Error: CPPCHECK_WARNING (CWE-476): [#def1] openssh-10.3p1/libcrux_mlkem768_sha3.h:555: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ptr # 553| static inline char *malloc_and_init(size_t sz, char *init) { # 554| char *ptr = (char *)malloc(sz); # 555|-> memcpy(ptr, init, sz); # 556| return ptr; # 557| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def2] openssh-10.3p1/readconf.c:3507:13: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘s’ openssh-10.3p1/readconf.c:3540:1: enter_function: entry to ‘parse_jump’ openssh-10.3p1/readconf.c:3543:15: release_memory: ‘tmp_user’ is NULL openssh-10.3p1/readconf.c:3543:33: release_memory: ‘tmp_user’ is NULL openssh-10.3p1/readconf.c:3546:12: branch_false: following ‘false’ branch... openssh-10.3p1/readconf.c:3554:16: branch_false: ...to here openssh-10.3p1/readconf.c:3555:12: branch_false: following ‘false’ branch (when ‘cp’ is NULL)... openssh-10.3p1/readconf.c:3557:9: branch_false: ...to here openssh-10.3p1/readconf.c:3563:20: branch_true: following ‘true’ branch (when ‘cp’ is NULL)... openssh-10.3p1/readconf.c:3568:21: branch_true: ...to here openssh-10.3p1/readconf.c:3568:21: call_function: calling ‘parse_ssh_uri’ from ‘parse_jump’ openssh-10.3p1/readconf.c:3568:21: return_function: returning to ‘parse_jump’ from ‘parse_ssh_uri’ openssh-10.3p1/readconf.c:3569:20: branch_false: following ‘false’ branch... openssh-10.3p1/readconf.c:3572:20: branch_true: following ‘true’ branch (when ‘strict != 0’)... openssh-10.3p1/readconf.c:3573:30: branch_true: ...to here openssh-10.3p1/readconf.c:3573:30: release_memory: ‘tmp_user’ is NULL openssh-10.3p1/readconf.c:3573:30: call_function: calling ‘ssh_valid_hostname’ from ‘parse_jump’ # 3505| size_t i; # 3506| # 3507|-> if (*s == '-') # 3508| return 0; # 3509| for (i = 0; s[i] != 0; i++) { Error: COMPILER_WARNING (CWE-563): [#def3] openssh-10.3p1/sshd-session.c: scope_hint: In function ‘cleanup_exit’ openssh-10.3p1/sshd-session.c:1580:20: warning[-Wunused-variable]: unused variable ‘auth_attempted’ # 1580 | extern int auth_attempted; /* monitor.c */ # | ^~~~~~~~~~~~~~ # 1578| _exit(i); # 1579| in_cleanup = 1; # 1580|-> extern int auth_attempted; /* monitor.c */ # 1581| # 1582| if (the_active_state != NULL && the_authctxt != NULL) {
| analyzer-version-clippy | 1.95.0 |
| analyzer-version-cppcheck | 2.20.0 |
| analyzer-version-gcc | 16.1.1 |
| analyzer-version-gcc-analyzer | 16.1.1 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.95.0 |
| diffbase-analyzer-version-cppcheck | 2.20.0 |
| diffbase-analyzer-version-gcc | 16.1.1 |
| diffbase-analyzer-version-gcc-analyzer | 16.1.1 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-50.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | openssh-10.2p1-7.fc44 |
| diffbase-store-results-to | /tmp/tmpt562gg92/openssh-10.2p1-7.fc44.tar.xz |
| diffbase-time-created | 2026-06-01 15:16:43 |
| diffbase-time-finished | 2026-06-01 15:20:14 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmpt562gg92/openssh-10.2p1-7.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpt562gg92/openssh-10.2p1-7.fc44.src.rpm' |
| diffbase-tool-version | csmock-3.8.5.20260529.133039.g6f3b5c6-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-50.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | openssh-10.3p1-2.fc45 |
| store-results-to | /tmp/tmppvzmqmsr/openssh-10.3p1-2.fc45.tar.xz |
| time-created | 2026-06-01 15:20:28 |
| time-finished | 2026-06-01 15:23:27 |
| title | Newly introduced findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmppvzmqmsr/openssh-10.3p1-2.fc45.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmppvzmqmsr/openssh-10.3p1-2.fc45.src.rpm' |
| tool-version | csmock-3.8.5.20260529.133039.g6f3b5c6-1.el9 |