Newly introduced findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-688): [#def1]
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'join_namespaces'
crun-HEAD/src/libcrun/linux.c:4026:17: warning[-Wanalyzer-null-argument]: use of NULL 'cwd' where non-null expected
/usr/include/unistd.h:517:12: note: argument 1 of 'chdir' must be non-null
# 4024|         if (value == CLONE_NEWNS)
# 4025|           {
# 4026|->           ret = chdir (cwd);
# 4027|             if (UNLIKELY (ret < 0))
# 4028|               return crun_make_error (err, errno, "chdir `%s`", cwd);

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def2]
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'libcrun_join_process'
crun-HEAD/src/libcrun/linux.c:5727:25: warning[-Wanalyzer-fd-double-close]: double 'close' of file descriptor 'sync_socket_fd[0]'
# 5725|   exit:
# 5726|     if (sync_socket_fd[0] >= 0)
# 5727|->     TEMP_FAILURE_RETRY (close (sync_socket_fd[0]));
# 5728|     if (sync_socket_fd[1] >= 0)
# 5729|       TEMP_FAILURE_RETRY (close (sync_socket_fd[1]));

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def3]
crun-HEAD/src/libcrun/linux.c:5729:25: warning[-Wanalyzer-fd-double-close]: double 'close' of file descriptor 'sync_socket_fd[1]'
# 5727|       TEMP_FAILURE_RETRY (close (sync_socket_fd[0]));
# 5728|     if (sync_socket_fd[1] >= 0)
# 5729|->     TEMP_FAILURE_RETRY (close (sync_socket_fd[1]));
# 5730|     return ret;
# 5731|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'libcrun_make_runtime_mounts'
crun-HEAD/src/libcrun/linux.c:6358:1: warning[-Wanalyzer-malloc-leak]: leak of 'data'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'libcrun_make_runtime_mounts'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'libcrun_make_runtime_mounts'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'libcrun_make_runtime_mounts'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'libcrun_make_runtime_mounts'
# 6356|   
# 6357|     return run_in_container_namespace (status, do_mount_in_a_container, &args, err);
# 6358|-> }
# 6359|   
# 6360|   int

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def5]
crun-HEAD/src/libcrun/utils.h:108:25: warning[-Wanalyzer-fd-double-close]: double 'close' of file descriptor 'client_fd'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'cleanup_closep.part.0'
crun-HEAD/src/libcrun/linux.c:3752:12: note: in expansion of macro 'crun_make_error'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'cleanup_closep.part.0'
crun-HEAD/src/libcrun/linux.c:3971:12: note: in expansion of macro 'crun_make_error'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'cleanup_closep.part.0'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'cleanup_closep.part.0'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'cleanup_closep.part.0'
crun-HEAD/src/libcrun/utils.h: scope_hint: In function 'cleanup_closep.part.0'
#  106|     int *pp = (int *) p;
#  107|     if (*pp >= 0)
#  108|->     TEMP_FAILURE_RETRY (close (*pp));
#  109|   }
#  110|   

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def6]
crun-HEAD/src/libcrun/utils.h:108:25: warning[-Wanalyzer-fd-double-close]: double 'close' of file descriptor 'dest_fd'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'cleanup_closep.part.0'
crun-HEAD/src/libcrun/utils.h: scope_hint: In function 'cleanup_closep.part.0'
#  106|     int *pp = (int *) p;
#  107|     if (*pp >= 0)
#  108|->     TEMP_FAILURE_RETRY (close (*pp));
#  109|   }
#  110|   

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def7]
crun-HEAD/src/libcrun/utils.h:108:25: warning[-Wanalyzer-fd-double-close]: double 'close' of file descriptor 'gid_fd'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'cleanup_closep.part.0'
crun-HEAD/src/libcrun/linux.c:3752:12: note: in expansion of macro 'crun_make_error'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'cleanup_closep.part.0'
crun-HEAD/src/libcrun/utils.h: scope_hint: In function 'cleanup_closep.part.0'
#  106|     int *pp = (int *) p;
#  107|     if (*pp >= 0)
#  108|->     TEMP_FAILURE_RETRY (close (*pp));
#  109|   }
#  110|   

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def8]
crun-HEAD/src/libcrun/utils.h:108:25: warning[-Wanalyzer-fd-double-close]: double 'close' of file descriptor 'map_fd'
/usr/include/features.h:540: included_from: Included from here.
/usr/include/bits/libc-header-start.h:33: included_from: Included from here.
/usr/include/stdio.h:28: included_from: Included from here.
crun-HEAD/src/libcrun/linux.h:21: included_from: Included from here.
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'cleanup_closep.part.0'
crun-HEAD/src/libcrun/linux.c:364:20: note: in expansion of macro 'crun_make_error'
crun-HEAD/src/libcrun/utils.h: scope_hint: In function 'cleanup_closep.part.0'
#  106|     int *pp = (int *) p;
#  107|     if (*pp >= 0)
#  108|->     TEMP_FAILURE_RETRY (close (*pp));
#  109|   }
#  110|   

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def9]
crun-HEAD/src/libcrun/utils.h:108:25: warning[-Wanalyzer-fd-double-close]: double 'close' of file descriptor 'uid_fd'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'cleanup_closep.part.0'
crun-HEAD/src/libcrun/linux.c:3752:12: note: in expansion of macro 'crun_make_error'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'cleanup_closep.part.0'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'cleanup_closep.part.0'
crun-HEAD/src/libcrun/utils.h: scope_hint: In function 'cleanup_closep.part.0'
#  106|     int *pp = (int *) p;
#  107|     if (*pp >= 0)
#  108|->     TEMP_FAILURE_RETRY (close (*pp));
#  109|   }
#  110|   

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def10]
crun-HEAD/src/libcrun/utils.h:213:33: warning[-Wanalyzer-fd-double-close]: double 'close' of file descriptor '**cgroup_dirfd.dirfd'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
#  211|     if (*fd >= 0)
#  212|       {
#  213|->       ret = TEMP_FAILURE_RETRY (close (*fd));
#  214|         if (LIKELY (ret == 0))
#  215|           *fd = -1;

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def11]
crun-HEAD/src/libcrun/utils.h:213:33: warning[-Wanalyzer-fd-double-close]: double 'close' of file descriptor 'gid_fd'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
crun-HEAD/src/libcrun/linux.c:3752:12: note: in expansion of macro 'crun_make_error'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
crun-HEAD/src/libcrun/linux.c:443:16: note: in expansion of macro 'crun_make_error'
#  211|     if (*fd >= 0)
#  212|       {
#  213|->       ret = TEMP_FAILURE_RETRY (close (*fd));
#  214|         if (LIKELY (ret == 0))
#  215|           *fd = -1;

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def12]
crun-HEAD/src/libcrun/utils.h:213:33: warning[-Wanalyzer-fd-double-close]: double 'close' of file descriptor 'targetfd'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
crun-HEAD/src/libcrun/linux.c:3752:12: note: in expansion of macro 'crun_make_error'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
crun-HEAD/src/libcrun/linux.c:3971:12: note: in expansion of macro 'crun_make_error'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
#  211|     if (*fd >= 0)
#  212|       {
#  213|->       ret = TEMP_FAILURE_RETRY (close (*fd));
#  214|         if (LIKELY (ret == 0))
#  215|           *fd = -1;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def13]
crun-HEAD/src/libcrun/utils.h: scope_hint: In function 'xstrdup'
crun-HEAD/src/libcrun/utils.h:227:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*str'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'xstrdup'
crun-HEAD/src/libcrun/linux.c:3752:12: note: in expansion of macro 'crun_make_error'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'xstrdup'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'xstrdup'
crun-HEAD/libocispec/src/ocispec/json_common.h:7: included_from: Included from here.
crun-HEAD/libocispec/src/ocispec/runtime_spec_schema_config_schema.h:7: included_from: Included from here.
crun-HEAD/src/libcrun/linux.h:27: included_from: Included from here.
/usr/include/string.h:202:14: note: argument 1 of 'strdup' must be a pointer to a null-terminated string
#  225|       return NULL;
#  226|   
#  227|->   ret = strdup (str);
#  228|     if (ret == NULL)
#  229|       OOM ();

Scan Properties

analyzer-version-clippy	1.93.1
analyzer-version-cppcheck	2.19.1
analyzer-version-gcc	16.0.1
analyzer-version-gcc-analyzer	16.0.1
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.93.1
diffbase-analyzer-version-cppcheck	2.19.1
diffbase-analyzer-version-gcc	16.0.1
diffbase-analyzer-version-gcc-analyzer	16.0.1
diffbase-analyzer-version-shellcheck	0.11.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-160.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20260225.110632.gf6ecc5a.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	crun-1.26-1.20260225191342298450.main.108.g4a26a1a9
diffbase-store-results-to	/tmp/tmpwj1piuxg/crun-1.26-1.20260225191342298450.main.108.g4a26a1a9.tar.xz
diffbase-time-created	2026-02-25 21:50:45
diffbase-time-finished	2026-02-25 21:54:26
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,clippy,cppcheck,shellcheck,gcc' '-o' '/tmp/tmpwj1piuxg/crun-1.26-1.20260225191342298450.main.108.g4a26a1a9.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmpwj1piuxg/crun-1.26-1.20260225191342298450.main.108.g4a26a1a9.src.rpm'
diffbase-tool-version	csmock-3.8.4.20260225.081022.gb9390cd-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-160.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20260225.110632.gf6ecc5a.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	crun-1.26-1.20260225214005522205.pr2027.112.g8536d13f
store-results-to	/tmp/tmpmgaoq_x_/crun-1.26-1.20260225214005522205.pr2027.112.g8536d13f.tar.xz
time-created	2026-02-25 21:54:52
time-finished	2026-02-25 21:58:01
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,clippy,cppcheck,shellcheck,gcc' '-o' '/tmp/tmpmgaoq_x_/crun-1.26-1.20260225214005522205.pr2027.112.g8536d13f.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmpmgaoq_x_/crun-1.26-1.20260225214005522205.pr2027.112.g8536d13f.src.rpm'
tool-version	csmock-3.8.4.20260225.081022.gb9390cd-1.el9