Newly introduced findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c: scope_hint: In function ‘Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateMLKEMKeyPair’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c:545:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘keyPair’
#  543|   
#  544|   finish:
#  545|->     return keyPair;
#  546|   #else
#  547|       return NULL;

Error: COMPILER_WARNING (CWE-457): [#def2]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c: scope_hint: In function ‘Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateMLKEMKeyPair’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c:545:12: warning[-Wmaybe-uninitialized]: ‘keyPair’ may be used uninitialized
#  545 |     return keyPair;
#      |            ^~~~~~~
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c:536:13: note: ‘keyPair’ was declared here
#  536 |     jobject keyPair=NULL;
#      |             ^~~~~~~
#  543|   
#  544|   finish:
#  545|->     return keyPair;
#  546|   #else
#  547|       return NULL;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def3]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c: scope_hint: In function ‘Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateMLKEMKeyPairWithOpFlags’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c:586:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘keyPair’
cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
#  584|   
#  585|   finish:
#  586|->     return keyPair;
#  587|   #else
#  588|       return NULL;

Error: COMPILER_WARNING (CWE-457): [#def4]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c: scope_hint: In function ‘Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateMLKEMKeyPairWithOpFlags’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c:586:12: warning[-Wmaybe-uninitialized]: ‘keyPair’ may be used uninitialized
#  586 |     return keyPair;
#      |            ^~~~~~~
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c:575:13: note: ‘keyPair’ was declared here
#  575 |     jobject keyPair=NULL;
#      |             ^~~~~~~
cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
#  584|   
#  585|   finish:
#  586|->     return keyPair;
#  587|   #else
#  588|       return NULL;

Scan Properties

analyzer-version-clippy	1.94.0
analyzer-version-cppcheck	2.20.0
analyzer-version-gcc	16.0.1
analyzer-version-gcc-analyzer	16.0.1
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.94.0
diffbase-analyzer-version-cppcheck	2.20.0
diffbase-analyzer-version-gcc	16.0.1
diffbase-analyzer-version-gcc-analyzer	16.0.1
diffbase-analyzer-version-shellcheck	0.11.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-96.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20260308.181716.g94c371b.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	jss-5.10.0~alpha1-1.20260319170624677752.master.78.gc527e376
diffbase-store-results-to	/tmp/tmpnz2m129q/jss-5.10.0~alpha1-1.20260319170624677752.master.78.gc527e376.tar.xz
diffbase-time-created	2026-03-19 18:08:42
diffbase-time-finished	2026-03-19 18:13:34
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,clippy,cppcheck,shellcheck,gcc' '-o' '/tmp/tmpnz2m129q/jss-5.10.0~alpha1-1.20260319170624677752.master.78.gc527e376.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmpnz2m129q/jss-5.10.0~alpha1-1.20260319170624677752.master.78.gc527e376.src.rpm'
diffbase-tool-version	csmock-3.8.4.20260302.153719.g8203630-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-96.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20260308.181716.g94c371b.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	jss-5.10.0~alpha1-1.20260319175430156298.pr1079.81.gf758faf4
store-results-to	/tmp/tmpcbzo6ry2/jss-5.10.0~alpha1-1.20260319175430156298.pr1079.81.gf758faf4.tar.xz
time-created	2026-03-19 18:13:54
time-finished	2026-03-19 18:17:42
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,clippy,cppcheck,shellcheck,gcc' '-o' '/tmp/tmpcbzo6ry2/jss-5.10.0~alpha1-1.20260319175430156298.pr1079.81.gf758faf4.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmpcbzo6ry2/jss-5.10.0~alpha1-1.20260319175430156298.pr1079.81.gf758faf4.src.rpm'
tool-version	csmock-3.8.4.20260302.153719.g8203630-1.el9