Task #105 - librepo-1.17.1-1.fc41/scan-results.err
back to task #105download
Error: CLANG_WARNING:
librepo-1.17.1/librepo/downloader.c:1332:5: warning[deadcode.DeadStores]: Value stored to 'zck' is never read
# 1330| return FALSE;
# 1331| }
# 1332|-> zck = zck_dl_get_zck(target->target->zck_dl);
# 1333|
# 1334| if(target->zck_state == LR_ZCK_DL_HEADER) {
Error: GCC_ANALYZER_WARNING (CWE-401):
librepo-1.17.1/librepo/downloader.c:1400:15: warning[-Wanalyzer-malloc-leak]: leak of ‘open_target_file(target, err)’
librepo-1.17.1/librepo/downloader.c:26: included_from: Included from here.
# 1398| FILE *f;
# 1399|
# 1400|-> if (target->target->fd != -1) {
# 1401| // Use supplied filedescriptor
# 1402| fd = dup(target->target->fd);
Error: COMPILER_WARNING (CWE-477):
librepo-1.17.1/librepo/downloader.c: scope_hint: In function ‘prepare_next_transfer’
librepo-1.17.1/librepo/downloader.c:1622:9: warning[-Wdeprecated-declarations]: ‘CURLOPT_PROGRESSFUNCTION’ is deprecated: since 7.32.0. Use CURLOPT_XFERINFOFUNCTION
# 1622 | c_rc = curl_easy_setopt(h, CURLOPT_PROGRESSFUNCTION, lr_progresscb) ||
# | ^~~~
librepo-1.17.1/librepo/downloader.c:37: included_from: Included from here.
/usr/include/curl/curl.h:1291:3: note: declared here
# 1291 | CURLOPTDEPRECATED(CURLOPT_PROGRESSFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 56,
# | ^~~~~~~~~~~~~~~~~
# 1620| target->cb_return_code = LR_CB_OK;
# 1621| if (target->target->progresscb) {
# 1622|-> c_rc = curl_easy_setopt(h, CURLOPT_PROGRESSFUNCTION, lr_progresscb) ||
# 1623| curl_easy_setopt(h, CURLOPT_NOPROGRESS, 0) ||
# 1624| curl_easy_setopt(h, CURLOPT_PROGRESSDATA, target);
Error: CLANG_WARNING:
librepo-1.17.1/librepo/gpg_rpm.c:355:9: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 353| if (memchr(block_begin, '\0', key_len) == NULL) {
# 354| key_with_null_byte = g_new(gchar, key_len + 1);
# 355|-> memcpy(key_with_null_byte, key, key_len);
# 356| key_with_null_byte[key_len] = '\0';
# 357|
Error: CLANG_WARNING:
librepo-1.17.1/librepo/gpg_rpm.c:537:13: warning[deadcode.DeadStores]: Value stored to 'sig_buf' is never read
# 535| // set block_begin and key to null byte terminated local copy
# 536| block_begin = sig_buf_with_null_byte + (block_begin - sig_buf);
# 537|-> sig_buf = sig_buf_with_null_byte;
# 538| }
# 539|
Error: CLANG_WARNING:
librepo-1.17.1/librepo/gpg_rpm.c:540:9: warning[unix.Malloc]: Potential leak of memory pointed to by 'sig_buf'
# 538| }
# 539|
# 540|-> pgpArmor ret_pgparmor = pgpParsePkts((const char *)block_begin, &pkts, &pkts_len);
# 541| if (ret_pgparmor < 0) {
# 542| g_debug("%s: Error: Parsing armored OpenPGP packet(s) failed", __func__);
Error: GCC_ANALYZER_WARNING (CWE-688):
librepo-1.17.1/librepo/gpg_rpm.c: scope_hint: In function ‘check_signature’
librepo-1.17.1/librepo/gpg_rpm.c:550:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘pkts’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 548| pkts_len = sig_buf_len;
# 549| pkts = malloc(sig_buf_len);
# 550|-> memcpy(pkts, sig_buf, sig_buf_len);
# 551| }
# 552|
Error: GCC_ANALYZER_WARNING (CWE-476):
librepo-1.17.1/librepo/handle.c: scope_hint: In function ‘lr_handle_setopt’
librepo-1.17.1/librepo/handle.c:560:22: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘handle_list’
# 558|
# 559| // Copy the list
# 560|-> *handle_list = lr_strv_dup(list);
# 561| break;
# 562| }
Error: CPPCHECK_WARNING (CWE-457):
librepo-1.17.1/librepo/handle.c:916: error[legacyUninitvar]: Uninitialized variable: baseurl
# 914| else if (handle->urls)
# 915| baseurl = handle->urls[0];
# 916|-> assert(baseurl);
# 917|
# 918| g_autoptr(GUri) uri = g_uri_parse(baseurl, G_URI_FLAGS_NONE, NULL);
Error: CLANG_WARNING:
librepo-1.17.1/librepo/handle.c:916:5: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 914| else if (handle->urls)
# 915| baseurl = handle->urls[0];
# 916|-> assert(baseurl);
# 917|
# 918| g_autoptr(GUri) uri = g_uri_parse(baseurl, G_URI_FLAGS_NONE, NULL);
Error: GCC_ANALYZER_WARNING (CWE-457):
librepo-1.17.1/librepo/handle.c: scope_hint: In function ‘lr_handle_network_wait’
librepo-1.17.1/librepo/handle.c:918:27: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘baseurl’
# 916| assert(baseurl);
# 917|
# 918|-> g_autoptr(GUri) uri = g_uri_parse(baseurl, G_URI_FLAGS_NONE, NULL);
# 919| if (uri == NULL) {
# 920| return FALSE;
Error: COMPILER_WARNING (CWE-457):
librepo-1.17.1/librepo/handle.c: scope_hint: In function ‘lr_handle_network_wait’
librepo-1.17.1/librepo/handle.c:918:27: warning[-Wmaybe-uninitialized]: ‘baseurl’ may be used uninitialized
# 918 | g_autoptr(GUri) uri = g_uri_parse(baseurl, G_URI_FLAGS_NONE, NULL);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
librepo-1.17.1/librepo/handle.c:909:18: note: ‘baseurl’ was declared here
# 909 | const gchar *baseurl;
# | ^~~~~~~
# 916| assert(baseurl);
# 917|
# 918|-> g_autoptr(GUri) uri = g_uri_parse(baseurl, G_URI_FLAGS_NONE, NULL);
# 919| if (uri == NULL) {
# 920| return FALSE;
Error: GCC_ANALYZER_WARNING (CWE-775):
librepo-1.17.1/librepo/handle.c: scope_hint: In function ‘lr_handle_prepare_mirrorlist’
librepo-1.17.1/librepo/handle.c:1020:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(lr_pathconcat(localpath, "mirrorlist", 0), 0)’
/usr/include/glib-2.0/glib.h:64: included_from: Included from here.
librepo-1.17.1/librepo/handle.c:1019:13: note: in expansion of macro ‘g_debug’
# 1018| if (g_file_test(path, G_FILE_TEST_IS_REGULAR)) {
# 1019| g_debug("%s: Local mirrorlist found at %s", __func__, path);
# 1020|-> fd = open(path, O_RDONLY);
# 1021| if (fd < 0) {
# 1022| g_set_error(err, LR_HANDLE_ERROR, LRE_IO,
Error: GCC_ANALYZER_WARNING (CWE-775):
librepo-1.17.1/librepo/handle.c: scope_hint: In function ‘lr_handle_prepare_metalink’
librepo-1.17.1/librepo/handle.c:1135:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(lr_pathconcat(localpath, "metalink.xml", 0), 0)’
librepo-1.17.1/librepo/handle.c:1134:13: note: in expansion of macro ‘g_debug’
# 1133| if (g_file_test(path, G_FILE_TEST_IS_REGULAR)) {
# 1134| g_debug("%s: Local metalink.xml found at %s", __func__, path);
# 1135|-> fd = open(path, O_RDONLY);
# 1136| if (fd < 0) {
# 1137| g_set_error(err, LR_HANDLE_ERROR, LRE_IO,
Error: GCC_ANALYZER_WARNING (CWE-476):
librepo-1.17.1/librepo/metadata_downloader.c: scope_hint: In function ‘appendFdValue’
librepo-1.17.1/librepo/metadata_downloader.c:154:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘fd_allocated’
# 152| {
# 153| int *fd_allocated = malloc(sizeof(int));
# 154|-> *fd_allocated = fd;
# 155| fd_list = g_slist_append(fd_list, fd_allocated);
# 156| return fd_list;
Error: GCC_ANALYZER_WARNING (CWE-775):
librepo-1.17.1/librepo/package_downloader.c: scope_hint: In function ‘lr_download_packages’
librepo-1.17.1/librepo/package_downloader.c:310:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(*packagetarget.local_path, 0)’
# 308| * completely downloaded, then the download is going to fail.
# 309| */
# 310|-> int fd_r = open(packagetarget->local_path, O_RDONLY);
# 311| if (fd_r != -1) {
# 312| gboolean matches;
Error: GCC_ANALYZER_WARNING (CWE-775):
librepo-1.17.1/librepo/package_downloader.c: scope_hint: In function ‘lr_check_packages’
librepo-1.17.1/librepo/package_downloader.c:568:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(*packagetarget.local_path, 0)’
/usr/include/glib-2.0/glib/gmain.h:28: included_from: Included from here.
/usr/include/glib-2.0/glib/giochannel.h:35: included_from: Included from here.
/usr/include/glib-2.0/glib.h:56: included_from: Included from here.
librepo-1.17.1/librepo/package_downloader.c:22: included_from: Included from here.
librepo-1.17.1/librepo/package_downloader.c:511:47: note: in expansion of macro ‘g_slist_next’
# 566| if (g_access(packagetarget->local_path, R_OK) == 0) {
# 567| // If the file exists check its checksum
# 568|-> int fd_r = open(packagetarget->local_path, O_RDONLY);
# 569| if (fd_r != -1) {
# 570| // File was successfully opened
Error: COMPILER_WARNING (CWE-1164):
librepo-1.17.1/librepo/python/globalstate-py.h:60:1: warning[-Wunused-function]: ‘gil_logger_hack_begin’ defined but not used
# 60 | gil_logger_hack_begin(PyThreadState **state)
# | ^~~~~~~~~~~~~~~~~~~~~
# 58|
# 59| static int
# 60|-> gil_logger_hack_begin(PyThreadState **state)
# 61| {
# 62| int ret = GIL_HACK_DO_NOT_CLEAR;
Error: COMPILER_WARNING (CWE-1164):
librepo-1.17.1/librepo/python/librepomodule.c:35: included_from: Included from here.
librepo-1.17.1/librepo/python/globalstate-py.h:84:1: warning[-Wunused-function]: ‘gil_logger_hack_end’ defined but not used
# 84 | gil_logger_hack_end(int hack_begin_rc)
# | ^~~~~~~~~~~~~~~~~~~
# 82|
# 83| static gboolean
# 84|-> gil_logger_hack_end(int hack_begin_rc)
# 85| {
# 86| int ret;
Error: GCC_ANALYZER_WARNING (CWE-476):
librepo-1.17.1/librepo/yum.c: scope_hint: In function ‘cbdata_new’
librepo-1.17.1/librepo/yum.c:274:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘data’
librepo-1.17.1/librepo/yum.c:27: included_from: Included from here.
# 272| {
# 273| CbData *data = calloc(1, sizeof(*data));
# 274|-> data->userdata = userdata;
# 275| data->cbdata = cbdata;
# 276| data->progresscb = progresscb;
Error: GCC_ANALYZER_WARNING (CWE-775):
librepo-1.17.1/librepo/yum.c: scope_hint: In function ‘lr_yum_use_local_load_base’
librepo-1.17.1/librepo/yum.c:1151:10: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(lr_pathconcat(baseurl, "repodata/repomd.xml", 0), 0)’
# 1149| // Open repomd.xml
# 1150| path = lr_pathconcat(baseurl, "repodata/repomd.xml", NULL);
# 1151|-> fd = open(path, O_RDONLY);
# 1152| if (fd < 0) {
# 1153| g_debug("%s: open(%s): %s", __func__, path, g_strerror(errno));
Error: CLANG_WARNING:
librepo-1.17.1/tests/fixtures.c:23:12: warning[deadcode.DeadStores]: Value stored to 'level' during its initialization is never read
# 21| time_t rawtime;
# 22| char buffer[255];
# 23|-> gchar *level = "";
# 24|
# 25| switch(log_level) {