Newly introduced findings

List of Findings

Error: CPPCHECK_WARNING (CWE-401): [#def1]
crun-HEAD/libocispec/src/ocispec/basic_test_map_string_string_array.c:166: error[memleak]: Memory leak: ret
#  164|         ret->maps = calloc (src->maps_len + 1, sizeof (*ret->maps));
#  165|         if (ret->maps == NULL)
#  166|->         return NULL;
#  167|         for (size_t i = 0; i < src->maps_len; i++)
#  168|           {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
crun-HEAD/libocispec/src/ocispec/image_spec_schema_content_descriptor.c: scope_hint: In function 'make_image_spec_schema_content_descriptor'
crun-HEAD/libocispec/src/ocispec/image_spec_schema_content_descriptor.c:83:16: warning[-Wanalyzer-malloc-leak]: leak of 'strdup(<unknown>)'
#   81|               const char *str = json_object_get_string (val);
#   82|               ret->urls[i] = strdup (str ? str : "");
#   83|->             if (ret->urls[i] == NULL)
#   84|                 return NULL;
#   85|             }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def3]
crun-HEAD/libocispec/src/ocispec/image_spec_schema_image_index_schema.c: scope_hint: In function 'make_image_spec_schema_image_index_schema_manifests_element'
crun-HEAD/libocispec/src/ocispec/image_spec_schema_image_index_schema.c:400:16: warning[-Wanalyzer-malloc-leak]: leak of 'strdup(<unknown>)'
#  398|               const char *str = json_object_get_string (val);
#  399|               ret->urls[i] = strdup (str ? str : "");
#  400|->             if (ret->urls[i] == NULL)
#  401|                 return NULL;
#  402|             }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
crun-HEAD/libocispec/src/ocispec/json_common.c: scope_hint: In function 'free_json_map_string_int64.part.0'
crun-HEAD/libocispec/src/ocispec/json_common.c:1508:7: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
/usr/include/json-c/json.h:27: included_from: Included from here.
crun-HEAD/libocispec/src/ocispec/json_common.h:9: included_from: Included from here.
crun-HEAD/libocispec/src/ocispec/json_common.c:6: included_from: Included from here.
crun-HEAD/libocispec/src/ocispec/json_common.c: scope_hint: In function 'free_json_map_string_int64.part.0'
crun-HEAD/libocispec/src/ocispec/json_common.c:1516:1: note: in expansion of macro 'define_cleaner_function'
crun-HEAD/libocispec/src/ocispec/json_common.c: scope_hint: In function 'free_json_map_string_int64.part.0'
crun-HEAD/libocispec/src/ocispec/json_common.h:41:7: note: in definition of macro 'define_cleaner_function'
crun-HEAD/libocispec/src/ocispec/json_common.c: scope_hint: In function 'free_json_map_string_int64.part.0'
# 1506|             map->keys[i] = NULL;
# 1507|           }
# 1508|->       free (map->keys);
# 1509|         map->keys = NULL;
# 1510|         free (map->values);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
crun-HEAD/libocispec/src/ocispec/runtime_spec_schema_config_linux.c: scope_hint: In function 'make_runtime_spec_schema_config_linux_seccomp'
crun-HEAD/libocispec/src/ocispec/runtime_spec_schema_config_linux.c:2568:16: warning[-Wanalyzer-malloc-leak]: leak of 'strdup(<unknown>)'
# 2566|               const char *str = json_object_get_string (val);
# 2567|               ret->flags[i] = strdup (str ? str : "");
# 2568|->             if (ret->flags[i] == NULL)
# 2569|                 return NULL;
# 2570|             }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
crun-HEAD/libocispec/src/ocispec/runtime_spec_schema_config_linux.c:2614:16: warning[-Wanalyzer-malloc-leak]: leak of 'strdup(<unknown>)'
# 2612|               const char *str = json_object_get_string (val);
# 2613|               ret->architectures[i] = strdup (str ? str : "");
# 2614|->             if (ret->architectures[i] == NULL)
# 2615|                 return NULL;
# 2616|             }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def7]
crun-HEAD/libocispec/src/ocispec/runtime_spec_schema_config_schema.c: scope_hint: In function 'make_runtime_spec_schema_config_schema_process_scheduler'
crun-HEAD/libocispec/src/ocispec/runtime_spec_schema_config_schema.c:1935:16: warning[-Wanalyzer-malloc-leak]: leak of 'strdup(<unknown>)'
# 1933|               const char *str = json_object_get_string (val);
# 1934|               ret->flags[i] = strdup (str ? str : "");
# 1935|->             if (ret->flags[i] == NULL)
# 1936|                 return NULL;
# 1937|             }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
crun-HEAD/libocispec/src/ocispec/runtime_spec_schema_config_vm.c: scope_hint: In function 'make_runtime_spec_schema_config_vm_hw_config'
crun-HEAD/libocispec/src/ocispec/runtime_spec_schema_config_vm.c:728:16: warning[-Wanalyzer-malloc-leak]: leak of 'strdup(<unknown>)'
#  726|               const char *str = json_object_get_string (val);
#  727|               ret->dtdevs[i] = strdup (str ? str : "");
#  728|->             if (ret->dtdevs[i] == NULL)
#  729|                 return NULL;
#  730|             }

Error: GCC_ANALYZER_WARNING (CWE-457): [#def9]
crun-HEAD/src/libcrun/error.c: scope_hint: In function 'make_json_error'
crun-HEAD/src/libcrun/error.c:413:3: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'level'
#  411|   
#  412|     json_gen_string (gen, "level", strlen ("level"));
#  413|->   json_gen_string (gen, level, strlen (level));
#  414|   
#  415|     json_gen_string (gen, "time", strlen ("time"));

Scan Properties

analyzer-version-clippy	1.95.0
analyzer-version-cppcheck	2.20.0
analyzer-version-gcc	16.1.1
analyzer-version-gcc-analyzer	16.1.1
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.95.0
diffbase-analyzer-version-cppcheck	2.20.0
diffbase-analyzer-version-gcc	16.1.1
diffbase-analyzer-version-gcc-analyzer	16.1.1
diffbase-analyzer-version-shellcheck	0.11.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-129.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20260420.180315.gd39a405.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	crun-1.27.1-1.20260507084651063521.main.20.gf658a6d0
diffbase-store-results-to	/tmp/tmpaiu1h2ds/crun-1.27.1-1.20260507084651063521.main.20.gf658a6d0.tar.xz
diffbase-time-created	2026-05-07 13:23:27
diffbase-time-finished	2026-05-07 13:27:16
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'cppcheck,shellcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmpaiu1h2ds/crun-1.27.1-1.20260507084651063521.main.20.gf658a6d0.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmpaiu1h2ds/crun-1.27.1-1.20260507084651063521.main.20.gf658a6d0.src.rpm'
diffbase-tool-version	csmock-3.8.5-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-129.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20260420.180315.gd39a405.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	crun-1.27.1-1.20260507131634530270.pr2088.22.g5ea59937
store-results-to	/tmp/tmpya13qpx9/crun-1.27.1-1.20260507131634530270.pr2088.22.g5ea59937.tar.xz
time-created	2026-05-07 13:27:35
time-finished	2026-05-07 13:30:25
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'cppcheck,shellcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmpya13qpx9/crun-1.27.1-1.20260507131634530270.pr2088.22.g5ea59937.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmpya13qpx9/crun-1.27.1-1.20260507131634530270.pr2088.22.g5ea59937.src.rpm'
tool-version	csmock-3.8.5-1.el9