policycoreutils-3.9-5.fc44

List of Findings

Error: SHELLCHECK_WARNING (CWE-156): [#def1]
/usr/bin/fixfiles:46:7: warning[SC2046]: Quote this to prevent word splitting.
#   44|   FS="`cat /proc/self/mounts | sort | uniq | awk '{print $2}'`"
#   45|   for i in $FS; do
#   46|-> 	if [ `useseclabel` -ge 0 ]
#   47|   	then
#   48|   		grep -F " $i " /proc/self/mounts | awk '{print $4}' | grep -E --silent '(^|,)seclabel(,|$)' && echo $i

Error: SHELLCHECK_WARNING (CWE-569): [#def2]
/usr/bin/fixfiles:156:103: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems.
#  154|       LogReadOnly
#  155|       for m in `echo $FILESYSTEMSRW`; do
#  156|-> 	find $m -mount -newermt $DATE -print0 2>/dev/null | ${RESTORECON} ${FORCEFLAG} ${VERBOSE} ${THREADS} $* -i -0 -f -
#  157|       done;
#  158|   }

Error: SHELLCHECK_WARNING (CWE-477): [#def3]
/usr/bin/fixfiles:171:18: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
#  169|   LogExcluded
#  170|   
#  171|-> if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
#  172|   	TEMPFILE=`mktemp ${FC}.XXXXXXXXXX`
#  173|   	test -z "$TEMPFILE" && exit

Error: SHELLCHECK_WARNING (CWE-569): [#def4]
/usr/bin/fixfiles:200:66: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems.
#  198|   	       fi;
#  199|   	    done |
#  200|-> 	${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -i -R -f -;
#  201|   	rm -f ${TEMPFILE} ${PREFCTEMPFILE}
#  202|   fi

Error: SHELLCHECK_WARNING (CWE-569): [#def5]
/usr/bin/fixfiles:223:64: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems.
#  221|   	mkdir -p "${TMP_MOUNT}${m}" || exit 1
#  222|   	mount --bind "${m}" "${TMP_MOUNT}${m}" || exit 1
#  223|-> 	${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -q ${FC} -r "${TMP_MOUNT}" "${TMP_MOUNT}${m}"
#  224|   	umount "${TMP_MOUNT}${m}" || exit 1
#  225|   	rm -rf "${TMP_MOUNT}" || echo "Error cleaning up."

Error: SHELLCHECK_WARNING (CWE-569): [#def6]
/usr/bin/fixfiles:239:18: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems.
#  237|   # [-B | -N time ]
#  238|   if [ -n "$BOOTTIME" ]; then
#  239|-> 	newer $BOOTTIME $*
#  240|   	return
#  241|   fi

Error: SHELLCHECK_WARNING (CWE-569): [#def7]
/usr/bin/fixfiles:245:19: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems.
#  243|   # -C PREVIOUS_FILECONTEXT
#  244|   if [ "$RESTORE_MODE" == PREFC ]; then
#  245|-> 	diff_filecontext $*
#  246|   	return
#  247|   fi

Error: SHELLCHECK_WARNING (CWE-569): [#def8]
/usr/bin/fixfiles:257:83: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems.
#  255|       RPMFILES)
#  256|   	for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
#  257|-> 	    rpmlist $i | ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -i -R -f -
#  258|   	done
#  259|       ;;

Error: SHELLCHECK_WARNING (CWE-569): [#def9]
/usr/bin/fixfiles:261:66: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems.
#  259|       ;;
#  260|       FILEPATH)
#  261|-> 	${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -R -- "$FILEPATH"
#  262|       ;;
#  263|       *)

Error: SHELLCHECK_WARNING (CWE-569): [#def10]
/usr/bin/fixfiles:269:61: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems.
#  267|   
#  268|   	    if [ -z "$BIND_MOUNT_FILESYSTEMS" ]; then
#  269|-> 	        ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${THREADS} ${FC} ${FILESYSTEMSRW}
#  270|   	    else
#  271|   	        # we bind mount so we can fix the labels of files that have already been

Error: SHELLCHECK_WARNING (CWE-569): [#def11]
/usr/bin/fixfiles:280:43: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems.
#  278|   	            else
#  279|   	                trap umount_TMP_MOUNT EXIT
#  280|-> 	                fix_labels_on_mountpoint $*
#  281|   	                trap EXIT
#  282|   	            fi

Error: SHELLCHECK_WARNING (CWE-477): [#def12]
/usr/bin/fixfiles:313:29: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
#  311|   
#  312|   relabel() {
#  313|->     if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then
#  314|   	usage
#  315|   	exit 1

Error: SHELLCHECK_WARNING (CWE-477): [#def13]
/usr/bin/fixfiles:330:24: warning[SC2166]: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined.
#  328|       Do you wish to clean out the /tmp directory [N]? "
#  329|       read answer
#  330|->     if [ "$answer" = y -o  "$answer" = Y ]; then
#  331|   	fullrelabel
#  332|       else

Error: SHELLCHECK_WARNING (CWE-477): [#def14]
/usr/bin/fixfiles:347:26: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
#  345|       relabel) relabel;;
#  346|       onboot)
#  347|-> 	if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then
#  348|   	    usage
#  349|   	    exit 1

Error: SHELLCHECK_WARNING (CWE-569): [#def15]
/usr/bin/fixfiles:351:2: warning[SC2188]: This redirection doesn't have a command. Move to its command (or use 'true' as no-op).
#  349|   	    exit 1
#  350|   	fi
#  351|-> 	> /.autorelabel || exit $?
#  352|   	[ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel
#  353|   	[ -z "$BOOTTIME" ] || echo -n "-N $BOOTTIME " >> /.autorelabel

Error: SHELLCHECK_WARNING (CWE-156): [#def16]
/usr/libexec/selinux/selinux-autorelabel:77:16: warning[SC2046]: Quote this to prevent word splitting.
#   75|   # Check to see if a full relabel is needed
#   76|   if [ "$READONLY" != "yes" ]; then
#   77|->     restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) >/dev/null 2>&1
#   78|       relabel_selinux
#   79|   fi

Error: SHELLCHECK_WARNING (CWE-571): [#def17]
/usr/share/sandbox/sandboxX.sh:4:8: warning[SC2155]: Declare and assign separately to avoid masking return values.
#    2|   trap "" TERM
#    3|   context=`id -Z | secon -t -l -P`
#    4|-> export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
#    5|   [ -z $1 ] && export WAYLAND_NATIVE="no" || export WAYLAND_NATIVE="$1"
#    6|   [ -z $2 ] && export SCREENSIZE="1000x700" || export SCREENSIZE="$2"

Error: GCC_ANALYZER_WARNING (CWE-775): [#def18]
selinux-3.9/policycoreutils/hll/pp/pp.c:123:14: warning[-Wanalyzer-file-leak]: leak of FILE ‘in’
selinux-3.9/policycoreutils/hll/pp/pp.c:83:16: branch_false: following ‘false’ branch (when ‘opt == -1’)...
selinux-3.9/policycoreutils/hll/pp/pp.c:93:13: branch_false: ...to here
selinux-3.9/policycoreutils/hll/pp/pp.c:93:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/hll/pp/pp.c:95:22: acquire_resource: opened here
selinux-3.9/policycoreutils/hll/pp/pp.c:96:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/hll/pp/pp.c:106:13: branch_false: ...to here
selinux-3.9/policycoreutils/hll/pp/pp.c:118:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/hll/pp/pp.c:123:14: branch_false: ...to here
selinux-3.9/policycoreutils/hll/pp/pp.c:123:14: danger: ‘in’ leaks here; was opened at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  121|   	}
#  122|   
#  123|-> 	rc = sepol_ppfile_to_module_package(in, &mod_pkg);
#  124|   	if (rc != 0) {
#  125|   		goto exit;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def19]
selinux-3.9/policycoreutils/hll/pp/pp.c:123:14: warning[-Wanalyzer-file-leak]: leak of FILE ‘out’
selinux-3.9/policycoreutils/hll/pp/pp.c:83:16: branch_false: following ‘false’ branch (when ‘opt == -1’)...
selinux-3.9/policycoreutils/hll/pp/pp.c:93:13: branch_false: ...to here
selinux-3.9/policycoreutils/hll/pp/pp.c:106:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/hll/pp/pp.c:108:23: acquire_resource: opened here
selinux-3.9/policycoreutils/hll/pp/pp.c:109:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/hll/pp/pp.c:118:13: branch_false: ...to here
selinux-3.9/policycoreutils/hll/pp/pp.c:118:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/hll/pp/pp.c:123:14: branch_false: ...to here
selinux-3.9/policycoreutils/hll/pp/pp.c:123:14: danger: ‘out’ leaks here; was opened at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  121|   	}
#  122|   
#  123|-> 	rc = sepol_ppfile_to_module_package(in, &mod_pkg);
#  124|   	if (rc != 0) {
#  125|   		goto exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def20]
selinux-3.9/policycoreutils/hll/pp/pp.c:123:14: warning[-Wanalyzer-malloc-leak]: leak of ‘in’
selinux-3.9/policycoreutils/hll/pp/pp.c:83:16: branch_false: following ‘false’ branch (when ‘opt == -1’)...
selinux-3.9/policycoreutils/hll/pp/pp.c:93:13: branch_false: ...to here
selinux-3.9/policycoreutils/hll/pp/pp.c:93:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/hll/pp/pp.c:95:22: acquire_memory: allocated here
selinux-3.9/policycoreutils/hll/pp/pp.c:96:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/hll/pp/pp.c:106:13: branch_false: ...to here
selinux-3.9/policycoreutils/hll/pp/pp.c:118:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/hll/pp/pp.c:123:14: branch_false: ...to here
selinux-3.9/policycoreutils/hll/pp/pp.c:123:14: danger: ‘in’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#  121|   	}
#  122|   
#  123|-> 	rc = sepol_ppfile_to_module_package(in, &mod_pkg);
#  124|   	if (rc != 0) {
#  125|   		goto exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
selinux-3.9/policycoreutils/hll/pp/pp.c:123:14: warning[-Wanalyzer-malloc-leak]: leak of ‘out’
selinux-3.9/policycoreutils/hll/pp/pp.c:83:16: branch_false: following ‘false’ branch (when ‘opt == -1’)...
selinux-3.9/policycoreutils/hll/pp/pp.c:93:13: branch_false: ...to here
selinux-3.9/policycoreutils/hll/pp/pp.c:106:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/hll/pp/pp.c:108:23: acquire_memory: allocated here
selinux-3.9/policycoreutils/hll/pp/pp.c:109:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/hll/pp/pp.c:118:13: branch_false: ...to here
selinux-3.9/policycoreutils/hll/pp/pp.c:118:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/hll/pp/pp.c:123:14: branch_false: ...to here
selinux-3.9/policycoreutils/hll/pp/pp.c:123:14: danger: ‘out’ leaks here; was allocated at [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
#  121|   	}
#  122|   
#  123|-> 	rc = sepol_ppfile_to_module_package(in, &mod_pkg);
#  124|   	if (rc != 0) {
#  125|   		goto exit;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def22]
selinux-3.9/policycoreutils/newrole/newrole.c:309:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen("/etc/selinux/newrole_pam.conf", "r")’
selinux-3.9/policycoreutils/newrole/newrole.c:305:15: acquire_resource: opened here
selinux-3.9/policycoreutils/newrole/newrole.c:306:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/newrole/newrole.c:309:13: branch_false: ...to here
selinux-3.9/policycoreutils/newrole/newrole.c:309:13: danger: ‘fopen("/etc/selinux/newrole_pam.conf", "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  307|   		return 0;	/* This configuration is optional. */
#  308|   	app_service_names =
#  309|-> 	    hashtab_create(reqsymhash, reqsymcmp, PAM_SERVICE_SLOTS);
#  310|   	if (!app_service_names)
#  311|   		goto err;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def23]
selinux-3.9/policycoreutils/newrole/newrole.c:309:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen("/etc/selinux/newrole_pam.conf", "r")’
selinux-3.9/policycoreutils/newrole/newrole.c:305:15: acquire_memory: allocated here
selinux-3.9/policycoreutils/newrole/newrole.c:306:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/newrole/newrole.c:309:13: branch_false: ...to here
selinux-3.9/policycoreutils/newrole/newrole.c:309:13: danger: ‘fopen("/etc/selinux/newrole_pam.conf", "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  307|   		return 0;	/* This configuration is optional. */
#  308|   	app_service_names =
#  309|-> 	    hashtab_create(reqsymhash, reqsymcmp, PAM_SERVICE_SLOTS);
#  310|   	if (!app_service_names)
#  311|   		goto err;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def24]
selinux-3.9/policycoreutils/newrole/newrole.c:734:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(ttyn, 2050)’
selinux-3.9/policycoreutils/newrole/newrole.c:719:12: branch_false: following ‘false’ branch (when ‘ttyn’ is non-NULL)...
selinux-3.9/policycoreutils/newrole/newrole.c:722:12: branch_false: ...to here
selinux-3.9/policycoreutils/newrole/newrole.c:722:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/newrole/newrole.c:728:14: branch_false: ...to here
selinux-3.9/policycoreutils/newrole/newrole.c:728:14: acquire_resource: opened here
selinux-3.9/policycoreutils/newrole/newrole.c:729:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/newrole/newrole.c:734:33: branch_false: ...to here
selinux-3.9/policycoreutils/newrole/newrole.c:734:33: danger: ‘open(ttyn, 2050)’ leaks here; was opened at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#  732|   	}
#  733|   	/* this craziness is to make sure we can't block on open and deadlock */
#  734|-> 	rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
#  735|   	if (rc) {
#  736|   		fprintf(stderr, _("Error!  Could not clear O_NONBLOCK on %s\n"), ttyn);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def25]
selinux-3.9/policycoreutils/sestatus/sestatus.c:80:22: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir("/proc")’
selinux-3.9/policycoreutils/sestatus/sestatus.c:70:21: acquire_memory: allocated here
selinux-3.9/policycoreutils/sestatus/sestatus.c:70:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/sestatus/sestatus.c:76:13: branch_false: ...to here
selinux-3.9/policycoreutils/sestatus/sestatus.c:80:22: danger: ‘opendir("/proc")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   78|   		command = p;
#   79|   
#   80|-> 	while ((de = readdir(dir)) != NULL) {
#   81|   		errno = 0;
#   82|   		pid = (int)strtol(de->d_name, (char **)NULL, 10);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def26]
selinux-3.9/policycoreutils/setfiles/setfiles.c:241:37: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(optarg, "r")’
selinux-3.9/policycoreutils/setfiles/setfiles.c:164:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setfiles/setfiles.c:168:27: branch_false: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:169:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setfiles/setfiles.c:173:16: branch_false: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:223:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
selinux-3.9/policycoreutils/setfiles/setfiles.c:224:17: branch_true: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:231:48: acquire_resource: opened here
selinux-3.9/policycoreutils/setfiles/setfiles.c:232:36: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setfiles/setfiles.c:238:33: branch_false: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:241:37: danger: ‘fopen(optarg, "r")’ leaks here; was opened at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  239|   					      FSETLOCKING_BYCALLER);
#  240|   
#  241|-> 				if (sepol_set_policydb_from_file(policystream)
#  242|   									< 0) {
#  243|   					fprintf(stderr,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def27]
selinux-3.9/policycoreutils/setfiles/setfiles.c:241:37: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(optarg, "r")’
selinux-3.9/policycoreutils/setfiles/setfiles.c:164:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setfiles/setfiles.c:168:27: branch_false: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:169:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setfiles/setfiles.c:173:16: branch_false: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:223:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
selinux-3.9/policycoreutils/setfiles/setfiles.c:224:17: branch_true: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:231:48: acquire_memory: allocated here
selinux-3.9/policycoreutils/setfiles/setfiles.c:232:36: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setfiles/setfiles.c:238:33: branch_false: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:241:37: danger: ‘fopen(optarg, "r")’ leaks here; was allocated at [(7)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/6)
#  239|   					      FSETLOCKING_BYCALLER);
#  240|   
#  241|-> 				if (sepol_set_policydb_from_file(policystream)
#  242|   									< 0) {
#  243|   					fprintf(stderr,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def28]
selinux-3.9/policycoreutils/setfiles/setfiles.c:452:31: warning[-Wanalyzer-file-leak]: leak of FILE ‘f’
selinux-3.9/policycoreutils/setfiles/setfiles.c:164:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setfiles/setfiles.c:168:27: branch_false: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:169:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setfiles/setfiles.c:173:16: branch_false: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:223:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
selinux-3.9/policycoreutils/setfiles/setfiles.c:224:17: branch_true: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:223:16: branch_false: following ‘false’ branch (when ‘opt <= 0’)...
selinux-3.9/policycoreutils/setfiles/setfiles.c:384:14: branch_false: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:425:19: branch_false: following ‘false’ branch (when ‘argc > 1’)...
selinux-3.9/policycoreutils/setfiles/setfiles.c:429:53: branch_false: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:430:37: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/setfiles/setfiles.c:430:9: branch_true: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:435:12: branch_true: following ‘true’ branch (when ‘use_input_file != 0’)...
selinux-3.9/policycoreutils/setfiles/setfiles.c:436:23: branch_true: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:440:20: branch_true: following ‘true’ branch (when the strings are non-equal)...
selinux-3.9/policycoreutils/setfiles/setfiles.c:441:29: branch_true: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:441:29: acquire_resource: opened here
selinux-3.9/policycoreutils/setfiles/setfiles.c:443:20: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
selinux-3.9/policycoreutils/setfiles/setfiles.c:449:17: branch_false: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:452:31: danger: ‘f’ leaks here; was opened at [(17)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/16)
#  450|   
#  451|   		delim = (null_terminated != 0) ? '\0' : '\n';
#  452|-> 		while ((len = getdelim(&buf, &buf_len, delim, f)) > 0) {
#  453|   			buf[len - 1] = 0;
#  454|   			if (!strcmp(buf, "/"))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def29]
selinux-3.9/policycoreutils/setfiles/setfiles.c:452:31: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
selinux-3.9/policycoreutils/setfiles/setfiles.c:164:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setfiles/setfiles.c:168:27: branch_false: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:169:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setfiles/setfiles.c:173:16: branch_false: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:223:16: branch_true: following ‘true’ branch (when ‘opt > 0’)...
selinux-3.9/policycoreutils/setfiles/setfiles.c:224:17: branch_true: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:223:16: branch_false: following ‘false’ branch (when ‘opt <= 0’)...
selinux-3.9/policycoreutils/setfiles/setfiles.c:384:14: branch_false: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:425:19: branch_false: following ‘false’ branch (when ‘argc > 1’)...
selinux-3.9/policycoreutils/setfiles/setfiles.c:429:53: branch_false: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:430:37: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/setfiles/setfiles.c:430:9: branch_true: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:435:12: branch_true: following ‘true’ branch (when ‘use_input_file != 0’)...
selinux-3.9/policycoreutils/setfiles/setfiles.c:436:23: branch_true: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:440:20: branch_true: following ‘true’ branch (when the strings are non-equal)...
selinux-3.9/policycoreutils/setfiles/setfiles.c:441:29: branch_true: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:441:29: acquire_memory: allocated here
selinux-3.9/policycoreutils/setfiles/setfiles.c:443:20: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
selinux-3.9/policycoreutils/setfiles/setfiles.c:449:17: branch_false: ...to here
selinux-3.9/policycoreutils/setfiles/setfiles.c:452:31: danger: ‘f’ leaks here; was allocated at [(17)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/16)
#  450|   
#  451|   		delim = (null_terminated != 0) ? '\0' : '\n';
#  452|-> 		while ((len = getdelim(&buf, &buf_len, delim, f)) > 0) {
#  453|   			buf[len - 1] = 0;
#  454|   			if (!strcmp(buf, "/"))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def30]
selinux-3.9/policycoreutils/setsebool/setsebool.c:99:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
selinux-3.9/policycoreutils/setsebool/setsebool.c:221:5: enter_function: entry to ‘setbool’
selinux-3.9/policycoreutils/setsebool/setsebool.c:229:12: branch_false: following ‘false’ branch (when ‘vallist’ is non-NULL)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:232:16: branch_true: following ‘true’ branch (when ‘i < end’)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:233:28: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:235:20: branch_false: following ‘false’ branch (when ‘value_ptr’ is non-NULL)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:241:17: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:258:35: acquire_memory: allocated here
selinux-3.9/policycoreutils/setsebool/setsebool.c:259:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:261:17: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:232:16: branch_false: following ‘false’ branch (when ‘i >= end’)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:13: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:273:21: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:273:21: call_function: calling ‘selinux_set_boolean_list’ from ‘setbool’
#   97|   {
#   98|   
#   99|-> 	if (security_set_boolean_list(boolcnt, boollist, 0)) {
#  100|   		if (errno == ENOENT)
#  101|   			fprintf(stderr, "Could not change active booleans: "

Error: GCC_ANALYZER_WARNING (CWE-401): [#def31]
selinux-3.9/policycoreutils/setsebool/setsebool.c:99:13: warning[-Wanalyzer-malloc-leak]: leak of ‘vallist’
selinux-3.9/policycoreutils/setsebool/setsebool.c:221:5: enter_function: entry to ‘setbool’
selinux-3.9/policycoreutils/setsebool/setsebool.c:228:31: acquire_memory: allocated here
selinux-3.9/policycoreutils/setsebool/setsebool.c:229:12: branch_false: following ‘false’ branch (when ‘vallist’ is non-NULL)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:232:16: branch_false: following ‘false’ branch (when ‘i >= end’)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:13: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:273:21: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:273:21: call_function: calling ‘selinux_set_boolean_list’ from ‘setbool’
#   97|   {
#   98|   
#   99|-> 	if (security_set_boolean_list(boolcnt, boollist, 0)) {
#  100|   		if (errno == ENOENT)
#  101|   			fprintf(stderr, "Could not change active booleans: "

Error: GCC_ANALYZER_WARNING (CWE-401): [#def32]
selinux-3.9/policycoreutils/setsebool/setsebool.c:128:23: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
selinux-3.9/policycoreutils/setsebool/setsebool.c:34:5: enter_function: entry to ‘main’
selinux-3.9/policycoreutils/setsebool/setsebool.c:38:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:62:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:70:24: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:70:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:74:20: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:74:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:78:23: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:80:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:85:31: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:86:22: call_function: calling ‘setbool’ from ‘main’
#  126|   	int managed;
#  127|   	int result;
#  128|-> 	int enabled = is_selinux_enabled();
#  129|   
#  130|   	handle = semanage_handle_create();

Error: GCC_ANALYZER_WARNING (CWE-401): [#def33]
selinux-3.9/policycoreutils/setsebool/setsebool.c:128:23: warning[-Wanalyzer-malloc-leak]: leak of ‘vallist’
selinux-3.9/policycoreutils/setsebool/setsebool.c:221:5: enter_function: entry to ‘setbool’
selinux-3.9/policycoreutils/setsebool/setsebool.c:228:31: acquire_memory: allocated here
selinux-3.9/policycoreutils/setsebool/setsebool.c:229:12: branch_false: following ‘false’ branch (when ‘vallist’ is non-NULL)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:232:16: branch_false: following ‘false’ branch (when ‘i >= end’)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:13: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:270:21: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:270:21: call_function: calling ‘semanage_set_boolean_list’ from ‘setbool’
#  126|   	int managed;
#  127|   	int result;
#  128|-> 	int enabled = is_selinux_enabled();
#  129|   
#  130|   	handle = semanage_handle_create();

Error: GCC_ANALYZER_WARNING (CWE-401): [#def34]
selinux-3.9/policycoreutils/setsebool/setsebool.c:130:18: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
selinux-3.9/policycoreutils/setsebool/setsebool.c:34:5: enter_function: entry to ‘main’
selinux-3.9/policycoreutils/setsebool/setsebool.c:38:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:62:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:70:24: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:70:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:74:20: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:74:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:78:23: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:80:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:85:31: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:86:22: call_function: calling ‘setbool’ from ‘main’
#  128|   	int enabled = is_selinux_enabled();
#  129|   
#  130|-> 	handle = semanage_handle_create();
#  131|   	if (handle == NULL) {
#  132|   		fprintf(stderr, "Could not create semanage library handle\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def35]
selinux-3.9/policycoreutils/setsebool/setsebool.c:130:18: warning[-Wanalyzer-malloc-leak]: leak of ‘vallist’
selinux-3.9/policycoreutils/setsebool/setsebool.c:221:5: enter_function: entry to ‘setbool’
selinux-3.9/policycoreutils/setsebool/setsebool.c:228:31: acquire_memory: allocated here
selinux-3.9/policycoreutils/setsebool/setsebool.c:229:12: branch_false: following ‘false’ branch (when ‘vallist’ is non-NULL)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:232:16: branch_false: following ‘false’ branch (when ‘i >= end’)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:13: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:270:21: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:270:21: call_function: calling ‘semanage_set_boolean_list’ from ‘setbool’
#  128|   	int enabled = is_selinux_enabled();
#  129|   
#  130|-> 	handle = semanage_handle_create();
#  131|   	if (handle == NULL) {
#  132|   		fprintf(stderr, "Could not create semanage library handle\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def36]
selinux-3.9/policycoreutils/setsebool/setsebool.c:137:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
selinux-3.9/policycoreutils/setsebool/setsebool.c:34:5: enter_function: entry to ‘main’
selinux-3.9/policycoreutils/setsebool/setsebool.c:38:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:62:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:70:24: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:70:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:74:20: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:74:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:78:23: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:80:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:85:31: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:86:22: call_function: calling ‘setbool’ from ‘main’
#  135|   
#  136|   	if (!verbose) {
#  137|-> 		semanage_msg_set_callback(handle, NULL, NULL);
#  138|   	}
#  139|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def37]
selinux-3.9/policycoreutils/setsebool/setsebool.c:137:17: warning[-Wanalyzer-malloc-leak]: leak of ‘vallist’
selinux-3.9/policycoreutils/setsebool/setsebool.c:221:5: enter_function: entry to ‘setbool’
selinux-3.9/policycoreutils/setsebool/setsebool.c:228:31: acquire_memory: allocated here
selinux-3.9/policycoreutils/setsebool/setsebool.c:229:12: branch_false: following ‘false’ branch (when ‘vallist’ is non-NULL)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:232:16: branch_false: following ‘false’ branch (when ‘i >= end’)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:13: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:270:21: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:270:21: call_function: calling ‘semanage_set_boolean_list’ from ‘setbool’
#  135|   
#  136|   	if (!verbose) {
#  137|-> 		semanage_msg_set_callback(handle, NULL, NULL);
#  138|   	}
#  139|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def38]
selinux-3.9/policycoreutils/setsebool/setsebool.c:140:19: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
selinux-3.9/policycoreutils/setsebool/setsebool.c:34:5: enter_function: entry to ‘main’
selinux-3.9/policycoreutils/setsebool/setsebool.c:38:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:62:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:70:24: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:70:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:74:20: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:74:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:78:23: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:80:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:85:31: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:86:22: call_function: calling ‘setbool’ from ‘main’
#  138|   	}
#  139|   
#  140|-> 	managed = semanage_is_managed(handle);
#  141|   	if (managed < 0) {
#  142|   		fprintf(stderr,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def39]
selinux-3.9/policycoreutils/setsebool/setsebool.c:140:19: warning[-Wanalyzer-malloc-leak]: leak of ‘vallist’
selinux-3.9/policycoreutils/setsebool/setsebool.c:221:5: enter_function: entry to ‘setbool’
selinux-3.9/policycoreutils/setsebool/setsebool.c:228:31: acquire_memory: allocated here
selinux-3.9/policycoreutils/setsebool/setsebool.c:229:12: branch_false: following ‘false’ branch (when ‘vallist’ is non-NULL)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:232:16: branch_false: following ‘false’ branch (when ‘i >= end’)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:13: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:270:21: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:270:21: call_function: calling ‘semanage_set_boolean_list’ from ‘setbool’
#  138|   	}
#  139|   
#  140|-> 	managed = semanage_is_managed(handle);
#  141|   	if (managed < 0) {
#  142|   		fprintf(stderr,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def40]
selinux-3.9/policycoreutils/setsebool/setsebool.c:157:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
selinux-3.9/policycoreutils/setsebool/setsebool.c:34:5: enter_function: entry to ‘main’
selinux-3.9/policycoreutils/setsebool/setsebool.c:38:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:62:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:70:24: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:70:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:74:20: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:74:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:78:23: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:80:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:85:31: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:86:22: call_function: calling ‘setbool’ from ‘main’
#  155|   	}
#  156|   
#  157|-> 	if (semanage_connect(handle) < 0)
#  158|   		goto err;
#  159|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def41]
selinux-3.9/policycoreutils/setsebool/setsebool.c:157:13: warning[-Wanalyzer-malloc-leak]: leak of ‘vallist’
selinux-3.9/policycoreutils/setsebool/setsebool.c:221:5: enter_function: entry to ‘setbool’
selinux-3.9/policycoreutils/setsebool/setsebool.c:228:31: acquire_memory: allocated here
selinux-3.9/policycoreutils/setsebool/setsebool.c:229:12: branch_false: following ‘false’ branch (when ‘vallist’ is non-NULL)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:232:16: branch_false: following ‘false’ branch (when ‘i >= end’)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:13: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:270:21: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:270:21: call_function: calling ‘semanage_set_boolean_list’ from ‘setbool’
#  155|   	}
#  156|   
#  157|-> 	if (semanage_connect(handle) < 0)
#  158|   		goto err;
#  159|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def42]
selinux-3.9/policycoreutils/setsebool/setsebool.c:160:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
selinux-3.9/policycoreutils/setsebool/setsebool.c:34:5: enter_function: entry to ‘main’
selinux-3.9/policycoreutils/setsebool/setsebool.c:38:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:62:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:70:24: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:70:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:74:20: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:74:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:78:23: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:80:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:85:31: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:86:22: call_function: calling ‘setbool’ from ‘main’
#  158|   		goto err;
#  159|   
#  160|-> 	if (semanage_begin_transaction(handle) < 0)
#  161|   		goto err;
#  162|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def43]
selinux-3.9/policycoreutils/setsebool/setsebool.c:160:13: warning[-Wanalyzer-malloc-leak]: leak of ‘vallist’
selinux-3.9/policycoreutils/setsebool/setsebool.c:221:5: enter_function: entry to ‘setbool’
selinux-3.9/policycoreutils/setsebool/setsebool.c:228:31: acquire_memory: allocated here
selinux-3.9/policycoreutils/setsebool/setsebool.c:229:12: branch_false: following ‘false’ branch (when ‘vallist’ is non-NULL)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:232:16: branch_false: following ‘false’ branch (when ‘i >= end’)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:13: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:270:21: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:270:21: call_function: calling ‘semanage_set_boolean_list’ from ‘setbool’
#  158|   		goto err;
#  159|   
#  160|-> 	if (semanage_begin_transaction(handle) < 0)
#  161|   		goto err;
#  162|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def44]
selinux-3.9/policycoreutils/setsebool/setsebool.c:165:21: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
selinux-3.9/policycoreutils/setsebool/setsebool.c:34:5: enter_function: entry to ‘main’
selinux-3.9/policycoreutils/setsebool/setsebool.c:38:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:62:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:70:24: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:70:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:74:20: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:74:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:78:23: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:80:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:85:31: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:86:22: call_function: calling ‘setbool’ from ‘main’
#  163|   	for (j = 0; j < boolcnt; j++) {
#  164|   
#  165|-> 		if (semanage_bool_create(handle, &boolean) < 0)
#  166|   			goto err;
#  167|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def45]
selinux-3.9/policycoreutils/setsebool/setsebool.c:165:21: warning[-Wanalyzer-malloc-leak]: leak of ‘vallist’
selinux-3.9/policycoreutils/setsebool/setsebool.c:221:5: enter_function: entry to ‘setbool’
selinux-3.9/policycoreutils/setsebool/setsebool.c:228:31: acquire_memory: allocated here
selinux-3.9/policycoreutils/setsebool/setsebool.c:229:12: branch_false: following ‘false’ branch (when ‘vallist’ is non-NULL)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:232:16: branch_false: following ‘false’ branch (when ‘i >= end’)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:13: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:270:21: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:270:21: call_function: calling ‘semanage_set_boolean_list’ from ‘setbool’
#  163|   	for (j = 0; j < boolcnt; j++) {
#  164|   
#  165|-> 		if (semanage_bool_create(handle, &boolean) < 0)
#  166|   			goto err;
#  167|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def46]
selinux-3.9/policycoreutils/setsebool/setsebool.c:168:21: warning[-Wanalyzer-malloc-leak]: leak of ‘vallist’
selinux-3.9/policycoreutils/setsebool/setsebool.c:221:5: enter_function: entry to ‘setbool’
selinux-3.9/policycoreutils/setsebool/setsebool.c:228:31: acquire_memory: allocated here
selinux-3.9/policycoreutils/setsebool/setsebool.c:229:12: branch_false: following ‘false’ branch (when ‘vallist’ is non-NULL)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:232:16: branch_false: following ‘false’ branch (when ‘i >= end’)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:13: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:12: branch_true: following ‘true’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:270:21: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:270:21: call_function: calling ‘semanage_set_boolean_list’ from ‘setbool’
#  166|   			goto err;
#  167|   
#  168|-> 		if (semanage_bool_set_name(handle, boolean, boollist[j].name) <
#  169|   		    0)
#  170|   			goto err;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def47]
selinux-3.9/policycoreutils/setsebool/setsebool.c:283:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘value_ptr’
selinux-3.9/policycoreutils/setsebool/setsebool.c:229:12: branch_false: following ‘false’ branch (when ‘vallist’ is non-NULL)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:235:20: branch_false: following ‘false’ branch (when ‘value_ptr’ is non-NULL)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:241:17: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:259:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:261:17: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:269:12: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:273:21: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:273:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:278:15: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:280:16: branch_true: following ‘true’ branch (when ‘i < end’)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:281:28: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:283:17: danger: dereference of NULL ‘value_ptr’
#  281|   		name = list[i];
#  282|   		value_ptr = strchr(name, '=');
#  283|-> 		*value_ptr = '\0';
#  284|   		value_ptr++;
#  285|   		if (pwd && pwd->pw_name)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def48]
selinux-3.9/policycoreutils/setsebool/setsebool.c:308:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
selinux-3.9/policycoreutils/setsebool/setsebool.c:229:12: branch_false: following ‘false’ branch (when ‘vallist’ is non-NULL)...
 branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:232:16: branch_true: following ‘true’ branch (when ‘i < end’)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:233:28: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:235:20: branch_false: following ‘false’ branch (when ‘value_ptr’ is non-NULL)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:241:17: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:258:35: acquire_memory: allocated here
selinux-3.9/policycoreutils/setsebool/setsebool.c:259:20: branch_false: following ‘false’ branch...
selinux-3.9/policycoreutils/setsebool/setsebool.c:261:17: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:232:16: branch_true: following ‘true’ branch (when ‘i < end’)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:233:28: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:235:20: branch_true: following ‘true’ branch (when ‘value_ptr’ is NULL)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:236:25: branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:305:12: branch_true: following ‘true’ branch (when ‘vallist’ is non-NULL)...
 branch_true: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:306:29: branch_false: following ‘false’ branch (when ‘i >= boolcnt’)...
selinux-3.9/policycoreutils/setsebool/setsebool.c:308:17: branch_false: ...to here
selinux-3.9/policycoreutils/setsebool/setsebool.c:308:17: danger: ‘<unknown>’ leaks here; was allocated at [(8)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/7)
#  306|   		for (i = 0; i < boolcnt; i++)
#  307|   			free(vallist[i].name);
#  308|-> 		free(vallist);
#  309|   	}
#  310|   	return -1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def49]
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:190:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "r")’
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:183:14: acquire_resource: opened here
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:184:12: branch_false: following ‘false’ branch...
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:190:9: branch_false: ...to here
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:190:9: danger: ‘fopen(filename, "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  188|   	}
#  189|   
#  190|-> 	policy_file_init(&pf);
#  191|   	pf.type = PF_USE_STDIO;
#  192|   	pf.fp = fp;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def50]
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:190:9: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "r")’
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:183:14: acquire_memory: allocated here
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:184:12: branch_false: following ‘false’ branch...
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:190:9: branch_false: ...to here
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:190:9: danger: ‘fopen(filename, "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  188|   	}
#  189|   
#  190|-> 	policy_file_init(&pf);
#  191|   	pf.type = PF_USE_STDIO;
#  192|   	pf.fp = fp;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def51]
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:201:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘pf.fp’
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:183:14: acquire_resource: opened here
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:184:12: branch_false: following ‘false’ branch...
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:190:9: branch_false: ...to here
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:195:12: branch_false: following ‘false’ branch (when ‘policydb’ is non-NULL)...
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:201:13: branch_false: ...to here
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:201:13: danger: ‘pf.fp’ leaks here; was opened at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  199|   	}
#  200|   
#  201|-> 	if (policydb_init(policydb)) {
#  202|   		fprintf(stderr, "Out of memory!\n");
#  203|   		free(policydb);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def52]
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:201:13: warning[-Wanalyzer-malloc-leak]: leak of ‘pf.fp’
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:183:14: acquire_memory: allocated here
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:184:12: branch_false: following ‘false’ branch...
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:190:9: branch_false: ...to here
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:195:12: branch_false: following ‘false’ branch (when ‘policydb’ is non-NULL)...
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:201:13: branch_false: ...to here
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:201:13: danger: ‘pf.fp’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  199|   	}
#  200|   
#  201|-> 	if (policydb_init(policydb)) {
#  202|   		fprintf(stderr, "Out of memory!\n");
#  203|   		free(policydb);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def53]
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:201:13: warning[-Wanalyzer-malloc-leak]: leak of ‘policydb’
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:184:12: branch_false: following ‘false’ branch...
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:190:9: branch_false: ...to here
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:194:20: acquire_memory: allocated here
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:195:12: branch_false: following ‘false’ branch (when ‘policydb’ is non-NULL)...
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:201:13: branch_false: ...to here
selinux-3.9/python/audit2allow/sepolgen-ifgen-attr-helper.c:201:13: danger: ‘policydb’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  199|   	}
#  200|   
#  201|-> 	if (policydb_init(policydb)) {
#  202|   		fprintf(stderr, "Out of memory!\n");
#  203|   		free(policydb);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def54]
selinux-3.9/restorecond/stringslist.c:52:17: warning[-Wanalyzer-malloc-leak]: leak of ‘newptr’
selinux-3.9/restorecond/stringslist.c:38:16: branch_false: following ‘false’ branch (when ‘ptr’ is NULL)...
selinux-3.9/restorecond/stringslist.c:47:18: branch_false: ...to here
selinux-3.9/restorecond/stringslist.c:47:18: acquire_memory: allocated here
selinux-3.9/restorecond/stringslist.c:48:12: branch_false: following ‘false’ branch (when ‘newptr’ is non-NULL)...
selinux-3.9/restorecond/stringslist.c:50:26: branch_false: ...to here
selinux-3.9/restorecond/stringslist.c:51:12: branch_true: following ‘true’ branch...
selinux-3.9/restorecond/stringslist.c:52:17: branch_true: ...to here
selinux-3.9/restorecond/stringslist.c:52:17: danger: ‘newptr’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   50|   	newptr->string = strdup(string);
#   51|   	if (!newptr->string)
#   52|-> 		exitApp("Out of Memory");
#   53|   	newptr->next = ptr;
#   54|   	if (prev)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def55]
selinux-3.9/restorecond/utmpwatcher.c:64:25: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen("/run/utmp", "r")’
selinux-3.9/restorecond/utmpwatcher.c:54:12: branch_false: following ‘false’ branch...
selinux-3.9/restorecond/utmpwatcher.c:57:9: branch_false: ...to here
selinux-3.9/restorecond/utmpwatcher.c:58:21: acquire_resource: opened here
selinux-3.9/restorecond/utmpwatcher.c:59:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
selinux-3.9/restorecond/utmpwatcher.c:62:16: branch_true: following ‘true’ branch...
selinux-3.9/restorecond/utmpwatcher.c:63:21: branch_true: ...to here
selinux-3.9/restorecond/utmpwatcher.c:64:25: danger: ‘fopen("/run/utmp", "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   62|   	while (fread(&u, sizeof(struct utmp), 1, cfg) > 0) {
#   63|   		if (u.ut_type == USER_PROCESS)
#   64|-> 			strings_list_add(&utmp_ptr, u.ut_user);
#   65|   	}
#   66|   	fclose(cfg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def56]
selinux-3.9/restorecond/utmpwatcher.c:64:25: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen("/run/utmp", "r")’
selinux-3.9/restorecond/utmpwatcher.c:54:12: branch_false: following ‘false’ branch...
selinux-3.9/restorecond/utmpwatcher.c:57:9: branch_false: ...to here
selinux-3.9/restorecond/utmpwatcher.c:58:21: acquire_memory: allocated here
selinux-3.9/restorecond/utmpwatcher.c:59:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
selinux-3.9/restorecond/utmpwatcher.c:62:16: branch_true: following ‘true’ branch...
selinux-3.9/restorecond/utmpwatcher.c:63:21: branch_true: ...to here
selinux-3.9/restorecond/utmpwatcher.c:64:25: danger: ‘fopen("/run/utmp", "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#   62|   	while (fread(&u, sizeof(struct utmp), 1, cfg) > 0) {
#   63|   		if (u.ut_type == USER_PROCESS)
#   64|-> 			strings_list_add(&utmp_ptr, u.ut_user);
#   65|   	}
#   66|   	fclose(cfg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def57]
selinux-3.9/restorecond/watch.c:103:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
selinux-3.9/restorecond/watch.c:265:6: enter_function: entry to ‘read_config’
selinux-3.9/restorecond/watch.c:272:9: call_function: calling ‘watch_list_free’ from ‘read_config’
selinux-3.9/restorecond/watch.c:272:9: return_function: returning to ‘read_config’ from ‘watch_list_free’
selinux-3.9/restorecond/watch.c:275:12: branch_false: following ‘false’ branch...
selinux-3.9/restorecond/watch.c:279:9: branch_false: ...to here
selinux-3.9/restorecond/watch.c:279:9: call_function: calling ‘process_config’ from ‘read_config’
#  101|   	ptr->dir = strdup(dir);
#  102|   	if (!ptr->dir)
#  103|-> 		exitApp("Out of Memory");
#  104|   
#  105|   	strings_list_add(&ptr->files, file);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def58]
selinux-3.9/restorecond/watch.c:105:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
selinux-3.9/restorecond/watch.c:265:6: enter_function: entry to ‘read_config’
selinux-3.9/restorecond/watch.c:272:9: call_function: calling ‘watch_list_free’ from ‘read_config’
selinux-3.9/restorecond/watch.c:272:9: return_function: returning to ‘read_config’ from ‘watch_list_free’
selinux-3.9/restorecond/watch.c:275:12: branch_false: following ‘false’ branch...
selinux-3.9/restorecond/watch.c:279:9: branch_false: ...to here
selinux-3.9/restorecond/watch.c:279:9: call_function: calling ‘process_config’ from ‘read_config’
#  103|   		exitApp("Out of Memory");
#  104|   
#  105|-> 	strings_list_add(&ptr->files, file);
#  106|   	if (prev)
#  107|   		prev->next = ptr;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def59]
selinux-3.9/restorecond/watch.c:105:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
selinux-3.9/restorecond/watch.c:265:6: enter_function: entry to ‘read_config’
selinux-3.9/restorecond/watch.c:272:9: call_function: calling ‘watch_list_free’ from ‘read_config’
selinux-3.9/restorecond/watch.c:272:9: return_function: returning to ‘read_config’ from ‘watch_list_free’
selinux-3.9/restorecond/watch.c:275:12: branch_false: following ‘false’ branch...
selinux-3.9/restorecond/watch.c:279:9: branch_false: ...to here
selinux-3.9/restorecond/watch.c:279:9: call_function: calling ‘process_config’ from ‘read_config’
#  103|   		exitApp("Out of Memory");
#  104|   
#  105|-> 	strings_list_add(&ptr->files, file);
#  106|   	if (prev)
#  107|   		prev->next = ptr;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def60]
selinux-3.9/restorecond/watch.c:285:12: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(watch_file_path, "r")’
selinux-3.9/restorecond/watch.c:265:6: enter_function: entry to ‘read_config’
selinux-3.9/restorecond/watch.c:272:9: call_function: calling ‘watch_list_free’ from ‘read_config’
selinux-3.9/restorecond/watch.c:272:9: return_function: returning to ‘read_config’ from ‘watch_list_free’
selinux-3.9/restorecond/watch.c:274:15: acquire_resource: opened here
selinux-3.9/restorecond/watch.c:275:12: branch_false: following ‘false’ branch...
selinux-3.9/restorecond/watch.c:279:9: branch_false: ...to here
selinux-3.9/restorecond/watch.c:279:9: call_function: calling ‘process_config’ from ‘read_config’
#  283|   	master_wd =
#  284|   	    inotify_add_watch(fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY);
#  285|-> 	if (master_wd == -1)
#  286|   		exitApp("Error watching config file.");
#  287|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def61]
selinux-3.9/restorecond/watch.c:285:12: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(watch_file_path, "r")’
selinux-3.9/restorecond/watch.c:265:6: enter_function: entry to ‘read_config’
selinux-3.9/restorecond/watch.c:272:9: call_function: calling ‘watch_list_free’ from ‘read_config’
selinux-3.9/restorecond/watch.c:272:9: return_function: returning to ‘read_config’ from ‘watch_list_free’
selinux-3.9/restorecond/watch.c:274:15: acquire_memory: allocated here
selinux-3.9/restorecond/watch.c:275:12: branch_false: following ‘false’ branch...
selinux-3.9/restorecond/watch.c:279:9: branch_false: ...to here
selinux-3.9/restorecond/watch.c:279:9: call_function: calling ‘process_config’ from ‘read_config’
#  283|   	master_wd =
#  284|   	    inotify_add_watch(fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY);
#  285|-> 	if (master_wd == -1)
#  286|   		exitApp("Error watching config file.");
#  287|   }

Error: CPPCHECK_WARNING (CWE-476): [#def62]
selinux-3.9/sandbox/seunshare.c:310: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: fptr
#  308|   		 FILE *fptr;
#  309|            fptr = fopen(dst, "w");
#  310|-> 		 fclose(fptr);
#  311|   	}
#  312|   	/* mount file */

Error: GCC_ANALYZER_WARNING (CWE-688): [#def63]
selinux-3.9/sandbox/seunshare.c:310:18: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘fopen(dst, "w")’ where non-null expected
selinux-3.9/sandbox/seunshare.c:307:12: branch_true: following ‘true’ branch...
selinux-3.9/sandbox/seunshare.c:309:17: branch_true: ...to here
selinux-3.9/sandbox/seunshare.c:309:17: acquire_memory: this call could return NULL
selinux-3.9/sandbox/seunshare.c:310:18: danger: argument 1 (‘fopen(dst, "w")’) from [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) could be NULL where non-null expected
#  308|   		 FILE *fptr;
#  309|            fptr = fopen(dst, "w");
#  310|-> 		 fclose(fptr);
#  311|   	}
#  312|   	/* mount file */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def64]
selinux-3.9/sandbox/seunshare.c:598:23: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir("/proc")’
selinux-3.9/sandbox/seunshare.c:592:21: acquire_memory: allocated here
selinux-3.9/sandbox/seunshare.c:592:12: branch_false: following ‘false’ branch...
selinux-3.9/sandbox/seunshare.c:596:21: branch_false: ...to here
selinux-3.9/sandbox/seunshare.c:597:12: branch_true: following ‘true’ branch (when ‘pid_table’ is NULL)...
selinux-3.9/sandbox/seunshare.c:598:23: branch_true: ...to here
selinux-3.9/sandbox/seunshare.c:598:23: danger: ‘opendir("/proc")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  596|   	pid_table = malloc(max_pids * sizeof (pid_t));
#  597|   	if (!pid_table) {
#  598|-> 		(void)closedir(dir);
#  599|   		return -1;
#  600|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def65]
selinux-3.9/sandbox/seunshare.c:603:15: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir("/proc")’
selinux-3.9/sandbox/seunshare.c:592:21: acquire_memory: allocated here
selinux-3.9/sandbox/seunshare.c:592:12: branch_false: following ‘false’ branch...
selinux-3.9/sandbox/seunshare.c:596:21: branch_false: ...to here
selinux-3.9/sandbox/seunshare.c:597:12: branch_false: following ‘false’ branch (when ‘pid_table’ is non-NULL)...
selinux-3.9/sandbox/seunshare.c:603:15: branch_false: ...to here
selinux-3.9/sandbox/seunshare.c:603:15: danger: ‘opendir("/proc")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  601|   	pids = 0;
#  602|   	context_t con;
#  603|-> 	con = context_new(execcon);
#  604|   	const char *mcs = context_range_get(con);
#  605|   	printf("mcs=%s\n", mcs);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def66]
selinux-3.9/sandbox/seunshare.c:603:15: warning[-Wanalyzer-malloc-leak]: leak of ‘pid_table’
selinux-3.9/sandbox/seunshare.c:592:12: branch_false: following ‘false’ branch...
selinux-3.9/sandbox/seunshare.c:596:21: branch_false: ...to here
selinux-3.9/sandbox/seunshare.c:596:21: acquire_memory: allocated here
selinux-3.9/sandbox/seunshare.c:597:12: branch_false: following ‘false’ branch (when ‘pid_table’ is non-NULL)...
selinux-3.9/sandbox/seunshare.c:603:15: branch_false: ...to here
selinux-3.9/sandbox/seunshare.c:603:15: danger: ‘pid_table’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  601|   	pids = 0;
#  602|   	context_t con;
#  603|-> 	con = context_new(execcon);
#  604|   	const char *mcs = context_range_get(con);
#  605|   	printf("mcs=%s\n", mcs);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def67]
selinux-3.9/sandbox/seunshare.c:604:27: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir("/proc")’
selinux-3.9/sandbox/seunshare.c:592:21: acquire_memory: allocated here
selinux-3.9/sandbox/seunshare.c:592:12: branch_false: following ‘false’ branch...
selinux-3.9/sandbox/seunshare.c:596:21: branch_false: ...to here
selinux-3.9/sandbox/seunshare.c:597:12: branch_false: following ‘false’ branch (when ‘pid_table’ is non-NULL)...
selinux-3.9/sandbox/seunshare.c:603:15: branch_false: ...to here
selinux-3.9/sandbox/seunshare.c:604:27: danger: ‘opendir("/proc")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  602|   	context_t con;
#  603|   	con = context_new(execcon);
#  604|-> 	const char *mcs = context_range_get(con);
#  605|   	printf("mcs=%s\n", mcs);
#  606|   	while ((de = readdir (dir)) != NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def68]
selinux-3.9/sandbox/seunshare.c:604:27: warning[-Wanalyzer-malloc-leak]: leak of ‘pid_table’
selinux-3.9/sandbox/seunshare.c:592:12: branch_false: following ‘false’ branch...
selinux-3.9/sandbox/seunshare.c:596:21: branch_false: ...to here
selinux-3.9/sandbox/seunshare.c:596:21: acquire_memory: allocated here
selinux-3.9/sandbox/seunshare.c:597:12: branch_false: following ‘false’ branch (when ‘pid_table’ is non-NULL)...
selinux-3.9/sandbox/seunshare.c:603:15: branch_false: ...to here
selinux-3.9/sandbox/seunshare.c:604:27: danger: ‘pid_table’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  602|   	context_t con;
#  603|   	con = context_new(execcon);
#  604|-> 	const char *mcs = context_range_get(con);
#  605|   	printf("mcs=%s\n", mcs);
#  606|   	while ((de = readdir (dir)) != NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def69]
selinux-3.9/sandbox/seunshare.c:606:22: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir("/proc")’
selinux-3.9/sandbox/seunshare.c:592:21: acquire_memory: allocated here
selinux-3.9/sandbox/seunshare.c:592:12: branch_false: following ‘false’ branch...
selinux-3.9/sandbox/seunshare.c:596:21: branch_false: ...to here
selinux-3.9/sandbox/seunshare.c:597:12: branch_false: following ‘false’ branch (when ‘pid_table’ is non-NULL)...
selinux-3.9/sandbox/seunshare.c:603:15: branch_false: ...to here
selinux-3.9/sandbox/seunshare.c:606:22: danger: ‘opendir("/proc")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  604|   	const char *mcs = context_range_get(con);
#  605|   	printf("mcs=%s\n", mcs);
#  606|-> 	while ((de = readdir (dir)) != NULL) {
#  607|   		if (!(pid = (pid_t)atoi(de->d_name)) || pid == self)
#  608|   			continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def70]
selinux-3.9/sandbox/seunshare.c:606:22: warning[-Wanalyzer-malloc-leak]: leak of ‘pid_table’
selinux-3.9/sandbox/seunshare.c:592:12: branch_false: following ‘false’ branch...
selinux-3.9/sandbox/seunshare.c:596:21: branch_false: ...to here
selinux-3.9/sandbox/seunshare.c:596:21: acquire_memory: allocated here
selinux-3.9/sandbox/seunshare.c:597:12: branch_false: following ‘false’ branch (when ‘pid_table’ is non-NULL)...
selinux-3.9/sandbox/seunshare.c:603:15: branch_false: ...to here
selinux-3.9/sandbox/seunshare.c:606:22: danger: ‘pid_table’ leaks here; was allocated at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
#  604|   	const char *mcs = context_range_get(con);
#  605|   	printf("mcs=%s\n", mcs);
#  606|-> 	while ((de = readdir (dir)) != NULL) {
#  607|   		if (!(pid = (pid_t)atoi(de->d_name)) || pid == self)
#  608|   			continue;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def71]
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:134:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(basename, "re")’
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:93:12: branch_false: following ‘false’ branch (when ‘show_version == 0’)...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:99:12: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:99:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:111:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:116:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:116:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:122:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:122:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:127:14: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:127:14: acquire_resource: opened here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:128:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:134:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:134:9: danger: ‘fopen(basename, "re")’ leaks here; was opened at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10)
#  132|   	}
#  133|   
#  134|-> 	sepol_policy_file_set_fp(pf, fp);
#  135|   	ret = sepol_module_package_read(base, pf, 0);
#  136|   	if (ret) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def72]
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:134:9: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(basename, "re")’
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:93:12: branch_false: following ‘false’ branch (when ‘show_version == 0’)...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:99:12: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:99:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:111:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:116:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:116:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:122:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:122:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:127:14: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:127:14: acquire_memory: allocated here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:128:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:134:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:134:9: danger: ‘fopen(basename, "re")’ leaks here; was allocated at [(11)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/10)
#  132|   	}
#  133|   
#  134|-> 	sepol_policy_file_set_fp(pf, fp);
#  135|   	ret = sepol_module_package_read(base, pf, 0);
#  136|   	if (ret) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def73]
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:181:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(outname, "we")’
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:93:12: branch_false: following ‘false’ branch (when ‘show_version == 0’)...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:99:12: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:99:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:111:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:116:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:116:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:122:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:122:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:127:14: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:128:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:134:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:136:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:142:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:147:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:154:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:154:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:159:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:161:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:166:12: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:166:12: branch_false: following ‘false’ branch (when ‘policyvers == 0’)...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:174:19: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:174:19: acquire_resource: opened here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:175:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:181:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:181:9: danger: ‘fopen(outname, "we")’ leaks here; was opened at [(23)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/22)
#  179|   	}
#  180|   
#  181|-> 	sepol_policy_file_set_fp(pf, outfile);
#  182|   	ret = sepol_policydb_write(out, pf);
#  183|   	if (ret) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def74]
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:181:9: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(outname, "we")’
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:93:12: branch_false: following ‘false’ branch (when ‘show_version == 0’)...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:99:12: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:99:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:111:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:116:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:116:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:122:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:122:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:127:14: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:128:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:134:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:136:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:142:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:147:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:154:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:154:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:159:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:161:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:166:12: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:166:12: branch_false: following ‘false’ branch (when ‘policyvers == 0’)...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:174:19: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:174:19: acquire_memory: allocated here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:175:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:181:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_expand/semodule_expand.c:181:9: danger: ‘fopen(outname, "we")’ leaks here; was allocated at [(23)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/22)
#  179|   	}
#  180|   
#  181|-> 	sepol_policy_file_set_fp(pf, outfile);
#  182|   	ret = sepol_policydb_write(out, pf);
#  183|   	if (ret) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def75]
selinux-3.9/semodule-utils/semodule_link/semodule_link.c:51:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "re")’
selinux-3.9/semodule-utils/semodule_link/semodule_link.c:37:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_link/semodule_link.c:41:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_link/semodule_link.c:41:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_link/semodule_link.c:45:14: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_link/semodule_link.c:45:14: acquire_resource: opened here
selinux-3.9/semodule-utils/semodule_link/semodule_link.c:46:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_link/semodule_link.c:51:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_link/semodule_link.c:51:9: danger: ‘fopen(filename, "re")’ leaks here; was opened at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#   49|   		goto bad;
#   50|   	}
#   51|-> 	sepol_policy_file_set_fp(pf, fp);
#   52|   
#   53|   	printf("%s:  loading package from file %s\n", progname, filename);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def76]
selinux-3.9/semodule-utils/semodule_link/semodule_link.c:51:9: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "re")’
selinux-3.9/semodule-utils/semodule_link/semodule_link.c:37:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_link/semodule_link.c:41:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_link/semodule_link.c:41:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_link/semodule_link.c:45:14: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_link/semodule_link.c:45:14: acquire_memory: allocated here
selinux-3.9/semodule-utils/semodule_link/semodule_link.c:46:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_link/semodule_link.c:51:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_link/semodule_link.c:51:9: danger: ‘fopen(filename, "re")’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#   49|   		goto bad;
#   50|   	}
#   51|-> 	sepol_policy_file_set_fp(pf, fp);
#   52|   
#   53|   	printf("%s:  loading package from file %s\n", progname, filename);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def77]
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:53:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(ppfile, "r")’
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:28:12: branch_false: following ‘false’ branch (when ‘argc > 2’)...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:33:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:35:12: branch_false: following ‘false’ branch (when ‘argc == 3’)...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:38:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:38:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:43:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:43:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:48:14: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:48:14: acquire_resource: opened here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:49:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:53:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:53:9: danger: ‘fopen(ppfile, "r")’ leaks here; was opened at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#   51|   		goto failure;
#   52|   	}
#   53|-> 	sepol_policy_file_set_fp(in, fp);
#   54|   
#   55|   	if (sepol_module_package_read(pkg, in, 0) == -1) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def78]
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:53:9: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(ppfile, "r")’
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:28:12: branch_false: following ‘false’ branch (when ‘argc > 2’)...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:33:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:35:12: branch_false: following ‘false’ branch (when ‘argc == 3’)...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:38:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:38:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:43:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:43:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:48:14: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:48:14: acquire_memory: allocated here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:49:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:53:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:53:9: danger: ‘fopen(ppfile, "r")’ leaks here; was allocated at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8)
#   51|   		goto failure;
#   52|   	}
#   53|-> 	sepol_policy_file_set_fp(in, fp);
#   54|   
#   55|   	if (sepol_module_package_read(pkg, in, 0) == -1) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def79]
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:76:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(modfile, "w")’
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:28:12: branch_false: following ‘false’ branch (when ‘argc > 2’)...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:33:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:35:12: branch_false: following ‘false’ branch (when ‘argc == 3’)...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:38:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:38:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:43:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:43:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:48:14: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:49:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:53:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:55:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:61:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:66:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:71:14: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:71:14: acquire_resource: opened here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:72:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:76:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:76:9: danger: ‘fopen(modfile, "w")’ leaks here; was opened at [(15)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/14)
#   74|   		goto failure;
#   75|   	}
#   76|-> 	sepol_policy_file_set_fp(out, fp);
#   77|   
#   78|   	if (sepol_policydb_write(sepol_module_package_get_policy(pkg), out)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def80]
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:76:9: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(modfile, "w")’
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:28:12: branch_false: following ‘false’ branch (when ‘argc > 2’)...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:33:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:35:12: branch_false: following ‘false’ branch (when ‘argc == 3’)...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:38:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:38:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:43:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:43:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:48:14: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:49:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:53:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:55:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:61:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:66:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:71:14: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:71:14: acquire_memory: allocated here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:72:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:76:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:76:9: danger: ‘fopen(modfile, "w")’ leaks here; was allocated at [(15)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/14)
#   74|   		goto failure;
#   75|   	}
#   76|-> 	sepol_policy_file_set_fp(out, fp);
#   77|   
#   78|   	if (sepol_policydb_write(sepol_module_package_get_policy(pkg), out)) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def81]
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:100:26: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fcfile, "w")’
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:28:12: branch_false: following ‘false’ branch (when ‘argc > 2’)...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:33:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:35:12: branch_true: following ‘true’ branch (when ‘argc != 3’)...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:36:17: branch_true: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:38:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:43:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:43:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:48:14: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:49:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:53:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:55:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:61:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:66:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:71:14: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:72:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:76:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:78:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:83:15: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:85:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:90:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:94:12: branch_true: following ‘true’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:95:22: branch_true: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:95:22: acquire_resource: opened here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:96:20: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:100:26: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:100:26: danger: ‘fopen(fcfile, "w")’ leaks here; was opened at [(23)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/22)
#   98|   			goto failure;
#   99|   		}
#  100|-> 		fcdata = sepol_module_package_get_file_contexts(pkg);
#  101|   		if (fwrite(fcdata, 1, len, fp) != len) {
#  102|   			fprintf(stderr, "%s:  Could not write file %s:  %s\n", argv[0], fcfile, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def82]
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:100:26: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fcfile, "w")’
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:28:12: branch_false: following ‘false’ branch (when ‘argc > 2’)...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:33:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:35:12: branch_true: following ‘true’ branch (when ‘argc != 3’)...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:36:17: branch_true: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:38:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:43:13: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:43:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:48:14: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:49:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:53:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:55:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:61:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:66:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:71:14: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:72:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:76:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:78:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:83:15: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:85:12: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:90:9: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:94:12: branch_true: following ‘true’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:95:22: branch_true: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:95:22: acquire_memory: allocated here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:96:20: branch_false: following ‘false’ branch...
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:100:26: branch_false: ...to here
selinux-3.9/semodule-utils/semodule_package/semodule_unpackage.c:100:26: danger: ‘fopen(fcfile, "w")’ leaks here; was allocated at [(23)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/22)
#   98|   			goto failure;
#   99|   		}
#  100|-> 		fcdata = sepol_module_package_get_file_contexts(pkg);
#  101|   		if (fwrite(fcdata, 1, len, fp) != len) {
#  102|   			fprintf(stderr, "%s:  Could not write file %s:  %s\n", argv[0], fcfile, strerror(errno));

Scan Properties