jss-5.10.0~alpha1-1.20260319170624677752.master.78.gc527e376

List of Findings

Error: CPPCHECK_WARNING (CWE-401): [#def1]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/PK11Finder.c:1969: error[memleak]: Memory leak: derCert
# 1967|   
# 1968|       if (cert == NULL) {
# 1969|->         return NULL;
# 1970|       }
# 1971|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def2]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/PK11Finder.c: scope_hint: In function ‘Java_org_mozilla_jss_CryptoManager_importDERCertNative’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/PK11Finder.c:1976:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘derCert’
cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
# 1974|       }
# 1975|   
# 1976|->     derCert->type = siDERCertBuffer;
# 1977|       if (!JSS_RefByteArray(env, cert, (signed char **)&derCert->data, &derCertLen)) {
# 1978|           return NULL;

Error: CPPCHECK_WARNING (CWE-401): [#def3]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/PK11Finder.c:1978: error[memleak]: Memory leak: derCert
# 1976|       derCert->type = siDERCertBuffer;
# 1977|       if (!JSS_RefByteArray(env, cert, (signed char **)&derCert->data, &derCertLen)) {
# 1978|->         return NULL;
# 1979|       }
# 1980|   

Error: CPPCHECK_WARNING (CWE-476): [#def4]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/JSSOAEPParameterSpec.c:114: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: oaep_params
#  112|   
#  113|       oaep_params = calloc(1, sizeof(CK_RSA_PKCS_OAEP_PARAMS));
#  114|->     oaep_params->hashAlg = hashAlg;
#  115|       oaep_params->mgf = mgf;
#  116|       oaep_params->source = source;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def5]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/JSSOAEPParameterSpec.c: scope_hint: In function ‘Java_org_mozilla_jss_crypto_JSSOAEPParameterSpec_acquireNativeResources’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/JSSOAEPParameterSpec.c:114:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘oaep_params’
cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
#  112|   
#  113|       oaep_params = calloc(1, sizeof(CK_RSA_PKCS_OAEP_PARAMS));
#  114|->     oaep_params->hashAlg = hashAlg;
#  115|       oaep_params->mgf = mgf;
#  116|       oaep_params->source = source;

Error: CPPCHECK_WARNING (CWE-476): [#def6]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/JSSOAEPParameterSpec.c:115: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: oaep_params
#  113|       oaep_params = calloc(1, sizeof(CK_RSA_PKCS_OAEP_PARAMS));
#  114|       oaep_params->hashAlg = hashAlg;
#  115|->     oaep_params->mgf = mgf;
#  116|       oaep_params->source = source;
#  117|       oaep_params->pSourceData = pSourceData;

Error: CPPCHECK_WARNING (CWE-476): [#def7]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/JSSOAEPParameterSpec.c:116: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: oaep_params
#  114|       oaep_params->hashAlg = hashAlg;
#  115|       oaep_params->mgf = mgf;
#  116|->     oaep_params->source = source;
#  117|       oaep_params->pSourceData = pSourceData;
#  118|       oaep_params->ulSourceDataLen = ulSourceDataLen;

Error: CPPCHECK_WARNING (CWE-476): [#def8]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/JSSOAEPParameterSpec.c:117: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: oaep_params
#  115|       oaep_params->mgf = mgf;
#  116|       oaep_params->source = source;
#  117|->     oaep_params->pSourceData = pSourceData;
#  118|       oaep_params->ulSourceDataLen = ulSourceDataLen;
#  119|   

Error: CPPCHECK_WARNING (CWE-476): [#def9]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/JSSOAEPParameterSpec.c:118: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: oaep_params
#  116|       oaep_params->source = source;
#  117|       oaep_params->pSourceData = pSourceData;
#  118|->     oaep_params->ulSourceDataLen = ulSourceDataLen;
#  119|   
#  120|       params_obj = JSS_PR_wrapStaticVoidPointer(env, (void **)&oaep_params);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def10]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c: scope_hint: In function ‘kbkdf_WrapDataParam’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:85:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘param’
#   83|       }
#   84|   
#   85|->     param->type = (CK_PRF_DATA_TYPE)((*env)->GetLongField(env, this, field_id));
#   86|       param->pValue = ptr;
#   87|       param->ulValueLen = ptr_length;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def11]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:101:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘param’ where non-null expected
/usr/include/nss3/secport.h:42: included_from: Included from here.
/usr/include/nss3/seccomon.h:27: included_from: Included from here.
/usr/include/nss3/nss.h:34: included_from: Included from here.
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:1: included_from: Included from here.
/usr/include/string.h:65:14: note: argument 1 of ‘memset’ must be non-null
#   99|   
#  100|   failure:
#  101|->     memset(param, 0, param_length);
#  102|       free(param);
#  103|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def12]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c: scope_hint: In function ‘Java_org_mozilla_jss_crypto_KBKDFDerivedKey_acquireNativeResourcesInternal’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:515:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘attrs’
#  513|           }
#  514|   
#  515|->         attrs[offset] = *attr;
#  516|       }
#  517|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def13]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c: scope_hint: In function ‘kbkdf_GetDataParameters’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:701:32: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘data_params’
#  699|           PR_ASSERT(this_param_size == sizeof(CK_PRF_DATA_PARAM));
#  700|   
#  701|->         (*data_params)[offset] = *this_param;
#  702|       }
#  703|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def14]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c: scope_hint: In function ‘kbkdf_GetAdditionalDerivedKeys’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:749:36: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘additional_keys’
#  747|           PR_ASSERT(this_key_size == sizeof(CK_DERIVED_KEY));
#  748|   
#  749|->         (*additional_keys)[offset] = *this_key;
#  750|       }
#  751|   

Error: CPPCHECK_WARNING (CWE-476): [#def15]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:828: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: kdf_params
#  826|       kdf_params = calloc(1, sizeof(CK_SP800_108_KDF_PARAMS));
#  827|   
#  828|->     kdf_params->prfType = prf_type;
#  829|       kdf_params->ulNumberOfDataParams = num_data_params;
#  830|       kdf_params->pDataParams = data_params;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def16]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c: scope_hint: In function ‘Java_org_mozilla_jss_crypto_KBKDFCounterParams_acquireNativeResourcesInternal’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:828:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘kdf_params’
#  826|       kdf_params = calloc(1, sizeof(CK_SP800_108_KDF_PARAMS));
#  827|   
#  828|->     kdf_params->prfType = prf_type;
#  829|       kdf_params->ulNumberOfDataParams = num_data_params;
#  830|       kdf_params->pDataParams = data_params;

Error: CPPCHECK_WARNING (CWE-476): [#def17]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:829: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: kdf_params
#  827|   
#  828|       kdf_params->prfType = prf_type;
#  829|->     kdf_params->ulNumberOfDataParams = num_data_params;
#  830|       kdf_params->pDataParams = data_params;
#  831|       kdf_params->ulAdditionalDerivedKeys = num_additional_keys;

Error: CPPCHECK_WARNING (CWE-476): [#def18]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:830: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: kdf_params
#  828|       kdf_params->prfType = prf_type;
#  829|       kdf_params->ulNumberOfDataParams = num_data_params;
#  830|->     kdf_params->pDataParams = data_params;
#  831|       kdf_params->ulAdditionalDerivedKeys = num_additional_keys;
#  832|       kdf_params->pAdditionalDerivedKeys = additional_keys;

Error: CPPCHECK_WARNING (CWE-476): [#def19]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:831: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: kdf_params
#  829|       kdf_params->ulNumberOfDataParams = num_data_params;
#  830|       kdf_params->pDataParams = data_params;
#  831|->     kdf_params->ulAdditionalDerivedKeys = num_additional_keys;
#  832|       kdf_params->pAdditionalDerivedKeys = additional_keys;
#  833|   

Error: CPPCHECK_WARNING (CWE-476): [#def20]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:832: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: kdf_params
#  830|       kdf_params->pDataParams = data_params;
#  831|       kdf_params->ulAdditionalDerivedKeys = num_additional_keys;
#  832|->     kdf_params->pAdditionalDerivedKeys = additional_keys;
#  833|   
#  834|       /* Place it back into this NativeEnclosure. */

Error: CPPCHECK_WARNING (CWE-476): [#def21]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:943: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: kdf_params
#  941|       kdf_params = calloc(1, sizeof(CK_SP800_108_FEEDBACK_KDF_PARAMS));
#  942|   
#  943|->     kdf_params->prfType = prf_type;
#  944|       kdf_params->ulNumberOfDataParams = num_data_params;
#  945|       kdf_params->pDataParams = data_params;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def22]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c: scope_hint: In function ‘Java_org_mozilla_jss_crypto_KBKDFFeedbackParams_acquireNativeResourcesInternal’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:943:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘kdf_params’
cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
#  941|       kdf_params = calloc(1, sizeof(CK_SP800_108_FEEDBACK_KDF_PARAMS));
#  942|   
#  943|->     kdf_params->prfType = prf_type;
#  944|       kdf_params->ulNumberOfDataParams = num_data_params;
#  945|       kdf_params->pDataParams = data_params;

Error: CPPCHECK_WARNING (CWE-476): [#def23]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:944: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: kdf_params
#  942|   
#  943|       kdf_params->prfType = prf_type;
#  944|->     kdf_params->ulNumberOfDataParams = num_data_params;
#  945|       kdf_params->pDataParams = data_params;
#  946|       kdf_params->ulAdditionalDerivedKeys = num_additional_keys;

Error: CPPCHECK_WARNING (CWE-476): [#def24]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:945: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: kdf_params
#  943|       kdf_params->prfType = prf_type;
#  944|       kdf_params->ulNumberOfDataParams = num_data_params;
#  945|->     kdf_params->pDataParams = data_params;
#  946|       kdf_params->ulAdditionalDerivedKeys = num_additional_keys;
#  947|       kdf_params->pAdditionalDerivedKeys = additional_keys;

Error: CPPCHECK_WARNING (CWE-476): [#def25]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:946: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: kdf_params
#  944|       kdf_params->ulNumberOfDataParams = num_data_params;
#  945|       kdf_params->pDataParams = data_params;
#  946|->     kdf_params->ulAdditionalDerivedKeys = num_additional_keys;
#  947|       kdf_params->pAdditionalDerivedKeys = additional_keys;
#  948|       kdf_params->ulIVLen = initial_value_length;

Error: CPPCHECK_WARNING (CWE-476): [#def26]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:947: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: kdf_params
#  945|       kdf_params->pDataParams = data_params;
#  946|       kdf_params->ulAdditionalDerivedKeys = num_additional_keys;
#  947|->     kdf_params->pAdditionalDerivedKeys = additional_keys;
#  948|       kdf_params->ulIVLen = initial_value_length;
#  949|       kdf_params->pIV = initial_value;

Error: CPPCHECK_WARNING (CWE-476): [#def27]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:948: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: kdf_params
#  946|       kdf_params->ulAdditionalDerivedKeys = num_additional_keys;
#  947|       kdf_params->pAdditionalDerivedKeys = additional_keys;
#  948|->     kdf_params->ulIVLen = initial_value_length;
#  949|       kdf_params->pIV = initial_value;
#  950|   

Error: CPPCHECK_WARNING (CWE-476): [#def28]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/crypto/KBKDF.c:949: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: kdf_params
#  947|       kdf_params->pAdditionalDerivedKeys = additional_keys;
#  948|       kdf_params->ulIVLen = initial_value_length;
#  949|->     kdf_params->pIV = initial_value;
#  950|   
#  951|       /* Place it back into this NativeEnclosure. */

Error: CPPCHECK_WARNING (CWE-682): [#def29]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/nss/PR.c:177: error[nullPointerArithmeticOutOfMemory]: If memory allocation fails: pointer addition with NULL pointer.
#  175|        * read than expected, when it could read much more. */
#  176|       while (read_amount < amount) {
#  177|->         this_read = PR_Read(real_fd, buffer + read_amount, amount - read_amount);
#  178|           if (this_read <= 0) {
#  179|               if (PR_GetError() == 0) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def30]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11Cert.c: scope_hint: In function ‘JSS_PK11_findCertAndSlotFromNickname’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11Cert.c:307:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘colon’
/usr/include/nss3/seccomon.h:27: included_from: Included from here.
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11Cert.c:9: included_from: Included from here.
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11Cert.c:304:9: note: in expansion of macro ‘PORT_Strchr’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11Cert.c:304:9: note: in expansion of macro ‘PORT_Strchr’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11Cert.c:306:23: note: in expansion of macro ‘PORT_Strchr’
#  305|           char* tokenname = PORT_Strdup(nickname);
#  306|           char* colon = PORT_Strchr(tokenname, ':');
#  307|->         *colon = '\0';
#  308|           *ppSlot = findSlotByTokenNameAndCert(tokenname, cert);
#  309|           PORT_Free(tokenname);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def31]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11Cert.c: scope_hint: In function ‘JSS_PK11_findCertsAndSlotFromNickname’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11Cert.c:347:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘colon’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11Cert.c:343:9: note: in expansion of macro ‘PORT_Strchr’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11Cert.c:343:9: note: in expansion of macro ‘PORT_Strchr’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11Cert.c:345:23: note: in expansion of macro ‘PORT_Strchr’
cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
#  345|           char* colon = PORT_Strchr(tokenname, ':');
#  346|           CERTCertListNode *head = CERT_LIST_HEAD(certList);
#  347|->         *colon = '\0';
#  348|           *ppSlot = findSlotByTokenNameAndCert(tokenname, head->cert);
#  349|           PORT_Free(tokenname);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def32]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c: scope_hint: In function ‘Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateMLDSAKeyPair’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c:463:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘keyPair’
#  461|   
#  462|   finish:
#  463|->     return keyPair;
#  464|   #else
#  465|       return NULL;

Error: COMPILER_WARNING (CWE-457): [#def33]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c: scope_hint: In function ‘Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateMLDSAKeyPair’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c:463:12: warning[-Wmaybe-uninitialized]: ‘keyPair’ may be used uninitialized
#  463 |     return keyPair;
#      |            ^~~~~~~
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c:454:13: note: ‘keyPair’ was declared here
#  454 |     jobject keyPair=NULL;
#      |             ^~~~~~~
#  461|   
#  462|   finish:
#  463|->     return keyPair;
#  464|   #else
#  465|       return NULL;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def34]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c: scope_hint: In function ‘Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateMLDSAKeyPairWithOpFlags’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c:507:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘keyPair’
cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
#  505|   
#  506|   finish:
#  507|->     return keyPair;
#  508|   #else
#  509|       return NULL;

Error: COMPILER_WARNING (CWE-457): [#def35]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c: scope_hint: In function ‘Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateMLDSAKeyPairWithOpFlags’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c:507:12: warning[-Wmaybe-uninitialized]: ‘keyPair’ may be used uninitialized
#  507 |     return keyPair;
#      |            ^~~~~~~
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c:496:13: note: ‘keyPair’ was declared here
#  496 |     jobject keyPair=NULL;
#      |             ^~~~~~~
cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
#  505|   
#  506|   finish:
#  507|->     return keyPair;
#  508|   #else
#  509|       return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def36]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/attrs/CKAttribute.c: scope_hint: In function ‘Java_org_mozilla_jss_pkcs11_attrs_CKAKeyType_acquireNativeResources’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/attrs/CKAttribute.c:28:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
#   26|       this_class = (*env)->GetObjectClass(env, this);
#   27|       if (this_class == NULL) {
#   28|->         goto failure;
#   29|       }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def37]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/attrs/CKAttribute.c: scope_hint: In function ‘JSS_PK11_WrapAttribute’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/attrs/CKAttribute.c:36:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘attr’
#   34|       }
#   35|   
#   36|->     attr->type = (CK_ULONG)((*env)->GetLongField(env, this, field_id));
#   37|       attr->pValue = ptr;
#   38|       attr->ulValueLen = ptr_length;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def38]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/attrs/CKAttribute.c:52:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘attr’ where non-null expected
/usr/include/nss3/secport.h:42: included_from: Included from here.
/usr/include/nss3/seccomon.h:27: included_from: Included from here.
/usr/include/nss3/nss.h:34: included_from: Included from here.
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/attrs/CKAttribute.c:2: included_from: Included from here.
/usr/include/string.h:65:14: note: argument 1 of ‘memset’ must be non-null
#   50|   
#   51|   failure:
#   52|->     memset(attr, 0, sizeof(CK_ATTRIBUTE));
#   53|       free(attr);
#   54|       return PR_FAILURE;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def39]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/attrs/CKAttribute.c: scope_hint: In function ‘Java_org_mozilla_jss_pkcs11_attrs_CKAClass_acquireNativeResources’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/attrs/CKAttribute.c:104:10: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ptr’
#  102|       }
#  103|   
#  104|->     *ptr = (CK_ULONG)((*env)->GetLongField(env, this, field_id));
#  105|   
#  106|       if (JSS_PK11_WrapAttribute(env, this, (void *)ptr, sizeof(*ptr)) == PR_FAILURE) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def40]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/attrs/CKAttribute.c: scope_hint: In function ‘Java_org_mozilla_jss_pkcs11_attrs_CKAKeyType_acquireNativeResources’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/attrs/CKAttribute.c:162:10: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ptr’
#  160|       }
#  161|   
#  162|->     *ptr = (CK_ULONG)((*env)->GetLongField(env, this, field_id));
#  163|   
#  164|       JSS_PK11_WrapAttribute(env, this, (void *)ptr, sizeof(*ptr));

Error: GCC_ANALYZER_WARNING (CWE-476): [#def41]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/attrs/CKAttribute.c: scope_hint: In function ‘Java_org_mozilla_jss_pkcs11_attrs_CKAValueLen_acquireNativeResources’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/pkcs11/attrs/CKAttribute.c:241:10: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ptr’
cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
#  239|       }
#  240|   
#  241|->     *ptr = (CK_ULONG)((*env)->GetLongField(env, this, field_id));
#  242|   
#  243|       if (JSS_PK11_WrapAttribute(env, this, (void *)ptr, sizeof(*ptr)) == PR_FAILURE) {

Error: GCC_ANALYZER_WARNING (CWE-688): [#def42]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/ssl/javax/BufferPRFD.c: scope_hint: In function ‘newBufferPRFileDesc’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/ssl/javax/BufferPRFD.c:348:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘calloc(16, 1)’ where non-null expected
/usr/include/nspr4/nspr.h:26: included_from: Included from here.
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/ssl/javax/BufferPRFD.c:1: included_from: Included from here.
/usr/include/nspr4/prmem.h:65:38: note: in expansion of macro ‘PR_MALLOC’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/ssl/javax/BufferPRFD.c:339:22: note: in expansion of macro ‘PR_NEW’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/ssl/javax/BufferPRFD.c:7: included_from: Included from here.
/usr/include/string.h:47:14: note: argument 1 of ‘memcpy’ must be non-null
cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
#  346|   
#  347|           fd->secret->peer_addr = calloc(16, sizeof(uint8_t));
#  348|->         memcpy(fd->secret->peer_addr, peer_info, len);
#  349|       }
#  350|   

Error: CPPCHECK_WARNING (CWE-476): [#def43]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/ssl/javax/j_buffer.c:9: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: buf
#    7|   j_buffer *jb_alloc(size_t length) {
#    8|       j_buffer *buf = calloc(1, sizeof(j_buffer));
#    9|->     buf->contents = calloc(length, sizeof(uint8_t));
#   10|   
#   11|       buf->capacity = length;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def44]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/ssl/javax/j_buffer.c: scope_hint: In function ‘jb_alloc’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/ssl/javax/j_buffer.c:9:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘buf’
cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
#    7|   j_buffer *jb_alloc(size_t length) {
#    8|       j_buffer *buf = calloc(1, sizeof(j_buffer));
#    9|->     buf->contents = calloc(length, sizeof(uint8_t));
#   10|   
#   11|       buf->capacity = length;

Error: CPPCHECK_WARNING (CWE-476): [#def45]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/ssl/javax/j_buffer.c:11: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: buf
#    9|       buf->contents = calloc(length, sizeof(uint8_t));
#   10|   
#   11|->     buf->capacity = length;
#   12|   
#   13|       // In the beginning, we can only write, not read. Hence, set our read_pos

Error: CPPCHECK_WARNING (CWE-476): [#def46]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/ssl/javax/j_buffer.c:15: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: buf
#   13|       // In the beginning, we can only write, not read. Hence, set our read_pos
#   14|       // to the sentinel value, buf->capacity.
#   15|->     buf->write_pos = 0;
#   16|       buf->read_pos = length;
#   17|   

Error: CPPCHECK_WARNING (CWE-476): [#def47]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/ssl/javax/j_buffer.c:16: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: buf
#   14|       // to the sentinel value, buf->capacity.
#   15|       buf->write_pos = 0;
#   16|->     buf->read_pos = length;
#   17|   
#   18|       return buf;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def48]
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/util/jssutil.c: scope_hint: In function ‘JSS_FromByteArray’
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/util/jssutil.c:709:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*data’ where non-null expected
/usr/include/nss3/secport.h:42: included_from: Included from here.
/usr/include/nss3/seccomon.h:27: included_from: Included from here.
jss-5.10.0~alpha1/native/src/main/native/org/mozilla/jss/util/jssutil.c:8: included_from: Included from here.
/usr/include/string.h:47:14: note: argument 1 of ‘memcpy’ must be non-null
cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
#  707|        * a structure one larger to guarantee C functions work as expected. */
#  708|       *data = calloc(array_length + 1, sizeof(uint8_t));
#  709|->     memcpy(*data, array_data, array_length);
#  710|   
#  711|       // Copy length, if specified

Error: CPPCHECK_WARNING (CWE-476): [#def49]
jss-5.10.0~alpha1/native/src/test/native/org/mozilla/jss/tests/TestBufferPRFDSSL.c:361: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: buf
#  359|       char *server_message = "like a pound of bacon";
#  360|   
#  361|->     memcpy(buf, client_message, strlen(client_message));
#  362|       PRInt32 ret = PR_Write(c_nspr, buf, strlen(buf));
#  363|       if (ret < 0) {

Error: GCC_ANALYZER_WARNING (CWE-688): [#def50]
jss-5.10.0~alpha1/native/src/test/native/org/mozilla/jss/tests/TestBufferPRFDSSL.c: scope_hint: In function ‘main’
jss-5.10.0~alpha1/native/src/test/native/org/mozilla/jss/tests/TestBufferPRFDSSL.c:361:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘buf’ where non-null expected
jss-5.10.0~alpha1/redhat-linux-build/include/jss/BufferPRFD.h:7: included_from: Included from here.
jss-5.10.0~alpha1/native/src/test/native/org/mozilla/jss/tests/TestBufferPRFDSSL.c:11: included_from: Included from here.
/usr/include/string.h:47:14: note: argument 1 of ‘memcpy’ must be non-null
cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
#  359|       char *server_message = "like a pound of bacon";
#  360|   
#  361|->     memcpy(buf, client_message, strlen(client_message));
#  362|       PRInt32 ret = PR_Write(c_nspr, buf, strlen(buf));
#  363|       if (ret < 0) {

Error: CPPCHECK_WARNING (CWE-476): [#def51]
jss-5.10.0~alpha1/native/src/test/native/org/mozilla/jss/tests/TestBufferPRFDSSL.c:362: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: buf
#  360|   
#  361|       memcpy(buf, client_message, strlen(client_message));
#  362|->     PRInt32 ret = PR_Write(c_nspr, buf, strlen(buf));
#  363|       if (ret < 0) {
#  364|           const PRErrorCode err = PR_GetError();

Error: COMPILER_WARNING (CWE-674): [#def52]
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SessionKey.cpp: scope_hint: In function ‘JSS_PK11_wrapSymKey(JNIEnv_*, PK11SymKeyStr**)’
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SessionKey.cpp:120:1: warning[-Winfinite-recursion]: infinite recursion detected
#  120 | JSS_PK11_wrapSymKey(JNIEnv *env, PK11SymKey **symKey)
#      | ^~~~~~~~~~~~~~~~~~~
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SessionKey.cpp:124:31: note: recursive call
#  124 |     return JSS_PK11_wrapSymKey(env, symKey);
#      |            ~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
#  118|    */
#  119|   jobject
#  120|-> JSS_PK11_wrapSymKey(JNIEnv *env, PK11SymKey **symKey)
#  121|   {
#  122|   //    return JSS_PK11_wrapSymKey(env, symKey, NULL);

Error: COMPILER_WARNING: [#def53]
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SessionKey.cpp: scope_hint: In function ‘Java_org_mozilla_jss_symkey_SessionKey_ComputeSessionKeySCP02’
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SessionKey.cpp:857:16: warning[-Wstringop-truncation]: ‘strncpy’ specified bound 135 equals destination size
#  857 |         strncpy(keyname,keyNameChars,KEYNAMELENGTH);
#      |                ^
#  855|       {
#  856|           keyNameChars = (char *)(env)->GetStringUTFChars(keyName, NULL);
#  857|->         strncpy(keyname,keyNameChars,KEYNAMELENGTH);
#  858|           (env)->ReleaseStringUTFChars(keyName, (const char *)keyNameChars);
#  859|       }else

Error: COMPILER_WARNING: [#def54]
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SessionKey.cpp: scope_hint: In function ‘Java_org_mozilla_jss_symkey_SessionKey_ComputeSessionKey’
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SessionKey.cpp:1317:16: warning[-Wstringop-truncation]: ‘strncpy’ specified bound 135 equals destination size
# 1317 |         strncpy(keyname,keyNameChars,KEYNAMELENGTH);
#      |                ^
# 1315|       {
# 1316|           keyNameChars = (char *)(env)->GetStringUTFChars(keyName, NULL);
# 1317|->         strncpy(keyname,keyNameChars,KEYNAMELENGTH);
# 1318|           (env)->ReleaseStringUTFChars(keyName, (const char *)keyNameChars);
# 1319|       }else

Error: COMPILER_WARNING: [#def55]
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SessionKey.cpp: scope_hint: In function ‘Java_org_mozilla_jss_symkey_SessionKey_ComputeEncSessionKey’
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SessionKey.cpp:1718:16: warning[-Wstringop-truncation]: ‘strncpy’ specified bound 135 equals destination size
# 1718 |         strncpy(keyname,keyNameChars,KEYNAMELENGTH);
#      |                ^
# 1716|       {
# 1717|           keyNameChars = (char *)(env)->GetStringUTFChars(keyName, NULL);
# 1718|->         strncpy(keyname,keyNameChars,KEYNAMELENGTH);
# 1719|           (env)->ReleaseStringUTFChars(keyName, (const char *)keyNameChars);
# 1720|       }

Error: COMPILER_WARNING: [#def56]
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SymKey.cpp: scope_hint: In function ‘_jstring* Java_org_mozilla_jss_symkey_SessionKey_DeleteKey(JNIEnv*, jclass, jstring, jstring)’
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SymKey.cpp:298:17: warning[-Wunused-but-set-variable=]: variable ‘count’ set but not used
#  298 |     int         count        = 0;
#      |                 ^~~~~
#  296|       char *tokenNameChars;
#  297|       char *keyNameChars;
#  298|->     int         count        = 0;
#  299|       int         keys_deleted = 0;
#  300|       PK11SymKey *symKey       = NULL;

Error: CPPCHECK_WARNING (CWE-476): [#def57]
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SymKey.cpp:313: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: result
#  311|       char *result= (char *)malloc(1);
#  312|   
#  313|->     result[0] = '\0';
#  314|       if( tokenNameChars == NULL || keyNameChars==NULL)
#  315|       {

Error: CPPCHECK_WARNING (CWE-476): [#def58]
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SymKey.cpp:401: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: result
#  399|   
#  400|       result = (char *) malloc(1);
#  401|->     result[0] = '\0';
#  402|   
#  403|       if (tokenName) {

Error: COMPILER_WARNING: [#def59]
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SymKey.cpp: scope_hint: In function ‘_jstring* Java_org_mozilla_jss_symkey_SessionKey_ListSymmetricKeys(JNIEnv*, jclass, jstring)’
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SymKey.cpp:427:14: warning[-Wunused-but-set-variable=]: variable ‘count’ set but not used
#  427 |         int  count = 0;
#      |              ^~~~~
#  425|       while (symKey != NULL)
#  426|       {
#  427|->         int  count = 0;
#  428|           char *name = NULL;
#  429|           char *temp = NULL;

Error: CPPCHECK_WARNING (CWE-476): [#def60]
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SymKey.cpp:433: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: result
#  431|           temp = result;
#  432|           result = (char*)malloc( strlen(name) + strlen(temp) + 2 );
#  433|->         result[0]='\0';
#  434|           strcat(result, temp);
#  435|           strcat(result, ",");

Error: CPPCHECK_WARNING (CWE-476): [#def61]
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SymKey.cpp:434: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: result
#  432|           result = (char*)malloc( strlen(name) + strlen(temp) + 2 );
#  433|           result[0]='\0';
#  434|->         strcat(result, temp);
#  435|           strcat(result, ",");
#  436|           strcat(result, name);

Error: CPPCHECK_WARNING (CWE-476): [#def62]
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SymKey.cpp:435: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: result
#  433|           result[0]='\0';
#  434|           strcat(result, temp);
#  435|->         strcat(result, ",");
#  436|           strcat(result, name);
#  437|           free(temp);

Error: CPPCHECK_WARNING (CWE-476): [#def63]
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SymKey.cpp:436: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: result
#  434|           strcat(result, temp);
#  435|           strcat(result, ",");
#  436|->         strcat(result, name);
#  437|           free(temp);
#  438|   

Error: CPPCHECK_WARNING (CWE-476): [#def64]
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SymKey.cpp:553: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: keyData
#  551|       for (i = 0;i < keysize; i++)
#  552|       {
#  553|->         keyData[i] = 0x0;
#  554|       }
#  555|   

Error: COMPILER_WARNING: [#def65]
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SymKey.cpp: scope_hint: In function ‘GetSharedSecretKeyName(char*)’
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SymKey.cpp:1087:19: warning[-Wstringop-truncation]: ‘strncpy’ specified bound 135 equals destination size
# 1087 |            strncpy( sharedSecretSymKeyName, newKeyName, KEYNAMELENGTH);
#      |                   ^
# 1085|       if ( newKeyName && strlen( newKeyName ) > 0 ) {
# 1086|          if( strlen( sharedSecretSymKeyName) == 0) {
# 1087|->            strncpy( sharedSecretSymKeyName, newKeyName, KEYNAMELENGTH);
# 1088|          }
# 1089|       }

Error: COMPILER_WARNING (CWE-697): [#def66]
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SymKey.cpp: scope_hint: In function ‘_jbyteArray* Java_org_mozilla_jss_symkey_SessionKey_DiversifyKey(JNIEnv*, jclass, jstring, jstring, jstring, jstring, jbyteArray, jbyteArray, jbyte, jboolean, jbyteArray, jbyteArray, jbyteArray, jstring, jstring, jbyte)’
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SymKey.cpp:1457:30: warning[-Waddress]: the address of ‘fullNewMasterKeyName’ will never be NULL
# 1457 |     if (fullNewMasterKeyName != NULL && strcmp(fullNewMasterKeyName, "#01#01") == 0)
#      |                              ^
jss-5.10.0~alpha1/symkey/src/main/native/org/mozilla/jss/symkey/SymKey.cpp:1133:10: note: ‘fullNewMasterKeyName’ declared here
# 1133 |     char fullNewMasterKeyName[KEYNAMELENGTH];
#      |          ^~~~~~~~~~~~~~~~~~~~
# 1455|   
# 1456|       /* special case #01#01 */
# 1457|->     if (fullNewMasterKeyName != NULL && strcmp(fullNewMasterKeyName, "#01#01") == 0)
# 1458|       {
# 1459|           Buffer empty = Buffer();

Error: COMPILER_WARNING: [#def67]
jss-5.10.0~alpha1/tools/src/main/native/p7tool/p7tool.c: scope_hint: In function ‘DecodeAndPrintFile’
jss-5.10.0~alpha1/tools/src/main/native/p7tool/p7tool.c:261:17: warning[-Wunused-but-set-variable=]: variable ‘nb’ set but not used
#  261 |             int nb = 0;
#      |                 ^~
#  259|               FILE *outFile;
#  260|               char filename[256];
#  261|->             int nb = 0;
#  262|   
#  263|               sprintf(filename, "%s%d.der", prefix, i);

Error: COMPILER_WARNING (CWE-704): [#def68]
jss-5.10.0~alpha1/tools/src/main/native/p7tool/p7tool.c: scope_hint: In function ‘main’
jss-5.10.0~alpha1/tools/src/main/native/p7tool/p7tool.c:341:16: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  339|   
#  340|         case 'p':
#  341|->         prefix = optstate->value;
#  342|           break;
#  343|   

Error: COMPILER_WARNING (CWE-252): [#def69]
jss-5.10.0~alpha1/tools/src/main/native/p7tool/secpwd.c: scope_hint: In function ‘SEC_GetPassword’
jss-5.10.0~alpha1/tools/src/main/native/p7tool/secpwd.c:69:21: warning[-Wunused-result]: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’
#   69 | #define QUIET_FGETS fgets
#      |                     ^
jss-5.10.0~alpha1/tools/src/main/native/p7tool/secpwd.c:117:9: note: in expansion of macro ‘QUIET_FGETS’
#  117 |         QUIET_FGETS ( phrase, sizeof(phrase), input);
#      |         ^~~~~~~~~~~
#   67|   static char * quiet_fgets (char *buf, int length, FILE *input);
#   68|   #else
#   69|-> #define QUIET_FGETS fgets
#   70|   #endif
#   71|   

Error: COMPILER_WARNING: [#def70]
jss-5.10.0~alpha1/tools/src/main/native/p7tool/secutil.c: scope_hint: In function ‘SECU_ChangePW’
jss-5.10.0~alpha1/tools/src/main/native/p7tool/secutil.c:378:15: warning[-Wunused-but-set-variable=]: variable ‘rv’ set but not used
#  378 |     SECStatus rv;
#      |               ^~
#  376|   SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile)
#  377|   {
#  378|->     SECStatus rv;
#  379|       secuPWData pwdata, newpwdata;
#  380|       char *oldpw = NULL, *newpw = NULL;

Error: COMPILER_WARNING (CWE-477): [#def71]
jss-5.10.0~alpha1/tools/src/main/native/p7tool/secutil.c: scope_hint: In function ‘printflags’
jss-5.10.0~alpha1/tools/src/main/native/p7tool/secutil.c:2153:5: warning[-Wdeprecated-declarations]: ‘__CERTDB_VALID_PEER’ is deprecated: CERTDB_VALID_PEER is now CERTDB_TERMINAL_RECORD
# 2151|   	    !(flags & CERTDB_TRUSTED_CLIENT_CA))
# 2152|   	    PORT_Strcat(trusts, "c");
# 2153|->     if (flags & CERTDB_VALID_PEER)
# 2154|   	if (!(flags & CERTDB_TRUSTED))
# 2155|   	    PORT_Strcat(trusts, "p");

Error: COMPILER_WARNING (CWE-477): [#def72]
jss-5.10.0~alpha1/tools/src/main/native/p7tool/secutil.c: scope_hint: In function ‘printFlags’
jss-5.10.0~alpha1/tools/src/main/native/p7tool/secutil.c:2953:5: warning[-Wdeprecated-declarations]: ‘__CERTDB_VALID_PEER’ is deprecated: CERTDB_VALID_PEER is now CERTDB_TERMINAL_RECORD
# 2951|   printFlags(FILE *out, unsigned int flags, int level)
# 2952|   {
# 2953|->     if ( flags & CERTDB_VALID_PEER ) {
# 2954|   	SECU_Indent(out, level); fprintf(out, "Valid Peer\n");
# 2955|       }

Error: CPPCHECK_WARNING (CWE-476): [#def73]
jss-5.10.0~alpha1/tools/src/main/native/p7tool/secutil.c:3041: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: optstring
# 3039|   
# 3040|       for (i=0; i<cmd->numCommands; i++) {
# 3041|-> 	optstring[j++] = cmd->commands[i].flag;
# 3042|       }
# 3043|       for (i=0; i<cmd->numOptions; i++) {

Error: CPPCHECK_WARNING (CWE-476): [#def74]
jss-5.10.0~alpha1/tools/src/main/native/p7tool/secutil.c:3044: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: optstring
# 3042|       }
# 3043|       for (i=0; i<cmd->numOptions; i++) {
# 3044|-> 	optstring[j++] = cmd->options[i].flag;
# 3045|   	if (cmd->options[i].needsArg)
# 3046|   	    optstring[j++] = ':';

Error: CPPCHECK_WARNING (CWE-476): [#def75]
jss-5.10.0~alpha1/tools/src/main/native/p7tool/secutil.c:3048: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: optstring
# 3046|   	    optstring[j++] = ':';
# 3047|       }
# 3048|->     optstring[j] = '\0';
# 3049|       optstate = PL_CreateOptState(argc, argv, optstring);
# 3050|   

Error: COMPILER_WARNING (CWE-704): [#def76]
jss-5.10.0~alpha1/tools/src/main/native/p7tool/secutil.c: scope_hint: In function ‘SECU_printCertProblems’
jss-5.10.0~alpha1/tools/src/main/native/p7tool/secutil.c:3291:25: warning[-Wpointer-to-int-cast]: cast from pointer to integer of different size
# 3289|   	    switch (node->error) {
# 3290|   	    case SEC_ERROR_INADEQUATE_KEY_USAGE:
# 3291|-> 		flags = (unsigned int)node->arg;
# 3292|   		switch (flags) {
# 3293|   		case KU_DIGITAL_SIGNATURE:

Error: COMPILER_WARNING (CWE-704): [#def77]
jss-5.10.0~alpha1/tools/src/main/native/p7tool/secutil.c:3307:25: warning[-Wpointer-to-int-cast]: cast from pointer to integer of different size
# 3305|   		}
# 3306|   	    case SEC_ERROR_INADEQUATE_CERT_TYPE:
# 3307|-> 		flags = (unsigned int)node->arg;
# 3308|   		switch (flags) {
# 3309|   		case NS_CERT_TYPE_SSL_CLIENT:

Error: COMPILER_WARNING (CWE-704): [#def78]
jss-5.10.0~alpha1/tools/src/main/native/sslget/sslget.c: scope_hint: In function ‘my_GetClientAuthData’
jss-5.10.0~alpha1/tools/src/main/native/sslget/sslget.c:218:59: warning[-Wpointer-to-int-cast]: cast from pointer to integer of different size
#  216|     if (chosenNickName) {
#  217|       cert = PK11_FindCertFromNickname(chosenNickName, proto_win);
#  218|->     FPRINTF(stderr,"   mygetclientauthdata - cert = %x\n",(unsigned int)cert);
#  219|       if ( cert ) {
#  220|         privkey = PK11_FindKeyByAnyCert(cert, proto_win);

Error: COMPILER_WARNING (CWE-704): [#def79]
jss-5.10.0~alpha1/tools/src/main/native/sslget/sslget.c:221:64: warning[-Wpointer-to-int-cast]: cast from pointer to integer of different size
#  219|       if ( cert ) {
#  220|         privkey = PK11_FindKeyByAnyCert(cert, proto_win);
#  221|->       FPRINTF(stderr,"   mygetclientauthdata - privkey = %x\n",(unsigned int)privkey);
#  222|         if ( privkey ) {
#  223|       rv = SECSuccess;

Error: COMPILER_WARNING: [#def80]
jss-5.10.0~alpha1/tools/src/main/native/sslget/sslget.c: scope_hint: In function ‘do_connect’
jss-5.10.0~alpha1/tools/src/main/native/sslget/sslget.c:485:25: warning[-Wunused-but-set-variable=]: variable ‘result’ set but not used
#  485 |     SECStatus           result;
#      |                         ^~~~~~
#  483|       PRFileDesc *        tcp_sock;
#  484|       PRStatus            prStatus;
#  485|->     SECStatus           result;
#  486|       int                 rv = SECSuccess;
#  487|       PRSocketOptionData  opt;

Error: COMPILER_WARNING (CWE-1164): [#def81]
jss-5.10.0~alpha1/tools/src/main/native/sslget/sslget.c: scope_hint: At top level
jss-5.10.0~alpha1/tools/src/main/native/sslget/sslget.c:548:1: warning[-Wunused-function]: ‘getIPAddress’ defined but not used
#  548 | getIPAddress(const char * hostName)
#      | ^~~~~~~~~~~~
#  546|   */
#  547|   static PRUint32
#  548|-> getIPAddress(const char * hostName) 
#  549|   {
#  550|       const unsigned char *p;

Scan Properties