message'
#   50|       (void)BIO_set_prefix(pre, prefix);
#   51|       bio = BIO_push(pre, bio_err);
#   52|->     (void)BIO_vprintf(bio, fmt, ap);
#   53|       (void)BIO_printf(bio, "\n");
#   54|       (void)BIO_flush(bio);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def9]
openssl-3.5.4/apps/lib/log.c:81:26: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:81:8: branch_true: following 'true' branch (when 'category >= 0')...
openssl-3.5.4/apps/lib/log.c:81:26: branch_true: ...to here
openssl-3.5.4/apps/lib/log.c:81:26: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#   79|           category = -1; /* disabling trace output in addition to logging */
#   80|   #endif
#   81|->     if (category >= 0 && OSSL_trace_enabled(category)) {
#   82|           BIO *out = OSSL_trace_begin(category);
#   83|   #ifndef OSSL_NO_C99

Error: GCC_ANALYZER_WARNING (CWE-404): [#def10]
openssl-3.5.4/apps/lib/log.c:82:20: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:81:8: branch_true: following 'true' branch...
openssl-3.5.4/apps/lib/log.c:82:20: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#   80|   #endif
#   81|       if (category >= 0 && OSSL_trace_enabled(category)) {
#   82|->         BIO *out = OSSL_trace_begin(category);
#   83|   #ifndef OSSL_NO_C99
#   84|           va_list ap_copy;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def11]
openssl-3.5.4/apps/lib/log.c:87:15: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:81:8: branch_true: following 'true' branch...
openssl-3.5.4/apps/lib/log.c:87:15: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#   85|   
#   86|           va_copy(ap_copy, ap);
#   87|->         (void)BIO_vprintf(out, fmt, ap_copy);
#   88|           va_end(ap_copy);
#   89|   #else

Error: GCC_ANALYZER_WARNING (CWE-404): [#def12]
openssl-3.5.4/apps/lib/log.c:92:15: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:81:8: branch_true: following 'true' branch...
openssl-3.5.4/apps/lib/log.c:92:15: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#   90|           (void)BIO_vprintf(out, fmt, ap);
#   91|   #endif
#   92|->         (void)BIO_printf(out, "\n");
#   93|           OSSL_trace_end(category, out);
#   94|       }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def13]
openssl-3.5.4/apps/lib/log.c:93:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:81:8: branch_true: following 'true' branch...
openssl-3.5.4/apps/lib/log.c:93:9: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#   91|   #endif
#   92|           (void)BIO_printf(out, "\n");
#   93|->         OSSL_trace_end(category, out);
#   94|       }
#   95|       if (verbosity < level) {

Error: GCC_ANALYZER_WARNING (CWE-465): [#def14]
openssl-3.5.4/apps/lib/opt.c:219:13: warning[-Wanalyzer-deref-before-check]: check of 'o' for NULL after already dereferencing it
openssl-3.5.4/apps/lib/opt.c:174:12: branch_true: following 'true' branch...
openssl-3.5.4/apps/lib/opt.c:218:13: branch_false: following 'false' branch...
openssl-3.5.4/apps/lib/opt.c:219:13: branch_false: ...to here
openssl-3.5.4/apps/lib/opt.c:219:13: branch_false: following 'false' branch...
openssl-3.5.4/apps/lib/opt.c:220:13: branch_false: ...to here
openssl-3.5.4/apps/lib/opt.c:221:13: branch_false: following 'false' branch...
openssl-3.5.4/apps/lib/opt.c:174:57: branch_false: ...to here
openssl-3.5.4/apps/lib/opt.c:174:12: branch_true: following 'true' branch...
openssl-3.5.4/apps/lib/opt.c:218:13: branch_false: following 'false' branch...
openssl-3.5.4/apps/lib/opt.c:219:13: branch_false: ...to here
openssl-3.5.4/apps/lib/opt.c:219:13: danger: pointer 'o' is checked for NULL here but it was already dereferenced at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#  217|           if (o->name[0] == '\0') {
#  218|               OPENSSL_assert(unknown_name != NULL);
#  219|->             OPENSSL_assert(unknown == NULL);
#  220|               unknown = o;
#  221|               OPENSSL_assert(unknown->valtype == 0 || unknown->valtype == '-');

Error: GCC_ANALYZER_WARNING (CWE-404): [#def15]
openssl-3.5.4/apps/storeutl.c:341:12: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/storeutl.c:352:12: enter_function: entry to 'process'
openssl-3.5.4/apps/storeutl.c:360:8: branch_false: following 'false' branch...
openssl-3.5.4/apps/storeutl.c:368:8: branch_false: ...to here
openssl-3.5.4/apps/storeutl.c:375:8: branch_false: following 'false' branch (when 'criterion == 0')...
 branch_false: ...to here
openssl-3.5.4/apps/storeutl.c:398:12: branch_false: following 'false' branch...
openssl-3.5.4/apps/storeutl.c:422:12: branch_false: ...to here
openssl-3.5.4/apps/storeutl.c:422:12: branch_false: following 'false' branch (when 'type != 1')...
openssl-3.5.4/apps/storeutl.c:430:13: branch_false: ...to here
openssl-3.5.4/apps/storeutl.c:430:13: call_function: calling 'indent_printf' from 'process'
#  339|   
#  340|       va_start(args, format);
#  341|->     vret = BIO_vprintf(bio, format, args);
#  342|       va_end(args);
#  343|   

Error: CPPCHECK_WARNING (CWE-562): [#def16]
openssl-3.5.4/crypto/asn1/a_d2i_fp.c:53: error[returnDanglingLifetime]: Returning pointer to local variable 'p' that will be invalid when returning.
#   51|    err:
#   52|       BUF_MEM_free(b);
#   53|->     return ret;
#   54|   }
#   55|   

Error: CPPCHECK_WARNING (CWE-562): [#def17]
openssl-3.5.4/crypto/asn1/a_dup.c:38: error[returnDanglingLifetime]: Returning pointer to local variable 'p2' that will be invalid when returning.
#   36|       ret = d2i(NULL, &p2, i);
#   37|       OPENSSL_free(b);
#   38|->     return ret;
#   39|   }
#   40|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def18]
openssl-3.5.4/crypto/asn1/ameth_lib.c:133:13: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.4/crypto/asn1/ameth_lib.c:106:29: enter_function: entry to 'EVP_PKEY_asn1_find_str'
openssl-3.5.4/crypto/asn1/ameth_lib.c:112:8: branch_false: following 'false' branch (when 'len != -1')...
openssl-3.5.4/crypto/asn1/ameth_lib.c:114:8: branch_false: ...to here
openssl-3.5.4/crypto/asn1/ameth_lib.c:114:8: branch_true: following 'true' branch (when 'pe' is non-NULL)...
openssl-3.5.4/crypto/asn1/ameth_lib.c:117:17: branch_true: ...to here
openssl-3.5.4/crypto/asn1/ameth_lib.c:118:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/asn1/ameth_lib.c:129:9: branch_false: ...to here
openssl-3.5.4/crypto/asn1/ameth_lib.c:131:14: call_function: calling 'EVP_PKEY_asn1_get_count' from 'EVP_PKEY_asn1_find_str'
openssl-3.5.4/crypto/asn1/ameth_lib.c:131:14: return_function: returning to 'EVP_PKEY_asn1_find_str' from 'EVP_PKEY_asn1_get_count'
openssl-3.5.4/crypto/asn1/ameth_lib.c:131:41: branch_true: following 'true' branch (when 'i > 0')...
openssl-3.5.4/crypto/asn1/ameth_lib.c:132:17: branch_true: ...to here
openssl-3.5.4/crypto/asn1/ameth_lib.c:132:17: call_function: calling 'EVP_PKEY_asn1_get0' from 'EVP_PKEY_asn1_find_str'
openssl-3.5.4/crypto/asn1/ameth_lib.c:132:17: return_function: returning to 'EVP_PKEY_asn1_find_str' from 'EVP_PKEY_asn1_get0'
openssl-3.5.4/crypto/asn1/ameth_lib.c:131:41: branch_true: following 'true' branch (when 'i > 0')...
openssl-3.5.4/crypto/asn1/ameth_lib.c:132:17: branch_true: ...to here
openssl-3.5.4/crypto/asn1/ameth_lib.c:132:17: call_function: calling 'EVP_PKEY_asn1_get0' from 'EVP_PKEY_asn1_find_str'
openssl-3.5.4/crypto/asn1/ameth_lib.c:132:17: return_function: returning to 'EVP_PKEY_asn1_find_str' from 'EVP_PKEY_asn1_get0'
openssl-3.5.4/crypto/asn1/ameth_lib.c:135:12: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.4/crypto/asn1/ameth_lib.c:131:41: branch_true: following 'true' branch (when 'i > 0')...
openssl-3.5.4/crypto/asn1/ameth_lib.c:132:17: branch_true: ...to here
openssl-3.5.4/crypto/asn1/ameth_lib.c:132:17: call_function: calling 'EVP_PKEY_asn1_get0' from 'EVP_PKEY_asn1_find_str'
openssl-3.5.4/crypto/asn1/ameth_lib.c:132:17: return_function: returning to 'EVP_PKEY_asn1_find_str' from 'EVP_PKEY_asn1_get0'
openssl-3.5.4/crypto/asn1/ameth_lib.c:135:12: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.4/crypto/asn1/ameth_lib.c:131:41: branch_true: following 'true' branch (when 'i > 0')...
openssl-3.5.4/crypto/asn1/ameth_lib.c:132:17: branch_true: ...to here
openssl-3.5.4/crypto/asn1/ameth_lib.c:133:13: danger: dereference of NULL 'EVP_PKEY_asn1_get0(i)'
#  131|       for (i = EVP_PKEY_asn1_get_count(); i-- > 0; ) {
#  132|           ameth = EVP_PKEY_asn1_get0(i);
#  133|->         if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
#  134|               continue;
#  135|           if ((int)strlen(ameth->pem_str) == len

Error: GCC_ANALYZER_WARNING (CWE-476): [#def19]
openssl-3.5.4/crypto/asn1/asn_mime.c:927:10: warning[-Wanalyzer-null-dereference]: dereference of NULL 'mhdr'
openssl-3.5.4/crypto/asn1/asn_mime.c:697:31: enter_function: entry to 'mime_parse_hdr'
openssl-3.5.4/crypto/asn1/asn_mime.c:707:8: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.4/crypto/asn1/asn_mime.c:709:12: branch_true: following 'true' branch...
openssl-3.5.4/crypto/asn1/asn_mime.c:711:12: branch_true: ...to here
openssl-3.5.4/crypto/asn1/asn_mime.c:711:12: branch_false: following 'false' branch (when 'mhdr' is NULL)...
 branch_false: ...to here
openssl-3.5.4/crypto/asn1/asn_mime.c:717:40: branch_true: following 'true' branch...
openssl-3.5.4/crypto/asn1/asn_mime.c:727:20: branch_false: following 'false' branch (when 'c != 58')...
openssl-3.5.4/crypto/asn1/asn_mime.c:718:14: branch_false: ...to here
openssl-3.5.4/crypto/asn1/asn_mime.c:717:40: branch_true: following 'true' branch...
openssl-3.5.4/crypto/asn1/asn_mime.c:717:40: branch_true: following 'true' branch...
openssl-3.5.4/crypto/asn1/asn_mime.c:771:20: branch_true: following 'true' branch (when 'c == 59')...
openssl-3.5.4/crypto/asn1/asn_mime.c:773:21: branch_true: ...to here
openssl-3.5.4/crypto/asn1/asn_mime.c:774:51: call_function: calling 'strip_ends' from 'mime_parse_hdr'
openssl-3.5.4/crypto/asn1/asn_mime.c:774:51: return_function: returning to 'mime_parse_hdr' from 'strip_ends'
openssl-3.5.4/crypto/asn1/asn_mime.c:774:21: call_function: calling 'mime_hdr_addparam' from 'mime_parse_hdr'
#  925|       mparam->param_name = tmpname;
#  926|       mparam->param_value = tmpval;
#  927|->     if (!sk_MIME_PARAM_push(mhdr->params, mparam))
#  928|           goto err;
#  929|       return 1;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def20]
openssl-3.5.4/crypto/asn1/tasn_dec.c:261:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 'aux'
openssl-3.5.4/crypto/asn1/tasn_dec.c:568:12: enter_function: entry to 'asn1_template_noexp_d2i'
openssl-3.5.4/crypto/asn1/tasn_dec.c:578:8: branch_false: following 'false' branch (when 'val' is non-NULL)...
openssl-3.5.4/crypto/asn1/tasn_dec.c:580:13: branch_false: ...to here
openssl-3.5.4/crypto/asn1/tasn_dec.c:594:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/asn1/tasn_dec.c:670:16: branch_false: ...to here
openssl-3.5.4/crypto/asn1/tasn_dec.c:670:15: branch_true: following 'true' branch...
openssl-3.5.4/crypto/asn1/tasn_dec.c:673:60: branch_true: ...to here
openssl-3.5.4/crypto/asn1/tasn_dec.c:672:15: call_function: calling 'asn1_item_embed_d2i' from 'asn1_template_noexp_d2i'
#  259|           /* Use new style d2i */
#  260|           ef = it->funcs;
#  261|->         if (ef->asn1_ex_d2i_ex != NULL)
#  262|               return ef->asn1_ex_d2i_ex(pval, in, len, it, tag, aclass, opt, ctx,
#  263|                                         libctx, propq);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def21]
openssl-3.5.4/crypto/bio/bio_lib.c:66:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 'processed'
openssl-3.5.4/crypto/bio/bio_lib.c:441:5: enter_function: entry to 'BIO_recvmmsg'
openssl-3.5.4/crypto/bio/bio_lib.c:448:8: branch_false: following 'false' branch (when 'b' is non-NULL)...
openssl-3.5.4/crypto/bio/bio_lib.c:454:9: branch_false: ...to here
openssl-3.5.4/crypto/bio/bio_lib.c:454:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/bio/bio_lib.c:473:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/bio/bio_lib.c:479:11: branch_false: ...to here
openssl-3.5.4/crypto/bio/bio_lib.c:482:23: call_function: calling 'bio_call_callback' from 'BIO_recvmmsg'
#   64|   
#   65|       if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
#   66|->         if (*processed > INT_MAX)
#   67|               return -1;
#   68|           inret = *processed;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def22]
openssl-3.5.4/crypto/bio/bio_lib.c:74:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'processed'
openssl-3.5.4/crypto/bio/bio_lib.c:441:5: enter_function: entry to 'BIO_recvmmsg'
openssl-3.5.4/crypto/bio/bio_lib.c:448:8: branch_false: following 'false' branch (when 'b' is non-NULL)...
openssl-3.5.4/crypto/bio/bio_lib.c:454:9: branch_false: ...to here
openssl-3.5.4/crypto/bio/bio_lib.c:454:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/bio/bio_lib.c:473:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/bio/bio_lib.c:479:11: branch_false: ...to here
openssl-3.5.4/crypto/bio/bio_lib.c:482:23: call_function: calling 'bio_call_callback' from 'BIO_recvmmsg'
#   72|   
#   73|       if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
#   74|->         *processed = (size_t)ret;
#   75|           ret = 1;
#   76|       }

Error: GCC_ANALYZER_WARNING (CWE-465): [#def23]
openssl-3.5.4/crypto/bn/bn_blind.c:106:12: warning[-Wanalyzer-deref-before-check]: check of 'b' for NULL after already dereferencing it
openssl-3.5.4/crypto/bn/bn_blind.c:91:5: enter_function: entry to 'BN_BLINDING_update'
openssl-3.5.4/crypto/bn/bn_blind.c:95:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/bn/bn_blind.c:103:8: branch_true: following 'true' branch...
openssl-3.5.4/crypto/bn/bn_blind.c:106:14: call_function: calling 'BN_BLINDING_create_param' from 'BN_BLINDING_update'
openssl-3.5.4/crypto/bn/bn_blind.c:106:14: return_function: returning to 'BN_BLINDING_update' from 'BN_BLINDING_create_param'
openssl-3.5.4/crypto/bn/bn_blind.c:106:12: danger: pointer 'b' is checked for NULL here but it was already dereferenced at [(2)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/1)
#  104|           !(b->flags & BN_BLINDING_NO_RECREATE)) {
#  105|           /* re-create blinding parameters */
#  106|->         if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
#  107|               goto err;
#  108|       } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) {

Error: CPPCHECK_WARNING (CWE-758): [#def24]
openssl-3.5.4/crypto/bn/bn_lib.c:45: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   43|               mult = sizeof(int) * 8 - 1;
#   44|           bn_limit_bits = mult;
#   45|->         bn_limit_num = 1 << mult;
#   46|       }
#   47|       if (high >= 0) {

Error: CPPCHECK_WARNING (CWE-758): [#def25]
openssl-3.5.4/crypto/bn/bn_lib.c:51: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   49|               high = sizeof(int) * 8 - 1;
#   50|           bn_limit_bits_high = high;
#   51|->         bn_limit_num_high = 1 << high;
#   52|       }
#   53|       if (low >= 0) {

Error: CPPCHECK_WARNING (CWE-758): [#def26]
openssl-3.5.4/crypto/bn/bn_lib.c:57: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   55|               low = sizeof(int) * 8 - 1;
#   56|           bn_limit_bits_low = low;
#   57|->         bn_limit_num_low = 1 << low;
#   58|       }
#   59|       if (mont >= 0) {

Error: CPPCHECK_WARNING (CWE-758): [#def27]
openssl-3.5.4/crypto/bn/bn_lib.c:63: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   61|               mont = sizeof(int) * 8 - 1;
#   62|           bn_limit_bits_mont = mont;
#   63|->         bn_limit_num_mont = 1 << mont;
#   64|       }
#   65|   }

Error: GCC_ANALYZER_WARNING (CWE-465): [#def28]
openssl-3.5.4/crypto/bn/bn_lib.c:802:12: warning[-Wanalyzer-deref-before-check]: check of 'a' for NULL after already dereferencing it
openssl-3.5.4/crypto/bn/bn_lib.c:792:5: enter_function: entry to 'BN_set_bit'
openssl-3.5.4/crypto/bn/bn_lib.c:796:8: branch_false: following 'false' branch (when 'n >= 0')...
openssl-3.5.4/crypto/bn/bn_lib.c:799:5: branch_false: ...to here
openssl-3.5.4/crypto/bn/bn_lib.c:801:8: branch_true: following 'true' branch...
openssl-3.5.4/crypto/bn/bn_lib.c:802:13: branch_true: ...to here
openssl-3.5.4/crypto/bn/bn_lib.c:802:13: call_function: calling 'bn_wexpand' from 'BN_set_bit'
openssl-3.5.4/crypto/bn/bn_lib.c:802:13: return_function: returning to 'BN_set_bit' from 'bn_wexpand'
openssl-3.5.4/crypto/bn/bn_lib.c:802:12: danger: pointer 'a' is checked for NULL here but it was already dereferenced at [(4)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/3)
#  800|       j = n % BN_BITS2;
#  801|       if (a->top <= i) {
#  802|->         if (bn_wexpand(a, i + 1) == NULL)
#  803|               return 0;
#  804|           for (k = a->top; k < i + 1; k++)

Error: CPPCHECK_WARNING (CWE-786): [#def29]
openssl-3.5.4/crypto/bn/bn_nist.c:599: error[negativeIndex]: Array 'buf.bn[4]' accessed at index -3, which is out of bounds.
#  597|           BN_ULONG t_d[BN_NIST_224_TOP];
#  598|   
#  599|->         nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
#  600|           carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
#  601|           nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);

Error: CPPCHECK_WARNING (CWE-786): [#def30]
openssl-3.5.4/crypto/bn/bn_nist.c:601: error[negativeIndex]: Array 'buf.bn[4]' accessed at index -3, which is out of bounds.
#  599|           nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
#  600|           carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
#  601|->         nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);
#  602|           carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
#  603|           nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);

Error: CPPCHECK_WARNING (CWE-786): [#def31]
openssl-3.5.4/crypto/bn/bn_nist.c:605: error[negativeIndex]: Array 'buf.bn[4]' accessed at index -3, which is out of bounds.
#  603|           nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);
#  604|           carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
#  605|->         nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11);
#  606|           carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
#  607|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def32]
openssl-3.5.4/crypto/cast/c_skey.c:122:33: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'k[<unknown>]'
openssl-3.5.4/crypto/cast/c_skey.c:41:17: branch_true: following 'true' branch (when 'i != 16')...
openssl-3.5.4/crypto/cast/c_skey.c:42:9: branch_true: ...to here
openssl-3.5.4/crypto/cast/c_skey.c:45:17: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cast/c_skey.c:47:8: branch_false: ...to here
openssl-3.5.4/crypto/cast/c_skey.c:47:8: branch_true: following 'true' branch...
openssl-3.5.4/crypto/cast/c_skey.c:53:14: branch_true: ...to here
openssl-3.5.4/crypto/cast/c_skey.c:115:12: branch_true: following 'true' branch...
 branch_true: ...to here
openssl-3.5.4/crypto/cast/c_skey.c:120:17: branch_true: following 'true' branch (when 'i != 16')...
openssl-3.5.4/crypto/cast/c_skey.c:121:19: branch_true: ...to here
openssl-3.5.4/crypto/cast/c_skey.c:122:33: danger: use of uninitialized value 'k[<unknown>]' here
#  120|       for (i = 0; i < 16; i++) {
#  121|           key->data[i * 2] = k[i];
#  122|->         key->data[i * 2 + 1] = ((k[i + 16]) + 16) & 0x1f;
#  123|       }
#  124|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def33]
openssl-3.5.4/crypto/cmp/cmp_ctx.c:384:13: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/cmp/cmp_ctx.c:350:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cmp/cmp_ctx.c:353:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cmp/cmp_ctx.c:356:8: branch_false: ...to here
openssl-3.5.4/crypto/cmp/cmp_ctx.c:356:8: branch_false: following 'false' branch (when 'format' is non-NULL)...
openssl-3.5.4/crypto/cmp/cmp_ctx.c:359:5: branch_false: ...to here
openssl-3.5.4/crypto/cmp/cmp_ctx.c:359:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/cmp/cmp_ctx.c:384:13: danger: missing call to 'va_end' to match 'va_start' at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  382|   #else /* compensate for disabled trace API */
#  383|       {
#  384|->         if (BIO_vsnprintf(hugebuf, sizeof(hugebuf), format, args) > 0)
#  385|               res = ctx->log_cb(func, file, line, level, hugebuf);
#  386|       }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def34]
openssl-3.5.4/crypto/cms/cms_env.c:555:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.4/crypto/cms/cms_env.c:1044:5: enter_function: entry to 'CMS_RecipientInfo_encrypt'
openssl-3.5.4/crypto/cms/cms_env.c:1048:16: call_function: calling 'cms_RecipientInfo_ktri_encrypt' from 'CMS_RecipientInfo_encrypt'
#  553|       }
#  554|   
#  555|->     if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
#  556|           goto err;
#  557|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def35]
openssl-3.5.4/crypto/cms/cms_env.c:604:21: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.4/crypto/cms/cms_env.c:579:12: enter_function: entry to 'cms_RecipientInfo_ktri_decrypt'
openssl-3.5.4/crypto/cms/cms_env.c:595:10: call_function: calling 'ossl_cms_get0_env_enc_content' from 'cms_RecipientInfo_ktri_decrypt'
openssl-3.5.4/crypto/cms/cms_env.c:595:10: return_function: returning to 'cms_RecipientInfo_ktri_decrypt' from 'ossl_cms_get0_env_enc_content'
openssl-3.5.4/crypto/cms/cms_env.c:597:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_env.c:602:9: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_env.c:602:8: branch_true: following 'true' branch...
openssl-3.5.4/crypto/cms/cms_env.c:603:17: branch_true: ...to here
openssl-3.5.4/crypto/cms/cms_env.c:602:9: branch_true: following 'true' branch...
openssl-3.5.4/crypto/cms/cms_env.c:604:21: branch_true: ...to here
openssl-3.5.4/crypto/cms/cms_env.c:604:21: danger: dereference of NULL 'ossl_cms_get0_env_enc_content(cms)'
#  602|       if (cms->d.envelopedData->encryptedContentInfo->havenocert
#  603|               && !cms->d.envelopedData->encryptedContentInfo->debug) {
#  604|->         X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
#  605|           char name[OSSL_MAX_NAME_SIZE];
#  606|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def36]
openssl-3.5.4/crypto/cms/cms_ess.c:221:24: warning[-Wanalyzer-null-dereference]: dereference of NULL 'si'
openssl-3.5.4/crypto/cms/cms_ess.c:254:5: enter_function: entry to 'ossl_cms_Receipt_verify'
openssl-3.5.4/crypto/cms/cms_ess.c:269:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_ess.c:272:9: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_ess.c:272:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_ess.c:278:9: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_ess.c:278:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_ess.c:284:13: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_ess.c:285:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_ess.c:292:8: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_ess.c:299:17: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_ess.c:305:14: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_ess.c:305:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_ess.c:310:10: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_ess.c:319:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_ess.c:324:10: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_ess.c:324:10: call_function: calling 'cms_msgSigDigest' from 'ossl_cms_Receipt_verify'
#  219|                               unsigned char *dig, unsigned int *diglen)
#  220|   {
#  221|->     const EVP_MD *md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
#  222|   
#  223|       if (md == NULL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def37]
openssl-3.5.4/crypto/conf/conf_sap.c:40:5: warning[-Wanalyzer-malloc-leak]: leak of 'settings.appname'
openssl-3.5.4/crypto/conf/conf_sap.c:37:8: branch_true: following 'true' branch (when 'appname' is non-NULL)...
openssl-3.5.4/crypto/conf/conf_sap.c:38:28: branch_true: ...to here
openssl-3.5.4/crypto/conf/conf_sap.c:38:28: acquire_memory: allocated here
openssl-3.5.4/crypto/conf/conf_sap.c:40:5: danger: 'settings.appname' leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   38|           settings.appname = strdup(appname);
#   39|       settings.flags = DEFAULT_CONF_MFLAGS;
#   40|->     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
#   41|   
#   42|       free(settings.appname);

Error: COMPILER_WARNING: [#def38]
openssl-3.5.4/crypto/context.c:10:9: warning: '_GNU_SOURCE' redefined
#   10 | #define _GNU_SOURCE /* needed for secure_getenv */
#      |         ^~~~~~~~~~~
<command-line>: note: this is the location of the previous definition
#    8|    */
#    9|   
#   10|-> #define _GNU_SOURCE /* needed for secure_getenv */
#   11|   #include "crypto/cryptlib.h"
#   12|   #include <openssl/conf.h>

Error: COMPILER_WARNING: [#def39]
openssl-3.5.4/crypto/context.c:10:9: warning[warning]: '_GNU_SOURCE' redefined
#    8|    */
#    9|   
#   10|-> #define _GNU_SOURCE /* needed for secure_getenv */
#   11|   #include "crypto/cryptlib.h"
#   12|   #include <openssl/conf.h>

Error: COMPILER_WARNING (CWE-1164): [#def40]
openssl-3.5.4/crypto/context.c:33:13: warning[-Wunused-function]: 'read_kernel_fips_flag' defined but not used
#   33 | static void read_kernel_fips_flag(void)
#      |             ^~~~~~~~~~~~~~~~~~~~~
#   31|   static int kernel_fips_flag;
#   32|   
#   33|-> static void read_kernel_fips_flag(void)
#   34|   {
#   35|       char buf[2] = "0";

Error: GCC_ANALYZER_WARNING (CWE-476): [#def41]
openssl-3.5.4/crypto/dsa/dsa_sign.c:108:39: warning[-Wanalyzer-null-dereference]: dereference of NULL 'buf'
openssl-3.5.4/crypto/dsa/dsa_sign.c:87:15: branch_false: following 'false' branch...
openssl-3.5.4/crypto/dsa/dsa_sign.c:94:14: branch_false: ...to here
openssl-3.5.4/crypto/dsa/dsa_sign.c:94:12: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.4/crypto/dsa/dsa_sign.c:98:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/dsa/dsa_sign.c:99:17: branch_false: ...to here
openssl-3.5.4/crypto/dsa/dsa_sign.c:98:9: branch_false: following 'false' branch...
openssl-3.5.4/crypto/dsa/dsa_sign.c:100:17: branch_false: ...to here
openssl-3.5.4/crypto/dsa/dsa_sign.c:98:9: branch_false: following 'false' branch...
openssl-3.5.4/crypto/dsa/dsa_sign.c:106:8: branch_false: ...to here
openssl-3.5.4/crypto/dsa/dsa_sign.c:106:8: branch_true: following 'true' branch (when 'ppout' is non-NULL)...
openssl-3.5.4/crypto/dsa/dsa_sign.c:107:13: branch_true: ...to here
openssl-3.5.4/crypto/dsa/dsa_sign.c:107:12: branch_true: following 'true' branch...
openssl-3.5.4/crypto/dsa/dsa_sign.c:108:39: branch_true: ...to here
openssl-3.5.4/crypto/dsa/dsa_sign.c:108:39: danger: dereference of NULL 'buf'
#  106|       if (ppout != NULL) {
#  107|           if (*ppout == NULL) {
#  108|->             *ppout = (unsigned char *)buf->data;
#  109|               buf->data = NULL;
#  110|               BUF_MEM_free(buf);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def42]
openssl-3.5.4/crypto/ec/ec_asn1.c:1280:39: warning[-Wanalyzer-null-dereference]: dereference of NULL 'buf'
openssl-3.5.4/crypto/ec/ec_asn1.c:1259:15: branch_false: following 'false' branch...
openssl-3.5.4/crypto/ec/ec_asn1.c:1266:14: branch_false: ...to here
openssl-3.5.4/crypto/ec/ec_asn1.c:1266:12: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.4/crypto/ec/ec_asn1.c:1270:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/ec/ec_asn1.c:1271:17: branch_false: ...to here
openssl-3.5.4/crypto/ec/ec_asn1.c:1270:9: branch_false: following 'false' branch...
openssl-3.5.4/crypto/ec/ec_asn1.c:1272:17: branch_false: ...to here
openssl-3.5.4/crypto/ec/ec_asn1.c:1270:9: branch_false: following 'false' branch...
openssl-3.5.4/crypto/ec/ec_asn1.c:1278:8: branch_false: ...to here
openssl-3.5.4/crypto/ec/ec_asn1.c:1278:8: branch_true: following 'true' branch (when 'ppout' is non-NULL)...
openssl-3.5.4/crypto/ec/ec_asn1.c:1279:13: branch_true: ...to here
openssl-3.5.4/crypto/ec/ec_asn1.c:1279:12: branch_true: following 'true' branch...
openssl-3.5.4/crypto/ec/ec_asn1.c:1280:39: branch_true: ...to here
openssl-3.5.4/crypto/ec/ec_asn1.c:1280:39: danger: dereference of NULL 'buf'
# 1278|       if (ppout != NULL) {
# 1279|           if (*ppout == NULL) {
# 1280|->             *ppout = (unsigned char *)buf->data;
# 1281|               buf->data = NULL;
# 1282|               BUF_MEM_free(buf);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def43]
openssl-3.5.4/crypto/ec/ecp_nistp384.c:391:36: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'inx2[1]'
openssl-3.5.4/crypto/ec/ecp_nistp384.c:1038:1: enter_function: entry to 'point_double'
openssl-3.5.4/crypto/ec/ecp_nistp384.c:1048:5: call_function: calling 'felem_square_reduce_ref' from 'point_double'
#  389|       out[0] = ((uint128_t) in[0]) * in[0];
#  390|   
#  391|->     out[1] = ((uint128_t) in[0]) * inx2[1];
#  392|   
#  393|       out[2] = ((uint128_t) in[0]) * inx2[2]

Error: CPPCHECK_WARNING (CWE-823): [#def44]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:179: error[arrayIndexOutOfBounds]: Array 'dst[4]' accessed at index 4, which is out of bounds.
#  177|       dst[3] = (src[3] & mask1) ^ (dst[3] & mask2);
#  178|       if (P256_LIMBS == 8) {
#  179|->         dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
#  180|           dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|           dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);

Error: CPPCHECK_WARNING (CWE-823): [#def45]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:179: error[arrayIndexOutOfBounds]: Array 'src[4]' accessed at index 4, which is out of bounds.
#  177|       dst[3] = (src[3] & mask1) ^ (dst[3] & mask2);
#  178|       if (P256_LIMBS == 8) {
#  179|->         dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
#  180|           dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|           dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);

Error: CPPCHECK_WARNING (CWE-823): [#def46]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:180: error[arrayIndexOutOfBounds]: Array 'dst[4]' accessed at index 5, which is out of bounds.
#  178|       if (P256_LIMBS == 8) {
#  179|           dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
#  180|->         dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|           dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
#  182|           dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);

Error: CPPCHECK_WARNING (CWE-823): [#def47]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:180: error[arrayIndexOutOfBounds]: Array 'src[4]' accessed at index 5, which is out of bounds.
#  178|       if (P256_LIMBS == 8) {
#  179|           dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
#  180|->         dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|           dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
#  182|           dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);

Error: CPPCHECK_WARNING (CWE-823): [#def48]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:181: error[arrayIndexOutOfBounds]: Array 'dst[4]' accessed at index 6, which is out of bounds.
#  179|           dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
#  180|           dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|->         dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
#  182|           dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
#  183|       }

Error: CPPCHECK_WARNING (CWE-823): [#def49]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:181: error[arrayIndexOutOfBounds]: Array 'src[4]' accessed at index 6, which is out of bounds.
#  179|           dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
#  180|           dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|->         dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
#  182|           dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
#  183|       }

Error: CPPCHECK_WARNING (CWE-823): [#def50]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:182: error[arrayIndexOutOfBounds]: Array 'dst[4]' accessed at index 7, which is out of bounds.
#  180|           dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|           dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
#  182|->         dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
#  183|       }
#  184|   }

Error: CPPCHECK_WARNING (CWE-823): [#def51]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:182: error[arrayIndexOutOfBounds]: Array 'src[4]' accessed at index 7, which is out of bounds.
#  180|           dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|           dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
#  182|->         dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
#  183|       }
#  184|   }

Error: CPPCHECK_WARNING (CWE-823): [#def52]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:204: error[arrayIndexOutOfBounds]: Array 'a[4]' accessed at index 4, which is out of bounds.
#  202|       res |= a[3] ^ b[3];
#  203|       if (P256_LIMBS == 8) {
#  204|->         res |= a[4] ^ b[4];
#  205|           res |= a[5] ^ b[5];
#  206|           res |= a[6] ^ b[6];

Error: CPPCHECK_WARNING (CWE-823): [#def53]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:204: error[arrayIndexOutOfBounds]: Array 'b[4]' accessed at index 4, which is out of bounds.
#  202|       res |= a[3] ^ b[3];
#  203|       if (P256_LIMBS == 8) {
#  204|->         res |= a[4] ^ b[4];
#  205|           res |= a[5] ^ b[5];
#  206|           res |= a[6] ^ b[6];

Error: CPPCHECK_WARNING (CWE-823): [#def54]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:205: error[arrayIndexOutOfBounds]: Array 'a[4]' accessed at index 5, which is out of bounds.
#  203|       if (P256_LIMBS == 8) {
#  204|           res |= a[4] ^ b[4];
#  205|->         res |= a[5] ^ b[5];
#  206|           res |= a[6] ^ b[6];
#  207|           res |= a[7] ^ b[7];

Error: CPPCHECK_WARNING (CWE-823): [#def55]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:205: error[arrayIndexOutOfBounds]: Array 'b[4]' accessed at index 5, which is out of bounds.
#  203|       if (P256_LIMBS == 8) {
#  204|           res |= a[4] ^ b[4];
#  205|->         res |= a[5] ^ b[5];
#  206|           res |= a[6] ^ b[6];
#  207|           res |= a[7] ^ b[7];

Error: CPPCHECK_WARNING (CWE-823): [#def56]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:206: error[arrayIndexOutOfBounds]: Array 'a[4]' accessed at index 6, which is out of bounds.
#  204|           res |= a[4] ^ b[4];
#  205|           res |= a[5] ^ b[5];
#  206|->         res |= a[6] ^ b[6];
#  207|           res |= a[7] ^ b[7];
#  208|       }

Error: CPPCHECK_WARNING (CWE-823): [#def57]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:206: error[arrayIndexOutOfBounds]: Array 'b[4]' accessed at index 6, which is out of bounds.
#  204|           res |= a[4] ^ b[4];
#  205|           res |= a[5] ^ b[5];
#  206|->         res |= a[6] ^ b[6];
#  207|           res |= a[7] ^ b[7];
#  208|       }

Error: CPPCHECK_WARNING (CWE-823): [#def58]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:207: error[arrayIndexOutOfBounds]: Array 'a[4]' accessed at index 7, which is out of bounds.
#  205|           res |= a[5] ^ b[5];
#  206|           res |= a[6] ^ b[6];
#  207|->         res |= a[7] ^ b[7];
#  208|       }
#  209|   

Error: CPPCHECK_WARNING (CWE-823): [#def59]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:207: error[arrayIndexOutOfBounds]: Array 'b[4]' accessed at index 7, which is out of bounds.
#  205|           res |= a[5] ^ b[5];
#  206|           res |= a[6] ^ b[6];
#  207|->         res |= a[7] ^ b[7];
#  208|       }
#  209|   

Error: CPPCHECK_WARNING (CWE-823): [#def60]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:224: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 4, which is out of bounds.
#  222|           res |= a[3] ^ ONE[3];
#  223|           if (P256_LIMBS == 8) {
#  224|->             res |= a[4] ^ ONE[4];
#  225|               res |= a[5] ^ ONE[5];
#  226|               res |= a[6] ^ ONE[6];

Error: CPPCHECK_WARNING (CWE-823): [#def61]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:225: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 5, which is out of bounds.
#  223|           if (P256_LIMBS == 8) {
#  224|               res |= a[4] ^ ONE[4];
#  225|->             res |= a[5] ^ ONE[5];
#  226|               res |= a[6] ^ ONE[6];
#  227|               /*

Error: CPPCHECK_WARNING (CWE-823): [#def62]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:226: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 6, which is out of bounds.
#  224|               res |= a[4] ^ ONE[4];
#  225|               res |= a[5] ^ ONE[5];
#  226|->             res |= a[6] ^ ONE[6];
#  227|               /*
#  228|                * no check for a[7] (being zero) on 32-bit platforms,

Error: CPPCHECK_WARNING (CWE-823): [#def63]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1067: error[arrayIndexOutOfBounds]: Array 'p.p.X[4]' accessed at index 4, which is out of bounds.
# 1065|                        p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
# 1066|               if (P256_LIMBS == 8)
# 1067|->                 infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|                             p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   

Error: CPPCHECK_WARNING (CWE-823): [#def64]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1067: error[arrayIndexOutOfBounds]: Array 'p.p.X[4]' accessed at index 5, which is out of bounds.
# 1065|                        p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
# 1066|               if (P256_LIMBS == 8)
# 1067|->                 infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|                             p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   

Error: CPPCHECK_WARNING (CWE-823): [#def65]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1067: error[arrayIndexOutOfBounds]: Array 'p.p.X[4]' accessed at index 6, which is out of bounds.
# 1065|                        p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
# 1066|               if (P256_LIMBS == 8)
# 1067|->                 infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|                             p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   

Error: CPPCHECK_WARNING (CWE-823): [#def66]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1067: error[arrayIndexOutOfBounds]: Array 'p.p.X[4]' accessed at index 7, which is out of bounds.
# 1065|                        p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
# 1066|               if (P256_LIMBS == 8)
# 1067|->                 infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|                             p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   

Error: CPPCHECK_WARNING (CWE-823): [#def67]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1068: error[arrayIndexOutOfBounds]: Array 'p.p.Y[4]' accessed at index 4, which is out of bounds.
# 1066|               if (P256_LIMBS == 8)
# 1067|                   infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|->                           p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   
# 1070|               infty = 0 - is_zero(infty);

Error: CPPCHECK_WARNING (CWE-823): [#def68]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1068: error[arrayIndexOutOfBounds]: Array 'p.p.Y[4]' accessed at index 5, which is out of bounds.
# 1066|               if (P256_LIMBS == 8)
# 1067|                   infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|->                           p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   
# 1070|               infty = 0 - is_zero(infty);

Error: CPPCHECK_WARNING (CWE-823): [#def69]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1068: error[arrayIndexOutOfBounds]: Array 'p.p.Y[4]' accessed at index 6, which is out of bounds.
# 1066|               if (P256_LIMBS == 8)
# 1067|                   infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|->                           p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   
# 1070|               infty = 0 - is_zero(infty);

Error: CPPCHECK_WARNING (CWE-823): [#def70]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1068: error[arrayIndexOutOfBounds]: Array 'p.p.Y[4]' accessed at index 7, which is out of bounds.
# 1066|               if (P256_LIMBS == 8)
# 1067|                   infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|->                           p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   
# 1070|               infty = 0 - is_zero(infty);

Error: CPPCHECK_WARNING (CWE-823): [#def71]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1078: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 4, which is out of bounds.
# 1076|               p.p.Z[3] = ONE[3] & infty;
# 1077|               if (P256_LIMBS == 8) {
# 1078|->                 p.p.Z[4] = ONE[4] & infty;
# 1079|                   p.p.Z[5] = ONE[5] & infty;
# 1080|                   p.p.Z[6] = ONE[6] & infty;

Error: CPPCHECK_WARNING (CWE-823): [#def72]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1078: error[arrayIndexOutOfBounds]: Array 'p.p.Z[4]' accessed at index 4, which is out of bounds.
# 1076|               p.p.Z[3] = ONE[3] & infty;
# 1077|               if (P256_LIMBS == 8) {
# 1078|->                 p.p.Z[4] = ONE[4] & infty;
# 1079|                   p.p.Z[5] = ONE[5] & infty;
# 1080|                   p.p.Z[6] = ONE[6] & infty;

Error: CPPCHECK_WARNING (CWE-823): [#def73]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1079: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 5, which is out of bounds.
# 1077|               if (P256_LIMBS == 8) {
# 1078|                   p.p.Z[4] = ONE[4] & infty;
# 1079|->                 p.p.Z[5] = ONE[5] & infty;
# 1080|                   p.p.Z[6] = ONE[6] & infty;
# 1081|                   p.p.Z[7] = ONE[7] & infty;

Error: CPPCHECK_WARNING (CWE-823): [#def74]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1079: error[arrayIndexOutOfBounds]: Array 'p.p.Z[4]' accessed at index 5, which is out of bounds.
# 1077|               if (P256_LIMBS == 8) {
# 1078|                   p.p.Z[4] = ONE[4] & infty;
# 1079|->                 p.p.Z[5] = ONE[5] & infty;
# 1080|                   p.p.Z[6] = ONE[6] & infty;
# 1081|                   p.p.Z[7] = ONE[7] & infty;

Error: CPPCHECK_WARNING (CWE-823): [#def75]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1080: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 6, which is out of bounds.
# 1078|                   p.p.Z[4] = ONE[4] & infty;
# 1079|                   p.p.Z[5] = ONE[5] & infty;
# 1080|->                 p.p.Z[6] = ONE[6] & infty;
# 1081|                   p.p.Z[7] = ONE[7] & infty;
# 1082|               }

Error: CPPCHECK_WARNING (CWE-823): [#def76]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1080: error[arrayIndexOutOfBounds]: Array 'p.p.Z[4]' accessed at index 6, which is out of bounds.
# 1078|                   p.p.Z[4] = ONE[4] & infty;
# 1079|                   p.p.Z[5] = ONE[5] & infty;
# 1080|->                 p.p.Z[6] = ONE[6] & infty;
# 1081|                   p.p.Z[7] = ONE[7] & infty;
# 1082|               }

Error: CPPCHECK_WARNING (CWE-823): [#def77]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1081: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 7, which is out of bounds.
# 1079|                   p.p.Z[5] = ONE[5] & infty;
# 1080|                   p.p.Z[6] = ONE[6] & infty;
# 1081|->                 p.p.Z[7] = ONE[7] & infty;
# 1082|               }
# 1083|   

Error: CPPCHECK_WARNING (CWE-823): [#def78]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1081: error[arrayIndexOutOfBounds]: Array 'p.p.Z[4]' accessed at index 7, which is out of bounds.
# 1079|                   p.p.Z[5] = ONE[5] & infty;
# 1080|                   p.p.Z[6] = ONE[6] & infty;
# 1081|->                 p.p.Z[7] = ONE[7] & infty;
# 1082|               }
# 1083|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def79]
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:1101:14: warning[-Wanalyzer-null-dereference]: dereference of NULL 'decoder'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:47:5: enter_function: entry to 'OSSL_DECODER_from_bio'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:54:8: branch_false: following 'false' branch (when 'in' is non-NULL)...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:59:9: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:59:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:67:15: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:69:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:75:5: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:82:10: call_function: calling 'decoder_process' from 'OSSL_DECODER_from_bio'
# 1099|           new_data.flag_input_structure_checked
# 1100|               = data->flag_input_structure_checked;
# 1101|->         ok = new_decoder->decode(new_decoderctx, cbio,
# 1102|                                    new_data.ctx->selection,
# 1103|                                    decoder_process, &new_data,

Error: GCC_ANALYZER_WARNING (CWE-404): [#def80]
openssl-3.5.4/crypto/err/err.c:677:10: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/err/err.c:812:6: enter_function: entry to 'ERR_add_error_data'
openssl-3.5.4/crypto/err/err.c:815:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/err/err.c:816:5: call_function: calling 'ERR_add_error_vdata' from 'ERR_add_error_data'
#  675|       int saveerrno = get_last_sys_error();
#  676|   
#  677|->     if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL))
#  678|           return NULL;
#  679|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def81]
openssl-3.5.4/crypto/err/err.c:680:10: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/err/err.c:812:6: enter_function: entry to 'ERR_add_error_data'
openssl-3.5.4/crypto/err/err.c:815:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/err/err.c:816:5: call_function: calling 'ERR_add_error_vdata' from 'ERR_add_error_data'
#  678|           return NULL;
#  679|   
#  680|->     if (!RUN_ONCE(&err_init, err_do_init))
#  681|           return NULL;
#  682|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def82]
openssl-3.5.4/crypto/err/err.c:683:13: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/err/err.c:812:6: enter_function: entry to 'ERR_add_error_data'
openssl-3.5.4/crypto/err/err.c:815:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/err/err.c:816:5: call_function: calling 'ERR_add_error_vdata' from 'ERR_add_error_data'
#  681|           return NULL;
#  682|   
#  683|->     state = CRYPTO_THREAD_get_local(&err_thread_local);
#  684|       if (state == (ERR_STATE*)-1)
#  685|           return NULL;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def83]
openssl-3.5.4/crypto/err/err.c:688:14: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/err/err.c:812:6: enter_function: entry to 'ERR_add_error_data'
openssl-3.5.4/crypto/err/err.c:815:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/err/err.c:816:5: call_function: calling 'ERR_add_error_vdata' from 'ERR_add_error_data'
#  686|   
#  687|       if (state == NULL) {
#  688|->         if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1))
#  689|               return NULL;
#  690|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def84]
openssl-3.5.4/crypto/err/err.c:691:17: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/err/err.c:812:6: enter_function: entry to 'ERR_add_error_data'
openssl-3.5.4/crypto/err/err.c:815:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/err/err.c:816:5: call_function: calling 'ERR_add_error_vdata' from 'ERR_add_error_data'
#  689|               return NULL;
#  690|   
#  691|->         state = OSSL_ERR_STATE_new();
#  692|           if (state == NULL) {
#  693|               CRYPTO_THREAD_set_local(&err_thread_local, NULL);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def85]
openssl-3.5.4/crypto/err/err.c:693:13: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/err/err.c:812:6: enter_function: entry to 'ERR_add_error_data'
openssl-3.5.4/crypto/err/err.c:815:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/err/err.c:816:5: call_function: calling 'ERR_add_error_vdata' from 'ERR_add_error_data'
#  691|           state = OSSL_ERR_STATE_new();
#  692|           if (state == NULL) {
#  693|->             CRYPTO_THREAD_set_local(&err_thread_local, NULL);
#  694|               return NULL;
#  695|           }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def86]
openssl-3.5.4/crypto/err/err.c:697:14: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/err/err.c:812:6: enter_function: entry to 'ERR_add_error_data'
openssl-3.5.4/crypto/err/err.c:815:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/err/err.c:816:5: call_function: calling 'ERR_add_error_vdata' from 'ERR_add_error_data'
#  695|           }
#  696|   
#  697|->         if (!ossl_init_thread_start(NULL, NULL, err_delete_thread_state)
#  698|                   || !CRYPTO_THREAD_set_local(&err_thread_local, state)) {
#  699|               OSSL_ERR_STATE_free(state);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def87]
openssl-3.5.4/crypto/err/err.c:698:21: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/err/err.c:812:6: enter_function: entry to 'ERR_add_error_data'
openssl-3.5.4/crypto/err/err.c:815:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/err/err.c:816:5: call_function: calling 'ERR_add_error_vdata' from 'ERR_add_error_data'
#  696|   
#  697|           if (!ossl_init_thread_start(NULL, NULL, err_delete_thread_state)
#  698|->                 || !CRYPTO_THREAD_set_local(&err_thread_local, state)) {
#  699|               OSSL_ERR_STATE_free(state);
#  700|               CRYPTO_THREAD_set_local(&err_thread_local, NULL);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def88]
openssl-3.5.4/crypto/err/err_blocks.c:57:10: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/err/err_blocks.c:40:6: enter_function: entry to 'ERR_set_error'
openssl-3.5.4/crypto/err/err_blocks.c:44:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/err/err_blocks.c:45:5: call_function: calling 'ERR_vset_error' from 'ERR_set_error'
#   55|       size_t i;
#   56|   
#   57|->     es = ossl_err_get_state_int();
#   58|       if (es == NULL)
#   59|           return;

Error: GCC_ANALYZER_WARNING (CWE-835): [#def89]
openssl-3.5.4/crypto/evp/bio_ok.c:361:16: warning[-Wanalyzer-infinite-loop]: infinite loop
openssl-3.5.4/crypto/evp/bio_ok.c:361:16: danger: infinite loop here
openssl-3.5.4/crypto/evp/bio_ok.c:361:16: branch_true: if it ever follows 'true' branch, it will always do so...
 branch_true: ...to here
#  359|                   return 0;
#  360|   
#  361|->         while (ctx->blockout) {
#  362|               i = ok_write(b, NULL, 0);
#  363|               if (i < 0) {

Error: CPPCHECK_WARNING (CWE-562): [#def90]
openssl-3.5.4/crypto/evp/ctrl_params_translate.c:1166: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
# 1164|            */
# 1165|           p2 = ctx->name_buf;
# 1166|->         ctx->p2 = &p2;
# 1167|           ctx->sz = sizeof(ctx->name_buf);
# 1168|       }

Error: CPPCHECK_WARNING (CWE-457): [#def91]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:184: error[legacyUninitvar]: Uninitialized variable: blocks[0].c
#  182|   
#  183|       /* ask for IVs in bulk */
#  184|->     if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
#  185|           return 0;
#  186|   

Error: GCC_ANALYZER_WARNING (CWE-121): [#def92]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:208:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:778:12: enter_function: entry to 'aesni_cbc_hmac_sha1_ctrl'
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:904:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_ctrl'
#  206|   
#  207|       for (i = 1; i < x4; i++) {
#  208|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  209|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  210|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def93]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:208:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:778:12: enter_function: entry to 'aesni_cbc_hmac_sha1_ctrl'
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:904:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_ctrl'
#  206|   
#  207|       for (i = 1; i < x4; i++) {
#  208|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  209|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  210|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def94]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:209:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:778:12: enter_function: entry to 'aesni_cbc_hmac_sha1_ctrl'
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:904:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_ctrl'
#  207|       for (i = 1; i < x4; i++) {
#  208|           ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  209|->         ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  210|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  211|           memcpy(ciph_d[i].iv, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def95]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:211:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:778:12: enter_function: entry to 'aesni_cbc_hmac_sha1_ctrl'
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:904:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_ctrl'
#  209|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  210|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  211|->         memcpy(ciph_d[i].iv, IVs, 16);
#  212|           IVs += 16;
#  213|       }

Error: CPPCHECK_WARNING (CWE-758): [#def96]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:715: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  713|                       c = p[j];
#  714|                       cmask =
#  715|->                         ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) *
#  716|                                                                    8 - 1);
#  717|                       res |= (c ^ pad) & ~cmask; /* ... and padding */

Error: CPPCHECK_WARNING (CWE-758): [#def97]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:718: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  716|                                                                    8 - 1);
#  717|                       res |= (c ^ pad) & ~cmask; /* ... and padding */
#  718|->                     cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
#  719|                       res |= (c ^ pmac->c[i]) & cmask;
#  720|                       i += 1 & cmask;

Error: CPPCHECK_WARNING (CWE-457): [#def98]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:178: error[legacyUninitvar]: Uninitialized variable: blocks[0].c
#  176|   
#  177|       /* ask for IVs in bulk */
#  178|->     if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
#  179|           return 0;
#  180|   

Error: GCC_ANALYZER_WARNING (CWE-121): [#def99]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:203:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:748:12: enter_function: entry to 'aesni_cbc_hmac_sha256_ctrl'
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:881:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_ctrl'
#  201|   
#  202|       for (i = 1; i < x4; i++) {
#  203|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  204|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  205|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def100]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:203:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:748:12: enter_function: entry to 'aesni_cbc_hmac_sha256_ctrl'
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:881:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_ctrl'
#  201|   
#  202|       for (i = 1; i < x4; i++) {
#  203|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  204|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  205|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def101]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:204:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:748:12: enter_function: entry to 'aesni_cbc_hmac_sha256_ctrl'
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:881:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_ctrl'
#  202|       for (i = 1; i < x4; i++) {
#  203|           ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  204|->         ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  205|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  206|           memcpy(ciph_d[i].iv, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def102]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:206:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:748:12: enter_function: entry to 'aesni_cbc_hmac_sha256_ctrl'
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:881:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_ctrl'
#  204|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  205|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  206|->         memcpy(ciph_d[i].iv, IVs, 16);
#  207|           IVs += 16;
#  208|       }

Error: CPPCHECK_WARNING (CWE-758): [#def103]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:713: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  711|                       c = p[j];
#  712|                       cmask =
#  713|->                         ((int)(j - off - SHA256_DIGEST_LENGTH)) >>
#  714|                           (sizeof(int) * 8 - 1);
#  715|                       res |= (c ^ pad) & ~cmask; /* ... and padding */

Error: CPPCHECK_WARNING (CWE-758): [#def104]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:716: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  714|                           (sizeof(int) * 8 - 1);
#  715|                       res |= (c ^ pad) & ~cmask; /* ... and padding */
#  716|->                     cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
#  717|                       res |= (c ^ pmac->c[i]) & cmask;
#  718|                       i += 1 & cmask;

Error: CPPCHECK_WARNING (CWE-190): [#def105]
openssl-3.5.4/crypto/evp/evp_enc.c:31: error[integerOverflow]: Signed integer underflow for expression '(~((int)1<<(sizeof(int)*8-1)))-b'.
#   29|   #include "evp_local.h"
#   30|   
#   31|-> OSSL_SAFE_MATH_SIGNED(int, int)
#   32|   
#   33|   int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)

Error: CPPCHECK_WARNING (CWE-758): [#def106]
openssl-3.5.4/crypto/evp/evp_enc.c:31: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   29|   #include "evp_local.h"
#   30|   
#   31|-> OSSL_SAFE_MATH_SIGNED(int, int)
#   32|   
#   33|   int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)

Error: GCC_ANALYZER_WARNING (CWE-404): [#def107]
openssl-3.5.4/crypto/evp/evp_lib.c:1211:25: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/evp/evp_lib.c:1222:11: enter_function: entry to 'EVP_PKEY_Q_keygen'
openssl-3.5.4/crypto/evp/evp_lib.c:1231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/evp/evp_lib.c:1233:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/evp/evp_lib.c:1236:16: branch_false: ...to here
openssl-3.5.4/crypto/evp/evp_lib.c:1236:15: branch_false: following 'false' branch...
openssl-3.5.4/crypto/evp/evp_lib.c:1242:11: branch_false: ...to here
openssl-3.5.4/crypto/evp/evp_lib.c:1242:11: call_function: calling 'evp_pkey_keygen' from 'EVP_PKEY_Q_keygen'
# 1209|   {
# 1210|       EVP_PKEY *pkey = NULL;
# 1211|->     EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propq);
# 1212|   
# 1213|       if (ctx != NULL

Error: GCC_ANALYZER_WARNING (CWE-404): [#def108]
openssl-3.5.4/crypto/evp/evp_lib.c:1214:16: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/evp/evp_lib.c:1222:11: enter_function: entry to 'EVP_PKEY_Q_keygen'
openssl-3.5.4/crypto/evp/evp_lib.c:1231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/evp/evp_lib.c:1233:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/evp/evp_lib.c:1236:16: branch_false: ...to here
openssl-3.5.4/crypto/evp/evp_lib.c:1236:15: branch_false: following 'false' branch...
openssl-3.5.4/crypto/evp/evp_lib.c:1242:11: branch_false: ...to here
openssl-3.5.4/crypto/evp/evp_lib.c:1242:11: call_function: calling 'evp_pkey_keygen' from 'EVP_PKEY_Q_keygen'
# 1212|   
# 1213|       if (ctx != NULL
# 1214|->             && EVP_PKEY_keygen_init(ctx) > 0
# 1215|               && EVP_PKEY_CTX_set_params(ctx, params))
# 1216|           (void)EVP_PKEY_generate(ctx, &pkey);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def109]
openssl-3.5.4/crypto/evp/evp_lib.c:1215:16: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/evp/evp_lib.c:1222:11: enter_function: entry to 'EVP_PKEY_Q_keygen'
openssl-3.5.4/crypto/evp/evp_lib.c:1231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/evp/evp_lib.c:1233:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/evp/evp_lib.c:1236:16: branch_false: ...to here
openssl-3.5.4/crypto/evp/evp_lib.c:1236:15: branch_false: following 'false' branch...
openssl-3.5.4/crypto/evp/evp_lib.c:1242:11: branch_false: ...to here
openssl-3.5.4/crypto/evp/evp_lib.c:1242:11: call_function: calling 'evp_pkey_keygen' from 'EVP_PKEY_Q_keygen'
# 1213|       if (ctx != NULL
# 1214|               && EVP_PKEY_keygen_init(ctx) > 0
# 1215|->             && EVP_PKEY_CTX_set_params(ctx, params))
# 1216|           (void)EVP_PKEY_generate(ctx, &pkey);
# 1217|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def110]
openssl-3.5.4/crypto/evp/evp_lib.c:1216:15: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/evp/evp_lib.c:1222:11: enter_function: entry to 'EVP_PKEY_Q_keygen'
openssl-3.5.4/crypto/evp/evp_lib.c:1231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/evp/evp_lib.c:1242:11: call_function: calling 'evp_pkey_keygen' from 'EVP_PKEY_Q_keygen'
# 1214|               && EVP_PKEY_keygen_init(ctx) > 0
# 1215|               && EVP_PKEY_CTX_set_params(ctx, params))
# 1216|->         (void)EVP_PKEY_generate(ctx, &pkey);
# 1217|   
# 1218|       EVP_PKEY_CTX_free(ctx);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def111]
openssl-3.5.4/crypto/evp/evp_lib.c:1218:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/evp/evp_lib.c:1222:11: enter_function: entry to 'EVP_PKEY_Q_keygen'
openssl-3.5.4/crypto/evp/evp_lib.c:1231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/evp/evp_lib.c:1242:11: call_function: calling 'evp_pkey_keygen' from 'EVP_PKEY_Q_keygen'
# 1216|           (void)EVP_PKEY_generate(ctx, &pkey);
# 1217|   
# 1218|->     EVP_PKEY_CTX_free(ctx);
# 1219|       return pkey;
# 1220|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def112]
openssl-3.5.4/crypto/evp/evp_lib.c:1233:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/evp/evp_lib.c:1231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/evp/evp_lib.c:1233:9: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
# 1231|       va_start(args, type);
# 1232|   
# 1233|->     if (OPENSSL_strcasecmp(type, "RSA") == 0) {
# 1234|           bits = va_arg(args, size_t);
# 1235|           params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def113]
openssl-3.5.4/crypto/evp/evp_lib.c:1235:21: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/evp/evp_lib.c:1231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/evp/evp_lib.c:1233:8: branch_true: following 'true' branch...
openssl-3.5.4/crypto/evp/evp_lib.c:1234:16: branch_true: ...to here
openssl-3.5.4/crypto/evp/evp_lib.c:1235:21: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
# 1233|       if (OPENSSL_strcasecmp(type, "RSA") == 0) {
# 1234|           bits = va_arg(args, size_t);
# 1235|->         params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);
# 1236|       } else if (OPENSSL_strcasecmp(type, "EC") == 0) {
# 1237|           name = va_arg(args, char *);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def114]
openssl-3.5.4/crypto/evp/evp_lib.c:1236:16: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/evp/evp_lib.c:1231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/evp/evp_lib.c:1233:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/evp/evp_lib.c:1236:16: branch_false: ...to here
openssl-3.5.4/crypto/evp/evp_lib.c:1236:16: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
# 1234|           bits = va_arg(args, size_t);
# 1235|           params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);
# 1236|->     } else if (OPENSSL_strcasecmp(type, "EC") == 0) {
# 1237|           name = va_arg(args, char *);
# 1238|           params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,

Error: GCC_ANALYZER_WARNING (CWE-404): [#def115]
openssl-3.5.4/crypto/evp/evp_lib.c:1238:21: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/evp/evp_lib.c:1231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/evp/evp_lib.c:1233:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/evp/evp_lib.c:1236:16: branch_false: ...to here
openssl-3.5.4/crypto/evp/evp_lib.c:1236:15: branch_true: following 'true' branch...
openssl-3.5.4/crypto/evp/evp_lib.c:1237:9: branch_true: ...to here
openssl-3.5.4/crypto/evp/evp_lib.c:1238:21: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
# 1236|       } else if (OPENSSL_strcasecmp(type, "EC") == 0) {
# 1237|           name = va_arg(args, char *);
# 1238|->         params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
# 1239|                                                        name, 0);
# 1240|       }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def116]
openssl-3.5.4/crypto/evp/skeymgmt_meth.c:24:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 'skeymgmt'
openssl-3.5.4/crypto/evp/skeymgmt_meth.c:20:7: enter_function: entry to 'evp_skeymgmt_generate'
openssl-3.5.4/crypto/evp/skeymgmt_meth.c:22:21: call_function: calling 'EVP_SKEYMGMT_get0_provider' from 'evp_skeymgmt_generate'
openssl-3.5.4/crypto/evp/skeymgmt_meth.c:22:21: return_function: returning to 'evp_skeymgmt_generate' from 'EVP_SKEYMGMT_get0_provider'
openssl-3.5.4/crypto/evp/skeymgmt_meth.c:24:13: danger: dereference of NULL 'skeymgmt'
#   22|       void *provctx = ossl_provider_ctx(EVP_SKEYMGMT_get0_provider(skeymgmt));
#   23|   
#   24|->     return (skeymgmt->generate != NULL) ? skeymgmt->generate(provctx, params) : NULL;
#   25|   }
#   26|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def117]
openssl-3.5.4/crypto/evp/skeymgmt_meth.c:32:12: warning[-Wanalyzer-null-dereference]: dereference of NULL 'skeymgmt'
openssl-3.5.4/crypto/evp/skeymgmt_meth.c:27:7: enter_function: entry to 'evp_skeymgmt_import'
openssl-3.5.4/crypto/evp/skeymgmt_meth.c:29:21: call_function: calling 'EVP_SKEYMGMT_get0_provider' from 'evp_skeymgmt_import'
openssl-3.5.4/crypto/evp/skeymgmt_meth.c:29:21: return_function: returning to 'evp_skeymgmt_import' from 'EVP_SKEYMGMT_get0_provider'
openssl-3.5.4/crypto/evp/skeymgmt_meth.c:32:12: danger: dereference of NULL 'skeymgmt'
#   30|   
#   31|       /* This is mandatory, no need to check for its presence */
#   32|->     return skeymgmt->import(provctx, selection, params);
#   33|   }
#   34|   

Error: CPPCHECK_WARNING (CWE-758): [#def118]
openssl-3.5.4/crypto/ml_dsa/ml_dsa_key_compress.c:72: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   70|       } else {
#   71|           r1 = (r1 * 11275 + (1 << 23)) >> 24;
#   72|->         r1 ^= ((43 - r1) >> 31) & r1;
#   73|           return r1;
#   74|       }

Error: CPPCHECK_WARNING (CWE-758): [#def119]
openssl-3.5.4/crypto/ml_dsa/ml_dsa_key_compress.c:92: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   90|   
#   91|       *r0 = r - *r1 * 2 * (int32_t)gamma2;
#   92|->     *r0 -= (((int32_t)ML_DSA_Q_MINUS1_DIV2 - *r0) >> 31) & (int32_t)ML_DSA_Q;
#   93|   }
#   94|   

Error: CPPCHECK_WARNING (CWE-758): [#def120]
openssl-3.5.4/crypto/modes/xts128.c:74: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   72|               unsigned int carry, res;
#   73|   
#   74|->             res = 0x87 & (((int)tweak.d[3]) >> 31);
#   75|               carry = (unsigned int)(tweak.u[0] >> 63);
#   76|               tweak.u[0] = (tweak.u[0] << 1) ^ res;

Error: CPPCHECK_WARNING (CWE-758): [#def121]
openssl-3.5.4/crypto/modes/xts128.c:113: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  111|               unsigned int carry, res;
#  112|   
#  113|->             res = 0x87 & (((int)tweak.d[3]) >> 31);
#  114|               carry = (unsigned int)(tweak.u[0] >> 63);
#  115|               tweak1.u[0] = (tweak.u[0] << 1) ^ res;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def122]
openssl-3.5.4/crypto/param_build.c:340:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 'p'
openssl-3.5.4/crypto/param_build.c:361:13: enter_function: entry to 'OSSL_PARAM_BLD_to_param'
openssl-3.5.4/crypto/param_build.c:370:8: branch_false: following 'false' branch (when 'ss == 0')...
openssl-3.5.4/crypto/param_build.c:377:14: branch_false: ...to here
openssl-3.5.4/crypto/param_build.c:378:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/param_build.c:382:18: branch_false: ...to here
openssl-3.5.4/crypto/param_build.c:383:12: call_function: calling 'param_bld_convert' from 'OSSL_PARAM_BLD_to_param'
#  338|                      || pd->type == OSSL_PARAM_UTF8_PTR) {
#  339|               /* PTR */
#  340|->             *(const void **)p = pd->string;
#  341|           } else if (pd->type == OSSL_PARAM_OCTET_STRING
#  342|                      || pd->type == OSSL_PARAM_UTF8_STRING) {

Error: CPPCHECK_WARNING (CWE-190): [#def123]
openssl-3.5.4/crypto/params.c:1273: error[floatConversionOverflow]: Undefined behaviour: float (4.29497e+09) to integer conversion overflow.
# 1271|               if (val >= 0 && val < d_pow_32) {
# 1272|                   p->return_size = sizeof(uint32_t);
# 1273|->                 *(uint32_t *)p->data = (uint32_t)val;
# 1274|                   return 1;
# 1275|               }

Error: CPPCHECK_WARNING (CWE-190): [#def124]
openssl-3.5.4/crypto/params.c:1281: error[floatConversionOverflow]: Undefined behaviour: float (1.84467e+19) to integer conversion overflow.
# 1279|               if (val >= 0 && val < d_pow_64) {
# 1280|                   p->return_size = sizeof(uint64_t);
# 1281|->                 *(uint64_t *)p->data = (uint64_t)val;
# 1282|                   return 1;
# 1283|               }

Error: CPPCHECK_WARNING (CWE-457): [#def125]
openssl-3.5.4/crypto/slh_dsa/slh_dsa.c:85: error[uninitvar]: Uninitialized variable: m_digest
#   83|       if (!WPACKET_init_static_len(wpkt, sig, sig_len_expected, 0))
#   84|           return 0;
#   85|->     if (!PACKET_buf_init(rpkt, m_digest, params->m))
#   86|           return 0;
#   87|   

Error: CPPCHECK_WARNING (CWE-457): [#def126]
openssl-3.5.4/crypto/slh_dsa/slh_dsa.c:283: warning[uninitvar]: Uninitialized variable: m
#  281|               return 0;
#  282|       }
#  283|->     ret = slh_sign_internal(slh_ctx, m, m_len, sig, siglen, sigsize, add_rand);
#  284|       if (m != msg && m != m_tmp)
#  285|           OPENSSL_free(m);

Error: CPPCHECK_WARNING (CWE-758): [#def127]
openssl-3.5.4/crypto/stack/stack.c:18: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   16|   #include <openssl/e_os2.h>      /* For ossl_inline */
#   17|   
#   18|-> OSSL_SAFE_MATH_SIGNED(int, int)
#   19|   
#   20|   /*

Error: GCC_ANALYZER_WARNING (CWE-404): [#def128]
openssl-3.5.4/crypto/store/store_lib.c:271:33: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/store/store_lib.c:248:5: enter_function: entry to 'OSSL_STORE_ctrl'
openssl-3.5.4/crypto/store/store_lib.c:253:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/store/store_lib.c:254:11: call_function: calling 'OSSL_STORE_vctrl' from 'OSSL_STORE_ctrl'
#  269|                       int on = *(va_arg(args, int *));
#  270|   
#  271|->                     params[0] = OSSL_PARAM_construct_int("use_secmem", &on);
#  272|                   }
#  273|                   break;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def129]
openssl-3.5.4/crypto/store/store_lib.c:278:20: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/store/store_lib.c:248:5: enter_function: entry to 'OSSL_STORE_ctrl'
openssl-3.5.4/crypto/store/store_lib.c:253:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/store/store_lib.c:254:11: call_function: calling 'OSSL_STORE_vctrl' from 'OSSL_STORE_ctrl'
#  276|               }
#  277|   
#  278|->             return ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
#  279|                                                            params);
#  280|           }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def130]
openssl-3.5.4/crypto/store/store_lib.c:282:16: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/store/store_lib.c:248:5: enter_function: entry to 'OSSL_STORE_ctrl'
openssl-3.5.4/crypto/store/store_lib.c:253:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/store/store_lib.c:254:11: call_function: calling 'OSSL_STORE_vctrl' from 'OSSL_STORE_ctrl'
#  280|           }
#  281|       } else if (ctx->loader->ctrl != NULL) {
#  282|->         return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
#  283|       }
#  284|   

Error: COMPILER_WARNING: [#def131]
openssl-3.5.4/crypto/thread/arch/thread_posix.c:13:10: warning: '_GNU_SOURCE' redefined
#   13 | # define _GNU_SOURCE
#      |          ^~~~~~~~~~~
<command-line>: note: this is the location of the previous definition
#   11|   
#   12|   #if defined(OPENSSL_THREADS_POSIX)
#   13|-> # define _GNU_SOURCE
#   14|   # include <errno.h>
#   15|   # include <sys/types.h>

Error: COMPILER_WARNING: [#def132]
openssl-3.5.4/crypto/thread/arch/thread_posix.c:13:10: warning[warning]: '_GNU_SOURCE' redefined
#   11|   
#   12|   #if defined(OPENSSL_THREADS_POSIX)
#   13|-> # define _GNU_SOURCE
#   14|   # include <errno.h>
#   15|   # include <sys/types.h>

Error: CPPCHECK_WARNING (CWE-758): [#def133]
openssl-3.5.4/crypto/x509/v3_ncons.c:25: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   23|   #include "ext_dat.h"
#   24|   
#   25|-> OSSL_SAFE_MATH_SIGNED(int, int)
#   26|   
#   27|   static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,

Error: GCC_ANALYZER_WARNING (CWE-688): [#def134]
openssl-3.5.4/crypto/x509/x509_vfy.c:3007:13: warning[-Wanalyzer-null-argument]: use of NULL 'cmpbuf' where non-null expected
openssl-3.5.4/crypto/x509/x509_vfy.c:2945:17: branch_true: following 'true' branch (when 'i < recnum')...
openssl-3.5.4/crypto/x509/x509_vfy.c:2946:37: branch_true: ...to here
openssl-3.5.4/crypto/x509/x509_vfy.c:2947:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/x509/x509_vfy.c:2949:13: branch_false: ...to here
openssl-3.5.4/crypto/x509/x509_vfy.c:2949:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/x509/x509_vfy.c:2956:13: branch_false: ...to here
openssl-3.5.4/crypto/x509/x509_vfy.c:2956:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/x509/x509_vfy.c:2968:20: branch_false: ...to here
openssl-3.5.4/crypto/x509/x509_vfy.c:2986:12: branch_true: following 'true' branch...
openssl-3.5.4/crypto/x509/x509_vfy.c:2987:32: branch_true: ...to here
openssl-3.5.4/crypto/x509/x509_vfy.c:2992:16: branch_false: following 'false' branch (when 'md' is NULL)...
openssl-3.5.4/crypto/x509/x509_vfy.c:3006:13: branch_false: ...to here
openssl-3.5.4/crypto/x509/x509_vfy.c:3006:12: branch_true: following 'true' branch...
openssl-3.5.4/crypto/x509/x509_vfy.c:3007:28: branch_true: ...to here
openssl-3.5.4/crypto/x509/x509_vfy.c:3007:13: danger: argument 1 ('cmpbuf') NULL where non-null expected
# 3005|            */
# 3006|           if (cmplen == t->dlen &&
# 3007|->             memcmp(cmpbuf, t->data, cmplen) == 0) {
# 3008|               if (DANETLS_USAGE_BIT(usage) & DANETLS_DANE_MASK)
# 3009|                   matched = 1;

Error: GCC_ANALYZER_WARNING (CWE-1335): [#def135]
openssl-3.5.4/crypto/x509/x509_vfy.c:3008:17: warning[-Wanalyzer-shift-count-overflow]: shift by count ('256') >= precision of type ('32')
openssl-3.5.4/crypto/x509/x509_vfy.c:2945:17: branch_true: following 'true' branch (when 'i < recnum')...
openssl-3.5.4/crypto/x509/x509_vfy.c:2946:37: branch_true: ...to here
openssl-3.5.4/crypto/x509/x509_vfy.c:2947:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/x509/x509_vfy.c:2949:13: branch_false: ...to here
openssl-3.5.4/crypto/x509/x509_vfy.c:2949:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/x509/x509_vfy.c:2956:13: branch_false: ...to here
openssl-3.5.4/crypto/x509/x509_vfy.c:2956:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/x509/x509_vfy.c:2968:20: branch_false: ...to here
openssl-3.5.4/crypto/x509/x509_vfy.c:2986:12: branch_true: following 'true' branch...
openssl-3.5.4/crypto/x509/x509_vfy.c:2987:32: branch_true: ...to here
openssl-3.5.4/crypto/x509/x509_vfy.c:2992:16: branch_true: following 'true' branch (when 'md' is non-NULL)...
openssl-3.5.4/crypto/x509/x509_vfy.c:2994:22: branch_true: ...to here
openssl-3.5.4/crypto/x509/x509_vfy.c:2994:20: branch_false: following 'false' branch...
openssl-3.5.4/crypto/x509/x509_vfy.c:3006:13: branch_false: ...to here
openssl-3.5.4/crypto/x509/x509_vfy.c:3006:12: branch_true: following 'true' branch...
openssl-3.5.4/crypto/x509/x509_vfy.c:3007:28: branch_true: ...to here
openssl-3.5.4/crypto/x509/x509_vfy.c:3006:13: branch_true: following 'true' branch...
openssl-3.5.4/crypto/x509/x509_vfy.c:3008:17: branch_true: ...to here
openssl-3.5.4/crypto/x509/x509_vfy.c:3008:17: danger: shift by count '256' here
# 3006|           if (cmplen == t->dlen &&
# 3007|               memcmp(cmpbuf, t->data, cmplen) == 0) {
# 3008|->             if (DANETLS_USAGE_BIT(usage) & DANETLS_DANE_MASK)
# 3009|                   matched = 1;
# 3010|               if (matched || dane->mdpth < 0) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def136]
openssl-3.5.4/crypto/x509/x509name.c:41:16: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.4/crypto/x509/x509name.c:30:5: enter_function: entry to 'X509_NAME_get_text_by_OBJ'
openssl-3.5.4/crypto/x509/x509name.c:37:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/x509/x509name.c:39:37: branch_false: ...to here
openssl-3.5.4/crypto/x509/x509name.c:39:12: call_function: calling 'X509_NAME_ENTRY_get_data' from 'X509_NAME_get_text_by_OBJ'
openssl-3.5.4/crypto/x509/x509name.c:39:12: return_function: returning to 'X509_NAME_get_text_by_OBJ' from 'X509_NAME_ENTRY_get_data'
openssl-3.5.4/crypto/x509/x509name.c:40:8: branch_true: following 'true' branch (when 'buf' is NULL)...
openssl-3.5.4/crypto/x509/x509name.c:41:16: branch_true: ...to here
openssl-3.5.4/crypto/x509/x509name.c:41:16: danger: dereference of NULL 'X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,  X509_NAME_get_index_by_OBJ(name,  obj, -1)))'
#   39|       data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
#   40|       if (buf == NULL)
#   41|->         return data->length;
#   42|       if (len <= 0)
#   43|           return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def137]
openssl-3.5.4/crypto/x509/x509name.c:44:10: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.4/crypto/x509/x509name.c:30:5: enter_function: entry to 'X509_NAME_get_text_by_OBJ'
openssl-3.5.4/crypto/x509/x509name.c:37:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/x509/x509name.c:39:37: branch_false: ...to here
openssl-3.5.4/crypto/x509/x509name.c:39:12: call_function: calling 'X509_NAME_ENTRY_get_data' from 'X509_NAME_get_text_by_OBJ'
openssl-3.5.4/crypto/x509/x509name.c:39:12: return_function: returning to 'X509_NAME_get_text_by_OBJ' from 'X509_NAME_ENTRY_get_data'
openssl-3.5.4/crypto/x509/x509name.c:40:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
openssl-3.5.4/crypto/x509/x509name.c:42:8: branch_false: ...to here
openssl-3.5.4/crypto/x509/x509name.c:42:8: branch_false: following 'false' branch (when 'len > 0')...
openssl-3.5.4/crypto/x509/x509name.c:44:10: branch_false: ...to here
openssl-3.5.4/crypto/x509/x509name.c:44:10: danger: dereference of NULL 'X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,  X509_NAME_get_index_by_OBJ(name,  obj, -1)))'
#   42|       if (len <= 0)
#   43|           return 0;
#   44|->     i = (data->length > (len - 1)) ? (len - 1) : data->length;
#   45|       memcpy(buf, data->data, i);
#   46|       buf[i] = '\0';

Error: GCC_ANALYZER_WARNING (CWE-775): [#def138]
openssl-3.5.4/engines/e_afalg.c:886:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'sock'
openssl-3.5.4/engines/e_afalg.c:847:12: enter_function: entry to 'afalg_chk_platform'
openssl-3.5.4/engines/e_afalg.c:857:8: branch_false: following 'false' branch (when 'ret == 0')...
openssl-3.5.4/engines/e_afalg.c:863:11: branch_false: ...to here
openssl-3.5.4/engines/e_afalg.c:864:17: branch_true: following 'true' branch...
openssl-3.5.4/engines/e_afalg.c:865:19: call_function: inlined call to 'atoi' from 'afalg_chk_platform'
openssl-3.5.4/engines/e_afalg.c:864:17: branch_false: following 'false' branch...
openssl-3.5.4/engines/e_afalg.c:869:9: branch_false: ...to here
openssl-3.5.4/engines/e_afalg.c:869:8: branch_false: following 'false' branch...
openssl-3.5.4/engines/e_afalg.c:881:12: branch_false: ...to here
openssl-3.5.4/engines/e_afalg.c:881:12: acquire_resource: socket created here
openssl-3.5.4/engines/e_afalg.c:882:8: branch_false: following 'false' branch (when 'sock != -1')...
openssl-3.5.4/engines/e_afalg.c:886:5: branch_false: ...to here
openssl-3.5.4/engines/e_afalg.c:886:5: danger: 'sock' leaks here
#  884|           return 0;
#  885|       }
#  886|->     close(sock);
#  887|   
#  888|       return 1;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def139]
openssl-3.5.4/include/internal/ktls.h:416:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 'cmsg'
openssl-3.5.4/crypto/bio/bss_conn.c:366:12: enter_function: entry to 'conn_read'
openssl-3.5.4/crypto/bio/bss_conn.c:372:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/bio/bss_conn.c:378:9: branch_false: ...to here
openssl-3.5.4/crypto/bio/bss_conn.c:378:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/bio/bss_conn.c:385:8: branch_false: ...to here
openssl-3.5.4/crypto/bio/bss_conn.c:385:8: branch_true: following 'true' branch (when 'out' is non-NULL)...
openssl-3.5.4/crypto/bio/bss_conn.c:386:9: branch_true: ...to here
openssl-3.5.4/crypto/bio/bss_conn.c:388:12: branch_true: following 'true' branch...
openssl-3.5.4/crypto/bio/bss_conn.c:389:19: branch_true: ...to here
openssl-3.5.4/crypto/bio/bss_conn.c:389:19: call_function: calling 'ktls_read_record' from 'conn_read'
#  414|       if (msg.msg_controllen > 0) {
#  415|           cmsg = CMSG_FIRSTHDR(&msg);
#  416|->         if (cmsg->cmsg_type == TLS_GET_RECORD_TYPE) {
#  417|               p[0] = *((unsigned char *)CMSG_DATA(cmsg));
#  418|               p[1] = TLS1_2_VERSION_MAJOR;

Error: CPPCHECK_WARNING (CWE-457): [#def140]
openssl-3.5.4/include/openssl/asn1.h:234: warning[uninitvar]: Uninitialized variables: ptr.minsize, ptr.maxsize, ptr.mask, ptr.flags
#  232|   };
#  233|   
#  234|-> SKM_DEFINE_STACK_OF_INTERNAL(ASN1_STRING_TABLE, ASN1_STRING_TABLE, ASN1_STRING_TABLE)
#  235|   #define sk_ASN1_STRING_TABLE_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk))
#  236|   #define sk_ASN1_STRING_TABLE_value(sk, idx) ((ASN1_STRING_TABLE *)OPENSSL_sk_value(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def141]
openssl-3.5.4/include/openssl/comp.h:66: warning[uninitvar]: Uninitialized variables: ptr.name, ptr.method
#   64|   typedef struct ssl_comp_st SSL_COMP;
#   65|   
#   66|-> SKM_DEFINE_STACK_OF_INTERNAL(SSL_COMP, SSL_COMP, SSL_COMP)
#   67|   #define sk_SSL_COMP_num(sk) OPENSSL_sk_num(ossl_check_const_SSL_COMP_sk_type(sk))
#   68|   #define sk_SSL_COMP_value(sk, idx) ((SSL_COMP *)OPENSSL_sk_value(ossl_check_const_SSL_COMP_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def142]
openssl-3.5.4/include/openssl/conf.h:70: warning[uninitvar]: Uninitialized variable: ptr.value
#   68|   #define sk_CONF_VALUE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(CONF_VALUE) *)OPENSSL_sk_deep_copy(ossl_check_const_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_copyfunc_type(copyfunc), ossl_check_CONF_VALUE_freefunc_type(freefunc)))
#   69|   #define sk_CONF_VALUE_set_cmp_func(sk, cmp) ((sk_CONF_VALUE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_compfunc_type(cmp)))
#   70|-> DEFINE_LHASH_OF_INTERNAL(CONF_VALUE);
#   71|   #define lh_CONF_VALUE_new(hfn, cmp) ((LHASH_OF(CONF_VALUE) *)OPENSSL_LH_set_thunks(OPENSSL_LH_new(ossl_check_CONF_VALUE_lh_hashfunc_type(hfn), ossl_check_CONF_VALUE_lh_compfunc_type(cmp)), lh_CONF_VALUE_hash_thunk, lh_CONF_VALUE_comp_thunk, lh_CONF_VALUE_doall_thunk, lh_CONF_VALUE_doall_arg_thunk))
#   72|   #define lh_CONF_VALUE_free(lh) OPENSSL_LH_free(ossl_check_CONF_VALUE_lh_type(lh))

Error: CPPCHECK_WARNING (CWE-457): [#def143]
openssl-3.5.4/include/openssl/err.h:374: warning[uninitvar]: Uninitialized variable: ptr.string
#  372|   } ERR_STRING_DATA;
#  373|   
#  374|-> DEFINE_LHASH_OF_INTERNAL(ERR_STRING_DATA);
#  375|   #define lh_ERR_STRING_DATA_new(hfn, cmp) ((LHASH_OF(ERR_STRING_DATA) *)OPENSSL_LH_set_thunks(OPENSSL_LH_new(ossl_check_ERR_STRING_DATA_lh_hashfunc_type(hfn), ossl_check_ERR_STRING_DATA_lh_compfunc_type(cmp)), lh_ERR_STRING_DATA_hash_thunk, lh_ERR_STRING_DATA_comp_thunk, lh_ERR_STRING_DATA_doall_thunk, lh_ERR_STRING_DATA_doall_arg_thunk))
#  376|   #define lh_ERR_STRING_DATA_free(lh) OPENSSL_LH_free(ossl_check_ERR_STRING_DATA_lh_type(lh))

Error: CPPCHECK_WARNING (CWE-457): [#def144]
openssl-3.5.4/include/openssl/x509.h:104: warning[uninitvar]: Uninitialized variables: ptr.revocationDate, ptr.extensions, ptr.issuer, ptr.reason, ptr.sequence
#  102|   #define sk_X509_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_sk_type(sk), ossl_check_X509_copyfunc_type(copyfunc), ossl_check_X509_freefunc_type(freefunc)))
#  103|   #define sk_X509_set_cmp_func(sk, cmp) ((sk_X509_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_sk_type(sk), ossl_check_X509_compfunc_type(cmp)))
#  104|-> SKM_DEFINE_STACK_OF_INTERNAL(X509_REVOKED, X509_REVOKED, X509_REVOKED)
#  105|   #define sk_X509_REVOKED_num(sk) OPENSSL_sk_num(ossl_check_const_X509_REVOKED_sk_type(sk))
#  106|   #define sk_X509_REVOKED_value(sk, idx) ((X509_REVOKED *)OPENSSL_sk_value(ossl_check_const_X509_REVOKED_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def145]
openssl-3.5.4/include/openssl/x509_vfy.h:120: warning[uninitvar]: Uninitialized variables: ptr.check_time, ptr.inh_flags, ptr.flags, ptr.purpose, ptr.trust, ptr.depth, ptr.auth_level, ptr.policies, ptr.hosts, ptr.hostflags, ptr.peername, ptr.email, ptr.emaillen, ptr.ip, ptr.iplen
#  118|   #define sk_X509_OBJECT_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_OBJECT) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_OBJECT_sk_type(sk), ossl_check_X509_OBJECT_copyfunc_type(copyfunc), ossl_check_X509_OBJECT_freefunc_type(freefunc)))
#  119|   #define sk_X509_OBJECT_set_cmp_func(sk, cmp) ((sk_X509_OBJECT_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_OBJECT_sk_type(sk), ossl_check_X509_OBJECT_compfunc_type(cmp)))
#  120|-> SKM_DEFINE_STACK_OF_INTERNAL(X509_VERIFY_PARAM, X509_VERIFY_PARAM, X509_VERIFY_PARAM)
#  121|   #define sk_X509_VERIFY_PARAM_num(sk) OPENSSL_sk_num(ossl_check_const_X509_VERIFY_PARAM_sk_type(sk))
#  122|   #define sk_X509_VERIFY_PARAM_value(sk, idx) ((X509_VERIFY_PARAM *)OPENSSL_sk_value(ossl_check_const_X509_VERIFY_PARAM_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def146]
openssl-3.5.4/include/openssl/x509_vfy.h:157: warning[uninitvar]: Uninitialized variables: ptr.flags, ptr.check_trust, ptr.name, ptr.arg1, ptr.arg2
#  155|       void *arg2;
#  156|   } X509_TRUST;
#  157|-> SKM_DEFINE_STACK_OF_INTERNAL(X509_TRUST, X509_TRUST, X509_TRUST)
#  158|   #define sk_X509_TRUST_num(sk) OPENSSL_sk_num(ossl_check_const_X509_TRUST_sk_type(sk))
#  159|   #define sk_X509_TRUST_value(sk, idx) ((X509_TRUST *)OPENSSL_sk_value(ossl_check_const_X509_TRUST_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def147]
openssl-3.5.4/include/openssl/x509v3.h:716: warning[uninitvar]: Uninitialized variables: ptr.trust, ptr.flags, ptr.check_purpose, ptr.name, ptr.sname, ptr.usr_data
#  714|   } X509_PURPOSE;
#  715|   
#  716|-> SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
#  717|   #define sk_X509_PURPOSE_num(sk) OPENSSL_sk_num(ossl_check_const_X509_PURPOSE_sk_type(sk))
#  718|   #define sk_X509_PURPOSE_value(sk, idx) ((X509_PURPOSE *)OPENSSL_sk_value(ossl_check_const_X509_PURPOSE_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def148]
openssl-3.5.4/include/openssl/x509v3.h:1065: warning[uninitvar]: Uninitialized variables: ptr.parent, ptr.nchild
# 1063|   
# 1064|   void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
# 1065|-> SKM_DEFINE_STACK_OF_INTERNAL(X509_POLICY_NODE, X509_POLICY_NODE, X509_POLICY_NODE)
# 1066|   #define sk_X509_POLICY_NODE_num(sk) OPENSSL_sk_num(ossl_check_const_X509_POLICY_NODE_sk_type(sk))
# 1067|   #define sk_X509_POLICY_NODE_value(sk, idx) ((X509_POLICY_NODE *)OPENSSL_sk_value(ossl_check_const_X509_POLICY_NODE_sk_type(sk), (idx)))

Error: GCC_ANALYZER_WARNING (CWE-404): [#def149]
openssl-3.5.4/providers/common/bio_prov.c:145:12: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/common/bio_prov.c:148:5: enter_function: entry to 'ossl_prov_bio_printf'
openssl-3.5.4/providers/common/bio_prov.c:153:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/common/bio_prov.c:154:11: call_function: calling 'ossl_prov_bio_vprintf' from 'ossl_prov_bio_printf'
#  143|       if (c_bio_vprintf == NULL)
#  144|           return -1;
#  145|->     return c_bio_vprintf(bio, format, ap);
#  146|   }
#  147|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def150]
openssl-3.5.4/providers/fips/fipsprov.c:1023:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/fips/fipsprov.c:1022:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/fips/fipsprov.c:1023:5: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
# 1021|   
# 1022|       va_start(args, fmt);
# 1023|->     c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
# 1024|       va_end(args);
# 1025|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def151]
openssl-3.5.4/providers/fips/fipsprov.c:1138:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/fips/fipsprov.c:1137:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/fips/fipsprov.c:1138:11: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
# 1136|   
# 1137|       va_start(args, format);
# 1138|->     ret = c_BIO_vsnprintf(buf, n, format, args);
# 1139|       va_end(args);
# 1140|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def152]
openssl-3.5.4/providers/fips/self_test_kats.c:170:26: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/fips/self_test_kats.c:216:29: enter_function: entry to 'kat_params_to_ossl_params'
openssl-3.5.4/providers/fips/self_test_kats.c:225:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:227:11: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:228:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/fips/self_test_kats.c:232:12: branch_true: following 'true' branch (when 'pms' is non-NULL)...
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: branch_true: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: call_function: calling 'add_params' from 'kat_params_to_ossl_params'
#  168|           switch (p->type) {
#  169|           case OSSL_PARAM_UNSIGNED_INTEGER: {
#  170|->             BIGNUM *bn = BN_CTX_get(ctx);
#  171|   
#  172|               if (bn == NULL

Error: GCC_ANALYZER_WARNING (CWE-404): [#def153]
openssl-3.5.4/providers/fips/self_test_kats.c:173:21: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/fips/self_test_kats.c:216:29: enter_function: entry to 'kat_params_to_ossl_params'
openssl-3.5.4/providers/fips/self_test_kats.c:225:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:227:11: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:228:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/fips/self_test_kats.c:232:12: branch_true: following 'true' branch (when 'pms' is non-NULL)...
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: branch_true: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: call_function: calling 'add_params' from 'kat_params_to_ossl_params'
#  171|   
#  172|               if (bn == NULL
#  173|->                 || (BN_bin2bn(p->data, p->data_len, bn) == NULL)
#  174|                   || !OSSL_PARAM_BLD_push_BN(bld, p->name, bn))
#  175|                   goto err;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def154]
openssl-3.5.4/providers/fips/self_test_kats.c:174:21: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/fips/self_test_kats.c:216:29: enter_function: entry to 'kat_params_to_ossl_params'
openssl-3.5.4/providers/fips/self_test_kats.c:225:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:227:11: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:228:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/fips/self_test_kats.c:232:12: branch_true: following 'true' branch (when 'pms' is non-NULL)...
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: branch_true: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: call_function: calling 'add_params' from 'kat_params_to_ossl_params'
#  172|               if (bn == NULL
#  173|                   || (BN_bin2bn(p->data, p->data_len, bn) == NULL)
#  174|->                 || !OSSL_PARAM_BLD_push_BN(bld, p->name, bn))
#  175|                   goto err;
#  176|               break;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def155]
openssl-3.5.4/providers/fips/self_test_kats.c:179:18: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/fips/self_test_kats.c:216:29: enter_function: entry to 'kat_params_to_ossl_params'
openssl-3.5.4/providers/fips/self_test_kats.c:225:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:227:11: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:228:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/fips/self_test_kats.c:232:12: branch_true: following 'true' branch (when 'pms' is non-NULL)...
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: branch_true: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: call_function: calling 'add_params' from 'kat_params_to_ossl_params'
#  177|           }
#  178|           case OSSL_PARAM_UTF8_STRING: {
#  179|->             if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data,
#  180|                                                    p->data_len))
#  181|                   goto err;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def156]
openssl-3.5.4/providers/fips/self_test_kats.c:185:18: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/fips/self_test_kats.c:216:29: enter_function: entry to 'kat_params_to_ossl_params'
openssl-3.5.4/providers/fips/self_test_kats.c:225:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:227:11: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:228:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/fips/self_test_kats.c:232:12: branch_true: following 'true' branch (when 'pms' is non-NULL)...
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: branch_true: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: call_function: calling 'add_params' from 'kat_params_to_ossl_params'
#  183|           }
#  184|           case OSSL_PARAM_OCTET_STRING: {
#  185|->             if (!OSSL_PARAM_BLD_push_octet_string(bld, p->name, p->data,
#  186|                                                     p->data_len))
#  187|                   goto err;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def157]
openssl-3.5.4/providers/fips/self_test_kats.c:191:18: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/fips/self_test_kats.c:216:29: enter_function: entry to 'kat_params_to_ossl_params'
openssl-3.5.4/providers/fips/self_test_kats.c:225:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:227:11: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:228:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/fips/self_test_kats.c:232:12: branch_true: following 'true' branch (when 'pms' is non-NULL)...
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: branch_true: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: call_function: calling 'add_params' from 'kat_params_to_ossl_params'
#  189|           }
#  190|           case OSSL_PARAM_INTEGER: {
#  191|->             if (!OSSL_PARAM_BLD_push_int(bld, p->name, *(int *)p->data))
#  192|                   goto err;
#  193|               break;

Error: COMPILER_WARNING (CWE-1164): [#def158]
openssl-3.5.4/providers/fips/self_test_kats.c:943:12: warning[-Wunused-function]: 'self_test_asym_ciphers' defined but not used
#  943 | static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
#      |            ^~~~~~~~~~~~~~~~~~~~~~
#  941|   }
#  942|   
#  943|-> static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
#  944|   {
#  945|       int i, ret = 1;

Error: CPPCHECK_WARNING (CWE-457): [#def159]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:146: error[legacyUninitvar]: Uninitialized variable: blocks[0].c
#  144|   
#  145|       /* ask for IVs in bulk */
#  146|->     if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4, 0) <= 0)
#  147|           return 0;
#  148|   

Error: GCC_ANALYZER_WARNING (CWE-121): [#def160]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:170:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:766:12: enter_function: entry to 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:769:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
#  168|   
#  169|       for (i = 1; i < x4; i++) {
#  170|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  171|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  172|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def161]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:170:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:766:12: enter_function: entry to 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:769:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
#  168|   
#  169|       for (i = 1; i < x4; i++) {
#  170|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  171|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  172|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def162]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:171:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:766:12: enter_function: entry to 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:769:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
#  169|       for (i = 1; i < x4; i++) {
#  170|           ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  171|->         ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  172|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  173|           memcpy(ciph_d[i].iv, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def163]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:173:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:766:12: enter_function: entry to 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:769:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
#  171|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  172|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  173|->         memcpy(ciph_d[i].iv, IVs, 16);
#  174|           IVs += 16;
#  175|       }

Error: CPPCHECK_WARNING (CWE-758): [#def164]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:609: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  607|                       c = p[j];
#  608|                       cmask =
#  609|->                         ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) *
#  610|                                                                    8 - 1);
#  611|                       res |= (c ^ pad) & ~cmask; /* ... and padding */

Error: CPPCHECK_WARNING (CWE-758): [#def165]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:612: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  610|                                                                    8 - 1);
#  611|                       res |= (c ^ pad) & ~cmask; /* ... and padding */
#  612|->                     cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
#  613|                       res |= (c ^ pmac->c[i]) & cmask;
#  614|                       i += 1 & cmask;

Error: CPPCHECK_WARNING (CWE-457): [#def166]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:150: error[legacyUninitvar]: Uninitialized variable: blocks[0].c
#  148|   
#  149|       /* ask for IVs in bulk */
#  150|->     if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4, 0) <= 0)
#  151|           return 0;
#  152|   

Error: GCC_ANALYZER_WARNING (CWE-121): [#def167]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:174:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:818:12: enter_function: entry to 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:821:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
#  172|   
#  173|       for (i = 1; i < x4; i++) {
#  174|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  175|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  176|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def168]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:174:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:818:12: enter_function: entry to 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:821:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
#  172|   
#  173|       for (i = 1; i < x4; i++) {
#  174|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  175|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  176|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def169]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:175:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:818:12: enter_function: entry to 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:821:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
#  173|       for (i = 1; i < x4; i++) {
#  174|           ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  175|->         ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  176|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  177|           memcpy(ciph_d[i].iv, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def170]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:177:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:818:12: enter_function: entry to 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:821:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
#  175|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  176|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  177|->         memcpy(ciph_d[i].iv, IVs, 16);
#  178|           IVs += 16;
#  179|       }

Error: CPPCHECK_WARNING (CWE-758): [#def171]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:663: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  661|                       c = p[j];
#  662|                       cmask =
#  663|->                         ((int)(j - off - SHA256_DIGEST_LENGTH)) >>
#  664|                           (sizeof(int) * 8 - 1);
#  665|                       res |= (c ^ pad) & ~cmask; /* ... and padding */

Error: CPPCHECK_WARNING (CWE-758): [#def172]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:666: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  664|                           (sizeof(int) * 8 - 1);
#  665|                       res |= (c ^ pad) & ~cmask; /* ... and padding */
#  666|->                     cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
#  667|                       res |= (c ^ pmac->c[i]) & cmask;
#  668|                       i += 1 & cmask;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def173]
openssl-3.5.4/providers/implementations/digests/blake2b_prov.c:234:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'm[1]'
openssl-3.5.4/providers/implementations/digests/blake2b_prov.c:185:17: branch_true: following 'true' branch (when 'i != 8')...
openssl-3.5.4/providers/implementations/digests/blake2b_prov.c:186:16: branch_true: ...to here
openssl-3.5.4/providers/implementations/digests/blake2b_prov.c:190:21: branch_true: following 'true' branch (when 'i != 16')...
openssl-3.5.4/providers/implementations/digests/blake2b_prov.c:191:36: branch_true: ...to here
openssl-3.5.4/providers/implementations/digests/blake2b_prov.c:190:21: branch_false: following 'false' branch (when 'i == 16')...
openssl-3.5.4/providers/implementations/digests/blake2b_prov.c:195:9: branch_false: ...to here
openssl-3.5.4/providers/implementations/digests/blake2b_prov.c:234:9: danger: use of uninitialized value 'm[1]' here
#  232|           }
#  233|   #else
#  234|->         ROUND(0);
#  235|           ROUND(1);
#  236|           ROUND(2);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def174]
openssl-3.5.4/providers/implementations/digests/blake2s_prov.c:224:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'm[1]'
openssl-3.5.4/providers/implementations/digests/blake2s_prov.c:175:17: branch_true: following 'true' branch (when 'i != 8')...
openssl-3.5.4/providers/implementations/digests/blake2s_prov.c:176:16: branch_true: ...to here
openssl-3.5.4/providers/implementations/digests/blake2s_prov.c:180:21: branch_true: following 'true' branch (when 'i != 16')...
openssl-3.5.4/providers/implementations/digests/blake2s_prov.c:181:36: branch_true: ...to here
openssl-3.5.4/providers/implementations/digests/blake2s_prov.c:180:21: branch_false: following 'false' branch (when 'i == 16')...
openssl-3.5.4/providers/implementations/digests/blake2s_prov.c:185:9: branch_false: ...to here
openssl-3.5.4/providers/implementations/digests/blake2s_prov.c:224:9: danger: use of uninitialized value 'm[1]' here
#  222|           }
#  223|   #else
#  224|->         ROUND(0);
#  225|           ROUND(1);
#  226|           ROUND(2);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def175]
openssl-3.5.4/providers/implementations/kdfs/argon2.c:884:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '&outbuf'
openssl-3.5.4/providers/implementations/kdfs/argon2.c:861:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/implementations/kdfs/argon2.c:865:5: branch_false: ...to here
openssl-3.5.4/providers/implementations/kdfs/argon2.c:867:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/implementations/kdfs/argon2.c:870:17: branch_false: ...to here
openssl-3.5.4/providers/implementations/kdfs/argon2.c:874:11: branch_true: following 'true' branch...
openssl-3.5.4/providers/implementations/kdfs/argon2.c:875:12: branch_true: ...to here
openssl-3.5.4/providers/implementations/kdfs/argon2.c:874:11: branch_true: following 'true' branch...
openssl-3.5.4/providers/implementations/kdfs/argon2.c:876:12: branch_true: ...to here
openssl-3.5.4/providers/implementations/kdfs/argon2.c:874:11: branch_true: following 'true' branch...
openssl-3.5.4/providers/implementations/kdfs/argon2.c:877:12: branch_true: ...to here
openssl-3.5.4/providers/implementations/kdfs/argon2.c:874:11: branch_true: following 'true' branch...
openssl-3.5.4/providers/implementations/kdfs/argon2.c:883:8: branch_true: ...to here
openssl-3.5.4/providers/implementations/kdfs/argon2.c:883:8: branch_true: following 'true' branch (when 'outlen > 64')...
openssl-3.5.4/providers/implementations/kdfs/argon2.c:884:9: branch_true: ...to here
openssl-3.5.4/providers/implementations/kdfs/argon2.c:884:9: danger: use of uninitialized value '&outbuf' here
#  882|   
#  883|       if (outlen > BLAKE2B_OUTBYTES) {
#  884|->         memcpy(out, outbuf, BLAKE2B_OUTBYTES / 2);
#  885|           out += BLAKE2B_OUTBYTES / 2;
#  886|           outlen_curr = (uint32_t) outlen - BLAKE2B_OUTBYTES / 2;

Error: CPPCHECK_WARNING (CWE-758): [#def176]
openssl-3.5.4/providers/implementations/keymgmt/ml_kem_kmgmt.c:347: error[ctuPointerArith]: Pointer arithmetic overflow; 'seed' buffer size is 64
#  345|       size_t zlen = ML_KEM_RANDOM_BYTES;
#  346|   
#  347|->     if (memcmp(seed + ML_KEM_SEED_BYTES - zlen,
#  348|                  prvenc + key->vinfo->prvkey_bytes - zlen, zlen) == 0)
#  349|           return 1;

Error: CPPCHECK_WARNING (CWE-476): [#def177]
openssl-3.5.4/providers/implementations/keymgmt/ml_kem_kmgmt.c:525: error[nullPointer]: Null pointer dereference: key
#  523|               goto err;
#  524|           /* Generate the key now, if it holds only a stashed seed. */
#  525|->         if (ossl_ml_kem_have_seed(key)
#  526|               && (encoded_dk == NULL
#  527|                   || (key->prov_flags & ML_KEM_KEY_PREFER_SEED))) {

Error: CPPCHECK_WARNING (CWE-457): [#def178]
openssl-3.5.4/providers/implementations/signature/dsa_sig.c:404: warning[uninitvar]: Uninitialized variable: digest
#  402|       }
#  403|   
#  404|->     return dsa_sign_directly(vpdsactx, sig, siglen, sigsize, digest, dlen);
#  405|   }
#  406|   

Error: CPPCHECK_WARNING (CWE-457): [#def179]
openssl-3.5.4/providers/implementations/signature/rsa_sig.c:882: warning[uninitvar]: Uninitialized variable: digest
#  880|       }
#  881|   
#  882|->     return rsa_sign_directly(prsactx, sig, siglen, sigsize, digest, dlen);
#  883|   }
#  884|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def180]
openssl-3.5.4/providers/legacyprov.c:285:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/legacyprov.c:284:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/legacyprov.c:285:5: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  283|   
#  284|       va_start(args, fmt);
#  285|->     c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
#  286|       va_end(args);
#  287|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def181]
openssl-3.5.4/ssl/quic/quic_impl.c:137:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/ssl/quic/quic_impl.c:3859:12: enter_function: entry to 'wait_for_incoming_stream'
openssl-3.5.4/ssl/quic/quic_impl.c:3867:9: call_function: calling 'quic_raise_non_normal_error' from 'wait_for_incoming_stream'
#  135|   
#  136|       va_start(args, fmt);
#  137|->     ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
#  138|       va_end(args);
#  139|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def182]
openssl-3.5.4/ssl/quic/quic_reactor_wait_ctx.c:37:11: warning[-Wanalyzer-null-dereference]: dereference of NULL 'slot'
openssl-3.5.4/ssl/quic/quic_reactor_wait_ctx.c:64:6: enter_function: entry to 'ossl_quic_reactor_wait_ctx_leave'
openssl-3.5.4/ssl/quic/quic_reactor_wait_ctx.c:69:5: branch_false: following 'false' branch (when 'slot' is NULL)...
openssl-3.5.4/ssl/quic/quic_reactor_wait_ctx.c:74:5: branch_false: ...to here
openssl-3.5.4/ssl/quic/quic_reactor_wait_ctx.c:74:5: call_function: calling 'slot_deactivate' from 'ossl_quic_reactor_wait_ctx_leave'
#   35|       assert(slot->blocking_count > 0);
#   36|   
#   37|->     if (--slot->blocking_count > 0)
#   38|           return;
#   39|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def183]
openssl-3.5.4/ssl/quic/quic_record_shared.c:49:13: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.4/ssl/quic/quic_record_shared.c:44:5: enter_function: entry to 'ossl_qrl_enc_level_set_have_el'
openssl-3.5.4/ssl/quic/quic_record_shared.c:47:30: call_function: calling 'ossl_qrl_enc_level_set_get' from 'ossl_qrl_enc_level_set_have_el'
openssl-3.5.4/ssl/quic/quic_record_shared.c:47:30: return_function: returning to 'ossl_qrl_enc_level_set_have_el' from 'ossl_qrl_enc_level_set_get'
openssl-3.5.4/ssl/quic/quic_record_shared.c:49:13: danger: dereference of NULL 'ossl_qrl_enc_level_set_get(els,  enc_level, 0)'
#   47|       OSSL_QRL_ENC_LEVEL *el = ossl_qrl_enc_level_set_get(els, enc_level, 0);
#   48|   
#   49|->     switch (el->state) {
#   50|           case QRL_EL_STATE_UNPROV:
#   51|               return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def184]
openssl-3.5.4/ssl/quic/quic_record_shared.c:90:10: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.4/ssl/quic/quic_record_shared.c:84:13: enter_function: entry to 'el_teardown_keyslot'
openssl-3.5.4/ssl/quic/quic_record_shared.c:88:30: call_function: calling 'ossl_qrl_enc_level_set_get' from 'el_teardown_keyslot'
openssl-3.5.4/ssl/quic/quic_record_shared.c:88:30: return_function: returning to 'el_teardown_keyslot' from 'ossl_qrl_enc_level_set_get'
openssl-3.5.4/ssl/quic/quic_record_shared.c:90:10: danger: dereference of NULL 'ossl_qrl_enc_level_set_get(els,  enc_level, 0)'
#   88|       OSSL_QRL_ENC_LEVEL *el = ossl_qrl_enc_level_set_get(els, enc_level, 0);
#   89|   
#   90|->     if (!ossl_qrl_enc_level_set_has_keyslot(els, enc_level, el->state, keyslot))
#   91|           return;
#   92|   

Error: CPPCHECK_WARNING (CWE-476): [#def185]
openssl-3.5.4/ssl/quic/quic_record_tx.c:42: error[ctunullpointer]: Null pointer dereference: elem
#   40|   };
#   41|   
#   42|-> DEFINE_LIST_OF(txe, TXE);
#   43|   typedef OSSL_LIST(txe) TXE_LIST;
#   44|   

Error: CPPCHECK_WARNING (CWE-476): [#def186]
openssl-3.5.4/ssl/quic/quic_record_tx.c:42: error[ctunullpointer]: Null pointer dereference: list
#   40|   };
#   41|   
#   42|-> DEFINE_LIST_OF(txe, TXE);
#   43|   typedef OSSL_LIST(txe) TXE_LIST;
#   44|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def187]
openssl-3.5.4/ssl/quic/quic_record_tx.c:42:1: warning[-Wanalyzer-null-dereference]: dereference of NULL 'list'
openssl-3.5.4/ssl/quic/quic_record_tx.c:793:5: enter_function: entry to 'ossl_qtx_write_pkt'
openssl-3.5.4/ssl/quic/quic_record_tx.c:802:8: branch_false: following 'false' branch...
openssl-3.5.4/ssl/quic/quic_record_tx.c:805:49: branch_false: ...to here
openssl-3.5.4/ssl/quic/quic_record_tx.c:810:13: branch_false: following 'false' branch...
openssl-3.5.4/ssl/quic/quic_record_tx.c:811:19: branch_false: ...to here
openssl-3.5.4/ssl/quic/quic_record_tx.c:810:14: branch_false: following 'false' branch...
openssl-3.5.4/ssl/quic/quic_record_tx.c:816:23: branch_false: ...to here
openssl-3.5.4/ssl/quic/quic_record_tx.c:833:12: branch_false: following 'false' branch...
openssl-3.5.4/ssl/quic/quic_record_tx.c:840:14: branch_false: ...to here
openssl-3.5.4/ssl/quic/quic_record_tx.c:840:14: call_function: inlined call to 'qtx_reserve_txe' from 'ossl_qtx_write_pkt'
#   40|   };
#   41|   
#   42|-> DEFINE_LIST_OF(txe, TXE);
#   43|   typedef OSSL_LIST(txe) TXE_LIST;
#   44|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def188]
openssl-3.5.4/ssl/quic/quic_tls_api.c:202:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sc'
openssl-3.5.4/ssl/quic/quic_tls_api.c:195:26: branch_false: following 'false' branch (when 's' is NULL)...
openssl-3.5.4/ssl/quic/quic_tls_api.c:197:10: branch_false: ...to here
openssl-3.5.4/ssl/quic/quic_tls_api.c:197:8: branch_false: following 'false' branch...
openssl-3.5.4/ssl/quic/quic_tls_api.c:202:9: branch_false: ...to here
openssl-3.5.4/ssl/quic/quic_tls_api.c:202:9: danger: dereference of NULL 'sc'
#  200|       }
#  201|   
#  202|->     if (sc->qtls == NULL) {
#  203|           ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
#  204|           return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def189]
openssl-3.5.4/ssl/record/methods/ktls_meth.c:225:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'eiv'
openssl-3.5.4/ssl/record/methods/ktls_meth.c:188:8: branch_false: following 'false' branch...
openssl-3.5.4/ssl/record/methods/ktls_meth.c:189:16: branch_false: ...to here
openssl-3.5.4/ssl/record/methods/ktls_meth.c:188:9: branch_false: following 'false' branch...
openssl-3.5.4/ssl/record/methods/ktls_meth.c:213:5: branch_false: ...to here
openssl-3.5.4/ssl/record/methods/ktls_meth.c:225:9: danger: dereference of NULL 'eiv'
#  223|           crypto_info->gcm128.info.version = version;
#  224|           crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm128);
#  225|->         memcpy(crypto_info->gcm128.iv, eiv, TLS_CIPHER_AES_GCM_128_IV_SIZE);
#  226|           memcpy(crypto_info->gcm128.salt, iv, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
#  227|           memcpy(crypto_info->gcm128.key, key, keylen);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def190]
openssl-3.5.4/ssl/record/methods/ktls_meth.c:242:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'eiv'
openssl-3.5.4/ssl/record/methods/ktls_meth.c:188:8: branch_false: following 'false' branch...
openssl-3.5.4/ssl/record/methods/ktls_meth.c:189:16: branch_false: ...to here
openssl-3.5.4/ssl/record/methods/ktls_meth.c:188:9: branch_false: following 'false' branch...
openssl-3.5.4/ssl/record/methods/ktls_meth.c:213:5: branch_false: ...to here
openssl-3.5.4/ssl/record/methods/ktls_meth.c:242:9: danger: dereference of NULL 'eiv'
#  240|           crypto_info->gcm256.info.version = version;
#  241|           crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm256);
#  242|->         memcpy(crypto_info->gcm256.iv, eiv, TLS_CIPHER_AES_GCM_256_IV_SIZE);
#  243|           memcpy(crypto_info->gcm256.salt, iv, TLS_CIPHER_AES_GCM_256_SALT_SIZE);
#  244|           memcpy(crypto_info->gcm256.key, key, keylen);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def191]
openssl-3.5.4/ssl/record/methods/ktls_meth.c:260:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'eiv'
openssl-3.5.4/ssl/record/methods/ktls_meth.c:188:8: branch_false: following 'false' branch...
openssl-3.5.4/ssl/record/methods/ktls_meth.c:189:16: branch_false: ...to here
openssl-3.5.4/ssl/record/methods/ktls_meth.c:188:9: branch_false: following 'false' branch...
openssl-3.5.4/ssl/record/methods/ktls_meth.c:213:5: branch_false: ...to here
openssl-3.5.4/ssl/record/methods/ktls_meth.c:260:9: danger: dereference of NULL 'eiv'
#  258|           crypto_info->ccm128.info.version = version;
#  259|           crypto_info->tls_crypto_info_len = sizeof(crypto_info->ccm128);
#  260|->         memcpy(crypto_info->ccm128.iv, eiv, TLS_CIPHER_AES_CCM_128_IV_SIZE);
#  261|           memcpy(crypto_info->ccm128.salt, iv, TLS_CIPHER_AES_CCM_128_SALT_SIZE);
#  262|           memcpy(crypto_info->ccm128.key, key, keylen);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def192]
openssl-3.5.4/ssl/record/methods/tls_common.c:54:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/ssl/record/methods/tls_common.c:53:5: acquire_resource: 'va_start' called here
openssl-3.5.4/ssl/record/methods/tls_common.c:54:5: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   52|   
#   53|       va_start(args, fmt);
#   54|->     ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
#   55|       va_end(args);
#   56|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def193]
openssl-3.5.4/ssl/record/rec_layer_s3.c:673:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.4/ssl/record/rec_layer_s3.c:633:9: branch_false: following 'false' branch...
openssl-3.5.4/ssl/record/rec_layer_s3.c:641:8: branch_false: ...to here
openssl-3.5.4/ssl/record/rec_layer_s3.c:671:8: branch_true: following 'true' branch...
openssl-3.5.4/ssl/record/rec_layer_s3.c:673:13: danger: dereference of NULL 's'
#  671|       if (!ossl_statem_get_in_handshake(s) && SSL_in_init(ssl)) {
#  672|           /* type == SSL3_RT_APPLICATION_DATA */
#  673|->         i = s->handshake_func(ssl);
#  674|           /* SSLfatal() already called */
#  675|           if (i < 0)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def194]
openssl-3.5.4/ssl/record/rec_layer_s3.c:681:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.4/ssl/record/rec_layer_s3.c:633:9: branch_false: following 'false' branch...
openssl-3.5.4/ssl/record/rec_layer_s3.c:641:8: branch_false: ...to here
openssl-3.5.4/ssl/record/rec_layer_s3.c:681:5: danger: dereference of NULL 's'
#  679|       }
#  680|    start:
#  681|->     s->rwstate = SSL_NOTHING;
#  682|   
#  683|       /*-

Error: COMPILER_WARNING: [#def195]
openssl-3.5.4/ssl/ssl_ciph.c:12:9: warning: '_GNU_SOURCE' redefined
#   12 | #define _GNU_SOURCE
#      |         ^~~~~~~~~~~
<command-line>: note: this is the location of the previous definition
#   10|    */
#   11|   
#   12|-> #define _GNU_SOURCE
#   13|   #include <stdio.h>
#   14|   #include <ctype.h>

Error: COMPILER_WARNING: [#def196]
openssl-3.5.4/ssl/ssl_ciph.c:12:9: warning[warning]: '_GNU_SOURCE' redefined
#   10|    */
#   11|   
#   12|-> #define _GNU_SOURCE
#   13|   #include <stdio.h>
#   14|   #include <ctype.h>

Error: GCC_ANALYZER_WARNING (CWE-476): [#def197]
openssl-3.5.4/ssl/ssl_lib.c:995:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.4/ssl/ssl_lib.c:992:26: branch_false: following 'false' branch (when 's' is NULL)...
openssl-3.5.4/ssl/ssl_lib.c:995:9: branch_false: ...to here
openssl-3.5.4/ssl/ssl_lib.c:995:9: danger: dereference of NULL 's'
#  993|   
#  994|   #ifndef OPENSSL_NO_QUIC
#  995|->     if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
#  996|           return 0;
#  997|   #endif

Error: GCC_ANALYZER_WARNING (CWE-476): [#def198]
openssl-3.5.4/ssl/ssl_lib.c:1010:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.4/ssl/ssl_lib.c:1007:26: branch_false: following 'false' branch (when 's' is NULL)...
openssl-3.5.4/ssl/ssl_lib.c:1010:9: branch_false: ...to here
openssl-3.5.4/ssl/ssl_lib.c:1010:9: danger: dereference of NULL 's'
# 1008|   
# 1009|   #ifndef OPENSSL_NO_QUIC
# 1010|->     if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
# 1011|           return 0;
# 1012|   #endif

Error: GCC_ANALYZER_WARNING (CWE-476): [#def199]
openssl-3.5.4/ssl/ssl_lib.c:1755:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.4/ssl/ssl_lib.c:1750:5: enter_function: entry to 'SSL_set_wfd'
openssl-3.5.4/ssl/ssl_lib.c:1752:17: call_function: calling 'SSL_get_rbio' from 'SSL_set_wfd'
openssl-3.5.4/ssl/ssl_lib.c:1752:17: return_function: returning to 'SSL_set_wfd' from 'SSL_get_rbio'
openssl-3.5.4/ssl/ssl_lib.c:1753:24: branch_false: following 'false' branch (when 's' is NULL)...
 branch_false: ...to here
openssl-3.5.4/ssl/ssl_lib.c:1755:9: danger: dereference of NULL 's'
# 1753|       int desired_type = IS_QUIC(s) ? BIO_TYPE_DGRAM : BIO_TYPE_SOCKET;
# 1754|   
# 1755|->     if (s->type == SSL_TYPE_QUIC_XSO) {
# 1756|           ERR_raise(ERR_LIB_SSL, SSL_R_CONN_USE_ONLY);
# 1757|           return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def200]
openssl-3.5.4/ssl/ssl_lib.c:1792:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.4/ssl/ssl_lib.c:1787:5: enter_function: entry to 'SSL_set_rfd'
openssl-3.5.4/ssl/ssl_lib.c:1789:17: call_function: calling 'SSL_get_wbio' from 'SSL_set_rfd'
openssl-3.5.4/ssl/ssl_lib.c:1789:17: return_function: returning to 'SSL_set_rfd' from 'SSL_get_wbio'
openssl-3.5.4/ssl/ssl_lib.c:1790:24: branch_false: following 'false' branch (when 's' is NULL)...
 branch_false: ...to here
openssl-3.5.4/ssl/ssl_lib.c:1792:9: danger: dereference of NULL 's'
# 1790|       int desired_type = IS_QUIC(s) ? BIO_TYPE_DGRAM : BIO_TYPE_SOCKET;
# 1791|   
# 1792|->     if (s->type == SSL_TYPE_QUIC_XSO) {
# 1793|           ERR_raise(ERR_LIB_SSL, SSL_R_CONN_USE_ONLY);
# 1794|           return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def201]
openssl-3.5.4/ssl/ssl_lib.c:5026:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sc'
openssl-3.5.4/ssl/ssl_lib.c:5016:26: branch_false: following 'false' branch (when 's' is NULL)...
openssl-3.5.4/ssl/ssl_lib.c:5026:5: branch_false: ...to here
openssl-3.5.4/ssl/ssl_lib.c:5026:5: danger: dereference of NULL 'sc'
# 5024|   #endif
# 5025|   
# 5026|->     sc->server = 1;
# 5027|       sc->shutdown = 0;
# 5028|       ossl_statem_clear(sc);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def202]
openssl-3.5.4/ssl/ssl_lib.c:5046:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sc'
openssl-3.5.4/ssl/ssl_lib.c:5036:26: branch_false: following 'false' branch (when 's' is NULL)...
openssl-3.5.4/ssl/ssl_lib.c:5046:5: branch_false: ...to here
openssl-3.5.4/ssl/ssl_lib.c:5046:5: danger: dereference of NULL 'sc'
# 5044|   #endif
# 5045|   
# 5046|->     sc->server = 0;
# 5047|       sc->shutdown = 0;
# 5048|       ossl_statem_clear(sc);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def203]
openssl-3.5.4/ssl/ssl_lib.c:5104:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.4/ssl/ssl_lib.c:5100:32: branch_false: following 'false' branch (when 's' is NULL)...
openssl-3.5.4/ssl/ssl_lib.c:5104:9: branch_false: ...to here
openssl-3.5.4/ssl/ssl_lib.c:5104:9: danger: dereference of NULL 's'
# 5102|   #ifndef OPENSSL_NO_QUIC
# 5103|       /* We only support QUICv1 - so if its QUIC its QUICv1 */
# 5104|->     if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
# 5105|           return "QUICv1";
# 5106|   #endif

Error: GCC_ANALYZER_WARNING (CWE-476): [#def204]
openssl-3.5.4/ssl/ssl_lib.c:5466:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.4/ssl/ssl_lib.c:5462:32: branch_false: following 'false' branch (when 's' is NULL)...
openssl-3.5.4/ssl/ssl_lib.c:5466:9: branch_false: ...to here
openssl-3.5.4/ssl/ssl_lib.c:5466:9: danger: dereference of NULL 's'
# 5464|   #ifndef OPENSSL_NO_QUIC
# 5465|       /* We only support QUICv1 - so if its QUIC its QUICv1 */
# 5466|->     if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
# 5467|           return OSSL_QUIC1_VERSION;
# 5468|   #endif

Error: GCC_ANALYZER_WARNING (CWE-476): [#def205]
openssl-3.5.4/ssl/ssl_lib.c:5481:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.4/ssl/ssl_lib.c:5477:32: branch_false: following 'false' branch (when 's' is NULL)...
openssl-3.5.4/ssl/ssl_lib.c:5481:9: branch_false: ...to here
openssl-3.5.4/ssl/ssl_lib.c:5481:9: danger: dereference of NULL 's'
# 5479|   #ifndef OPENSSL_NO_QUIC
# 5480|       /* We only support QUICv1 - so if its QUIC its QUICv1 */
# 5481|->     if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
# 5482|           return OSSL_QUIC1_VERSION;
# 5483|   #endif

Error: CPPCHECK_WARNING (CWE-476): [#def206]
openssl-3.5.4/ssl/ssl_rsa.c:990: warning[nullPointer]: Possible null pointer dereference: ctx
#  988|           return 0;
#  989|   
#  990|->     c = sc != NULL ? sc->cert : ctx->cert;
#  991|       /* Do all security checks before anything else */
#  992|       rv = ssl_security_cert(sc, ctx, x509, 0, 1);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def207]
openssl-3.5.4/ssl/statem/statem.c:170:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/ssl/statem/statem.c:807:25: enter_function: entry to 'write_state_machine'
openssl-3.5.4/ssl/statem/statem.c:962:13: call_function: calling 'ossl_statem_fatal' from 'write_state_machine'
#  168|   
#  169|       va_start(args, fmt);
#  170|->     ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
#  171|       va_end(args);
#  172|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def208]
openssl-3.5.4/ssl/t1_lib.c:4774:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'lu'
openssl-3.5.4/ssl/t1_lib.c:4657:12: branch_false: following 'false' branch...
openssl-3.5.4/ssl/t1_lib.c:4659:14: branch_false: ...to here
openssl-3.5.4/ssl/t1_lib.c:4662:12: branch_true: following 'true' branch...
openssl-3.5.4/ssl/t1_lib.c:4664:17: branch_true: ...to here
openssl-3.5.4/ssl/t1_lib.c:4664:16: branch_true: following 'true' branch...
openssl-3.5.4/ssl/t1_lib.c:4666:26: branch_true: ...to here
openssl-3.5.4/ssl/t1_lib.c:4669:20: branch_false: following 'false' branch...
openssl-3.5.4/ssl/t1_lib.c:4677:17: branch_false: ...to here
openssl-3.5.4/ssl/t1_lib.c:4677:29: branch_false: following 'false' branch...
openssl-3.5.4/ssl/t1_lib.c:4711:26: branch_false: ...to here
openssl-3.5.4/ssl/t1_lib.c:4726:20: branch_false: following 'false' branch...
openssl-3.5.4/ssl/t1_lib.c:4773:8: branch_false: ...to here
openssl-3.5.4/ssl/t1_lib.c:4773:8: branch_true: following 'true' branch (when 'sig_idx == -1')...
openssl-3.5.4/ssl/t1_lib.c:4774:9: branch_true: ...to here
openssl-3.5.4/ssl/t1_lib.c:4774:9: danger: dereference of NULL 'lu'
# 4772|       }
# 4773|       if (sig_idx == -1)
# 4774|->         sig_idx = lu->sig_idx;
# 4775|       s->s3.tmp.cert = &s->cert->pkeys[sig_idx];
# 4776|       s->cert->key = s->s3.tmp.cert;

Scan Properties