Fixed findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-685): [#def1]
pipewire-1.6.2/spa/include/spa/pod/builder.h:646:25: warning[-Wanalyzer-va-list-exhausted]: ‘args’ has no more arguments (1 consumed)
pipewire-1.6.2/spa/plugins/bluez5/media-source.c:2030:13: enter_function: entry to ‘transport_state_changed’
pipewire-1.6.2/spa/plugins/bluez5/media-source.c:2041:17: call_function: calling ‘transport_stop’ from ‘transport_state_changed’
pipewire-1.6.2/spa/plugins/bluez5/media-source.c:2041:17: return_function: returning to ‘transport_state_changed’ from ‘transport_stop’
pipewire-1.6.2/spa/plugins/bluez5/media-source.c:2043:12: branch_true: following ‘true’ branch (when ‘state == -1’)...
pipewire-1.6.2/spa/plugins/bluez5/media-source.c:2045:40: branch_true: ...to here
pipewire-1.6.2/spa/plugins/bluez5/media-source.c:2048:17: branch_true: following ‘true’ branch (when ‘_h != _l’)...
pipewire-1.6.2/spa/plugins/bluez5/media-source.c:2048:17: branch_true: ...to here
pipewire-1.6.2/spa/plugins/bluez5/media-source.c:2048:17: call_function: calling ‘spa_pod_builder_push_object’ from ‘transport_state_changed’
pipewire-1.6.2/spa/plugins/bluez5/media-source.c:2048:17: return_function: returning to ‘transport_state_changed’ from ‘spa_pod_builder_push_object’
pipewire-1.6.2/spa/plugins/bluez5/media-source.c:2048:17: call_function: calling ‘spa_pod_builder_add’ from ‘transport_state_changed’ with 1 variadic argument
pipewire-1.6.2/spa/plugins/bluez5/media-source.c:2048:17: return_function: returning to ‘transport_state_changed’ from ‘spa_pod_builder_add’
pipewire-1.6.2/spa/plugins/bluez5/media-source.c:2048:17: call_function: calling ‘spa_pod_builder_pop’ from ‘transport_state_changed’
pipewire-1.6.2/spa/plugins/bluez5/media-source.c:2048:17: return_function: returning to ‘transport_state_changed’ from ‘spa_pod_builder_pop’
pipewire-1.6.2/spa/plugins/bluez5/media-source.c:2048:17: branch_true: following ‘true’ branch...
pipewire-1.6.2/spa/plugins/bluez5/media-source.c:2048:17: call_function: calling ‘spa_pod_builder_push_object’ from ‘transport_state_changed’
pipewire-1.6.2/spa/plugins/bluez5/media-source.c:2048:17: return_function: returning to ‘transport_state_changed’ from ‘spa_pod_builder_push_object’
pipewire-1.6.2/spa/plugins/bluez5/media-source.c:2048:17: call_function: calling ‘spa_pod_builder_add’ from ‘transport_state_changed’ with 1 variadic argument
#  644|   		case SPA_TYPE_Sequence:
#  645|   			offset = va_arg(args, uint32_t);
#  646|-> 			type = va_arg(args, uint32_t);
#  647|   			if (type == 0)
#  648|   				goto exit;

Error: CPPCHECK_WARNING (CWE-190): [#def2]
pipewire-1.6.2/spa/plugins/alsa/alsa-seq-bridge.c:441: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  439|   
#  440|   	if (info == NULL) {
#  441|-> 		spa_log_debug(state->log, "free port %d.%d", addr->client, addr->port);
#  442|   		if (port)
#  443|   			free_port(state, stream, port);

Error: CPPCHECK_WARNING (CWE-190): [#def3]
pipewire-1.6.2/spa/plugins/alsa/alsa-seq-bridge.c:453: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  451|   		} else if (port != NULL) {
#  452|   			if ((caps & stream->caps) != stream->caps) {
#  453|-> 				spa_log_debug(state->log, "free port %d.%d", addr->client, addr->port);
#  454|   				free_port(state, stream, port);
#  455|   			}

Error: CPPCHECK_WARNING (CWE-190): [#def4]
pipewire-1.6.2/spa/plugins/alsa/alsa-seq-bridge.c:803: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  801|   	info.size = size;
#  802|   
#  803|-> 	spa_log_debug(this->log, "%p: io %d.%d %d %p %zd", this,
#  804|   			direction, port_id, id, data, size);
#  805|   

Error: CPPCHECK_WARNING (CWE-190): [#def5]
pipewire-1.6.2/spa/plugins/audiomixer/mixer-dsp.c:850: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  848|   	if (SPA_UNLIKELY(outb == NULL)) {
#  849|   		if (outport->n_buffers > 0)
#  850|-> 			spa_log_warn(this->log, "%p: out of buffers (%d)", this,
#  851|   					outport->n_buffers);
#  852|   		return -EPIPE;

Error: CPPCHECK_WARNING (CWE-758): [#def6]
pipewire-1.6.2/spa/plugins/bluez5/a2dp-codec-aac.c:226: error[comparePointers]: Comparing pointers that point to different objects
#  224|   	choice = (struct spa_pod_choice*)spa_pod_builder_frame(b, &f[1]);
#  225|   	i = 0;
#  226|-> 	SPA_FOR_EACH_ELEMENT_VAR(aac_frequencies, f) {
#  227|   		if (AAC_GET_FREQUENCY(conf) & f->config) {
#  228|   			if (i++ == 0)

Error: CPPCHECK_WARNING (CWE-190): [#def7]
pipewire-1.6.2/spa/plugins/bluez5/quirks.c:193: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  191|   	spa_autoclose int fd = -1;
#  192|   
#  193|-> 	spa_log_debug(this->log, "loading %s", path);
#  194|   
#  195|   	if ((fd = open(path, O_CLOEXEC | O_RDONLY)) < 0)

Error: CPPCHECK_WARNING (CWE-190): [#def8]
pipewire-1.6.2/spa/plugins/bluez5/quirks.c:233: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  231|   
#  232|   	if ((str = spa_dict_lookup(info, "bluez5.hardware-database")) != NULL) {
#  233|-> 		spa_log_debug(this->log, "loading session manager provided data");
#  234|   		load_quirks(this, str, strlen(str));
#  235|   	} else {

Error: CPPCHECK_WARNING (CWE-190): [#def9]
pipewire-1.6.2/spa/plugins/bluez5/quirks.c:245: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  243|   		if (spa_scnprintf(path, sizeof(path), "%s/bluez5/bluez-hardware.conf", dir) >= 0)
#  244|   			if ((res = load_conf(this, path)) < 0)
#  245|-> 				spa_log_warn(this->log, "failed to load '%s': %s", path,
#  246|   						spa_strerror(res));
#  247|   	}

Error: CPPCHECK_WARNING (CWE-190): [#def10]
pipewire-1.6.2/spa/plugins/bluez5/quirks.c:249: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  247|   	}
#  248|   	if (!(this->kernel_rules && this->adapter_rules && this->device_rules))
#  249|-> 		spa_log_warn(this->log, "failed to load bluez-hardware.conf");
#  250|   
#  251|   	return this;

Error: CPPCHECK_WARNING (CWE-190): [#def11]
pipewire-1.6.2/spa/plugins/bluez5/quirks.c:266: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  264|   	const struct spa_dict_item *item;
#  265|   	spa_dict_for_each(item, dict)
#  266|-> 		spa_log_debug(log, "quirk property %s=%s", item->key, item->value);
#  267|   }
#  268|   

Error: CPPCHECK_WARNING (CWE-190): [#def12]
pipewire-1.6.2/spa/plugins/bluez5/quirks.c:309: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  307|   		do_match(this->kernel_rules, &props, &no_features);
#  308|   		if (debug)
#  309|-> 			spa_log_debug(this->log, "kernel quirks:%08x", no_features);
#  310|   		*features &= ~no_features;
#  311|   	}

Error: CPPCHECK_WARNING (CWE-190): [#def13]
pipewire-1.6.2/spa/plugins/bluez5/quirks.c:336: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  334|   		do_match(this->adapter_rules, &props, &no_features);
#  335|   		if (debug)
#  336|-> 			spa_log_debug(this->log, "adapter quirks:%08x", no_features);
#  337|   		*features &= ~no_features;
#  338|   	}

Error: CPPCHECK_WARNING (CWE-190): [#def14]
pipewire-1.6.2/spa/plugins/bluez5/quirks.c:365: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  363|   		do_match(this->device_rules, &props, &no_features);
#  364|   		if (debug)
#  365|-> 			spa_log_debug(this->log, "device quirks:%08x", no_features);
#  366|   		*features &= ~no_features;
#  367|   	}

Error: CPPCHECK_WARNING (CWE-190): [#def15]
pipewire-1.6.2/spa/plugins/bluez5/quirks.c:406: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  404|   
#  405|   	get_features(this, adapter, device, &features, true);
#  406|-> 	spa_log_debug(this->log, "features:%08x", features);
#  407|   }

Error: CPPCHECK_WARNING (CWE-190): [#def16]
pipewire-1.6.2/spa/plugins/control/mixer.c:477: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  475|   			port->have_format = true;
#  476|   			port->types = types;
#  477|-> 			spa_log_debug(this->log, "%p: set format on port %d:%d",
#  478|   					this, direction, port_id);
#  479|   		}

Error: COMPILER_WARNING (CWE-252): [#def17]
pipewire-1.6.2/spa/plugins/filter-graph/plugin_builtin.c: scope_hint: In function ‘do_exec’
pipewire-1.6.2/spa/plugins/filter-graph/plugin_builtin.c:2706:9: warning[-Wunused-result]: ignoring return value of ‘pipe2’ declared with attribute ‘warn_unused_result’
# 2706 |         pipe2(stdin_pipe, 0);
#      |         ^~~~~~~~~~~~~~~~~~~~
# 2704|   	argv[argc++] = NULL;
# 2705|   
# 2706|-> 	pipe2(stdin_pipe, 0);
# 2707|   	pipe2(stdout_pipe, 0);
# 2708|   

Error: COMPILER_WARNING (CWE-252): [#def18]
pipewire-1.6.2/spa/plugins/filter-graph/plugin_builtin.c:2707:9: warning[-Wunused-result]: ignoring return value of ‘pipe2’ declared with attribute ‘warn_unused_result’
# 2707 |         pipe2(stdout_pipe, 0);
#      |         ^~~~~~~~~~~~~~~~~~~~~
# 2705|   
# 2706|   	pipe2(stdin_pipe, 0);
# 2707|-> 	pipe2(stdout_pipe, 0);
# 2708|   
# 2709|   	impl->write_fd = stdin_pipe[1];

Error: CPPCHECK_WARNING (CWE-190): [#def19]
pipewire-1.6.2/src/modules/module-rtp/audio.c:564: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  562|   				impl->io_position->clock.rate.denom);
#  563|   
#  564|-> 		rtp_stream_emit_send_packet(impl, iov, 3);
#  565|   
#  566|   		impl->seq++;

Error: CPPCHECK_WARNING (CWE-190): [#def20]
pipewire-1.6.2/src/modules/module-rtp/midi.c:154: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  152|   	j = (struct rtp_midi_journal*)packet;
#  153|   	uint16_t seqnum = ntohs(j->checkpoint_seqnum);
#  154|-> 	rtp_stream_emit_send_feedback(impl, seqnum);
#  155|   	return 0;
#  156|   }

Error: CPPCHECK_WARNING (CWE-190): [#def21]
pipewire-1.6.2/src/modules/module-rtp/midi.c:474: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  472|   						len, timestamp + base,
#  473|   						offset, impl->psamples);
#  474|-> 				rtp_stream_emit_send_packet(impl, iov, 3);
#  475|   
#  476|   				impl->seq++;

Error: CPPCHECK_WARNING (CWE-190): [#def22]
pipewire-1.6.2/src/modules/module-rtp/midi.c:513: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  511|   
#  512|   		pw_log_trace("sending %d timestamp:%d", len, base);
#  513|-> 		rtp_stream_emit_send_packet(impl, iov, 3);
#  514|   		impl->seq++;
#  515|   	}

Error: CPPCHECK_WARNING (CWE-190): [#def23]
pipewire-1.6.2/src/modules/module-rtp/opus.c:255: error[integerOverflow]: Signed integer overflow for expression '0-1'.
#  253|   		iov[1].iov_len = res;
#  254|   
#  255|-> 		rtp_stream_emit_send_packet(impl, iov, 2);
#  256|   
#  257|   		impl->seq++;

Error: GCC_ANALYZER_WARNING: [#def24]
pipewire-1.6.2/test/test-logger.c:349:14: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘open(&fname, 2)’
pipewire-1.6.2/test/test-logger.c:341:12: branch_false: following ‘false’ branch (when ‘oldenv’ is NULL)...
pipewire-1.6.2/test/test-logger.c:346:9: branch_false: ...to here
pipewire-1.6.2/test/test-logger.c:347:14: acquire_resource: opened here
pipewire-1.6.2/test/test-logger.c:348:9: branch_true: following ‘true’ branch...
pipewire-1.6.2/test/test-logger.c:348:9: branch_true: ...to here
pipewire-1.6.2/test/test-logger.c:349:14: danger: ‘open(&fname, 2)’ could be invalid: unchecked value from [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  347|   	fd = open(fname, O_RDWR);
#  348|   	pwtest_errno_ok(fd);
#  349|-> 	rc = dup2(fd, STDERR_FILENO);
#  350|   	setlinebuf(stderr);
#  351|   	pwtest_errno_ok(rc);

Scan Properties