Newly introduced findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-476): [#def1]
qemu-11.0.0-rc3/backends/igvm.c:813:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ctx.cgsc’
qemu-11.0.0-rc3/backends/igvm.c:900:5: enter_function: entry to ‘qigvm_process_file’
qemu-11.0.0-rc3/backends/igvm.c:909:8: branch_false: following ‘false’ branch...
qemu-11.0.0-rc3/backends/igvm.c:913:5: branch_false: ...to here
qemu-11.0.0-rc3/backends/igvm.c:923:16: branch_false: following ‘false’ branch...
qemu-11.0.0-rc3/backends/igvm.c:923:5: branch_false: ...to here
qemu-11.0.0-rc3/backends/igvm.c:931:9: call_function: calling ‘qigvm_supported_platform_compat_mask’ from ‘qigvm_process_file’
#  811|               if ((platform->platform_type == IGVM_PLATFORM_TYPE_SEV_ES) &&
#  812|                   ctx->machine_state->cgs) {
#  813|->                 if (ctx->cgsc->check_support(
#  814|                           CGS_PLATFORM_SEV_ES, platform->platform_version,
#  815|                           platform->highest_vtl, platform->shared_gpa_boundary)) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def2]
qemu-11.0.0-rc3/backends/igvm.c:820:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ctx.cgsc’
qemu-11.0.0-rc3/backends/igvm.c:900:5: enter_function: entry to ‘qigvm_process_file’
qemu-11.0.0-rc3/backends/igvm.c:909:8: branch_false: following ‘false’ branch...
qemu-11.0.0-rc3/backends/igvm.c:913:5: branch_false: ...to here
qemu-11.0.0-rc3/backends/igvm.c:923:16: branch_false: following ‘false’ branch...
qemu-11.0.0-rc3/backends/igvm.c:923:5: branch_false: ...to here
qemu-11.0.0-rc3/backends/igvm.c:931:9: call_function: calling ‘qigvm_supported_platform_compat_mask’ from ‘qigvm_process_file’
#  818|               } else if ((platform->platform_type == IGVM_PLATFORM_TYPE_SEV) &&
#  819|                          ctx->machine_state->cgs) {
#  820|->                 if (ctx->cgsc->check_support(
#  821|                           CGS_PLATFORM_SEV, platform->platform_version,
#  822|                           platform->highest_vtl, platform->shared_gpa_boundary)) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def3]
qemu-11.0.0-rc3/backends/igvm.c:828:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ctx.cgsc’
qemu-11.0.0-rc3/backends/igvm.c:900:5: enter_function: entry to ‘qigvm_process_file’
qemu-11.0.0-rc3/backends/igvm.c:909:8: branch_false: following ‘false’ branch...
qemu-11.0.0-rc3/backends/igvm.c:913:5: branch_false: ...to here
qemu-11.0.0-rc3/backends/igvm.c:923:16: branch_false: following ‘false’ branch...
qemu-11.0.0-rc3/backends/igvm.c:923:5: branch_false: ...to here
qemu-11.0.0-rc3/backends/igvm.c:931:9: call_function: calling ‘qigvm_supported_platform_compat_mask’ from ‘qigvm_process_file’
#  826|                           IGVM_PLATFORM_TYPE_SEV_SNP) &&
#  827|                          ctx->machine_state->cgs) {
#  828|->                 if (ctx->cgsc->check_support(
#  829|                           CGS_PLATFORM_SEV_SNP, platform->platform_version,
#  830|                           platform->highest_vtl, platform->shared_gpa_boundary)) {

Error: CPPCHECK_WARNING (CWE-562): [#def4]
qemu-11.0.0-rc3/disas/m68k.c:1904: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
# 1902|       }
# 1903|   
# 1904|->   info->private_data = (PTR) &priv;
# 1905|     /* Tell objdump to use two bytes per chunk
# 1906|        and six bytes per line for displaying raw data.  */

Error: CPPCHECK_WARNING (CWE-758): [#def5]
qemu-11.0.0-rc3/disas/sparc.c:2518: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
# 2516|     for (i = 0; i < 32; ++i)
# 2517|       {
# 2518|->       unsigned long int x = 1 << i;
# 2519|         int x0 = (match0 & x) != 0;
# 2520|         int x1 = (match1 & x) != 0;

Error: CPPCHECK_WARNING (CWE-758): [#def6]
qemu-11.0.0-rc3/disas/sparc.c:2528: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
# 2526|     for (i = 0; i < 32; ++i)
# 2527|       {
# 2528|->       unsigned long int x = 1 << i;
# 2529|         int x0 = (lose0 & x) != 0;
# 2530|         int x1 = (lose1 & x) != 0;

Error: CPPCHECK_WARNING (CWE-476): [#def7]
qemu-11.0.0-rc3/disas/sparc.c:2691: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: sorted_opcodes
# 2689|         /* Reset the sorted table so we can resort it.  */
# 2690|         for (i = 0; i < sparc_num_opcodes; ++i)
# 2691|->         sorted_opcodes[i] = &sparc_opcodes[i];
# 2692|         qsort ((char *) sorted_opcodes, sparc_num_opcodes,
# 2693|                sizeof (sorted_opcodes[0]), compare_opcodes);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def8]
qemu-11.0.0-rc3/hw/block/xen-block.c:913:10: warning[-Wanalyzer-null-argument]: use of NULL ‘filename’ where non-null expected
qemu-11.0.0-rc3/hw/block/xen-block.c:870:23: enter_function: entry to ‘xen_block_drive_create’
qemu-11.0.0-rc3/hw/block/xen-block.c:888:8: branch_false: following ‘false’ branch...
qemu-11.0.0-rc3/hw/block/xen-block.c:893:9: branch_false: ...to here
qemu-11.0.0-rc3/hw/block/xen-block.c:894:8: branch_true: following ‘true’ branch...
qemu-11.0.0-rc3/hw/block/xen-block.c:895:20: branch_true: ...to here
qemu-11.0.0-rc3/hw/block/xen-block.c:913:10: danger: argument 1 (‘filename’) NULL where non-null expected
#  911|       drive->id = g_strdup(id);
#  912|   
#  913|->     rc = stat(filename, &st);
#  914|       if (rc) {
#  915|           error_setg_errno(errp, errno, "Could not stat file '%s'", filename);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def9]
qemu-11.0.0-rc3/hw/i3c/core.c:480:5: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*num_read’
qemu-11.0.0-rc3/hw/i3c/core.c:443:5: enter_function: entry to ‘i3c_recv_byte’
qemu-11.0.0-rc3/hw/i3c/core.c:450:12: call_function: calling ‘i3c_recv’ from ‘i3c_recv_byte’
#  478|       }
#  479|   
#  480|->     trace_i3c_recv(*num_read, num_to_read, ret == 0);
#  481|   
#  482|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def10]
qemu-11.0.0-rc3/hw/uefi/var-service-pcap.c:28:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘fp’ where non-null expected
qemu-11.0.0-rc3/hw/uefi/var-service-pcap.c:54:6: enter_function: entry to ‘uefi_vars_pcap_init’
qemu-11.0.0-rc3/hw/uefi/var-service-pcap.c:58:8: branch_false: following ‘false’ branch...
qemu-11.0.0-rc3/hw/uefi/var-service-pcap.c:62:10: branch_false: ...to here
qemu-11.0.0-rc3/hw/uefi/var-service-pcap.c:65:8: branch_false: following ‘false’ branch...
qemu-11.0.0-rc3/hw/uefi/var-service-pcap.c:69:18: branch_false: ...to here
qemu-11.0.0-rc3/hw/uefi/var-service-pcap.c:69:18: acquire_memory: this call could return NULL
qemu-11.0.0-rc3/hw/uefi/var-service-pcap.c:70:5: call_function: calling ‘uefi_vars_pcap_header’ from ‘uefi_vars_pcap_init’
#   26|       };
#   27|   
#   28|->     fwrite(&header, sizeof(header), 1, fp);
#   29|       fflush(fp);
#   30|   }

Error: CPPCHECK_WARNING (CWE-476): [#def11]
qemu-11.0.0-rc3/include/qemu/bswap.h:142: error[ctunullpointer]: Null pointer dereference: p
#  140|   CPU_CONVERT(be, 64, uint64_t)
#  141|   
#  142|-> CPU_CONVERT(le, 16, uint16_t)
#  143|   CPU_CONVERT(le, 32, uint32_t)
#  144|   CPU_CONVERT(le, 64, uint64_t)

Error: CPPCHECK_WARNING (CWE-476): [#def12]
qemu-11.0.0-rc3/include/qemu/bswap.h:143: error[ctunullpointer]: Null pointer dereference: p
#  141|   
#  142|   CPU_CONVERT(le, 16, uint16_t)
#  143|-> CPU_CONVERT(le, 32, uint32_t)
#  144|   CPU_CONVERT(le, 64, uint64_t)
#  145|   

Error: CPPCHECK_WARNING (CWE-476): [#def13]
qemu-11.0.0-rc3/include/qemu/bswap.h:144: error[ctunullpointer]: Null pointer dereference: p
#  142|   CPU_CONVERT(le, 16, uint16_t)
#  143|   CPU_CONVERT(le, 32, uint32_t)
#  144|-> CPU_CONVERT(le, 64, uint64_t)
#  145|   
#  146|   #undef CPU_CONVERT

Error: GCC_ANALYZER_WARNING (CWE-476): [#def14]
qemu-11.0.0-rc3/monitor/hmp-cmds.c:705:5: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘mr’
qemu-11.0.0-rc3/monitor/hmp-cmds.c:696:19: release_memory: ‘mr’ is NULL
qemu-11.0.0-rc3/monitor/hmp-cmds.c:700:8: branch_false: following ‘false’ branch...
qemu-11.0.0-rc3/monitor/hmp-cmds.c:707:28: branch_false: ...to here
qemu-11.0.0-rc3/monitor/hmp-cmds.c:707:28: release_memory: ‘mr’ is NULL
qemu-11.0.0-rc3/monitor/hmp-cmds.c:705:5: danger: dereference of NULL ‘mr’
#  703|       }
#  704|   
#  705|->     monitor_printf(mon, "Host virtual address for 0x%" HWADDR_PRIx
#  706|                      " (%s) is %p\n",
#  707|                      addr, mr->name, ptr);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def15]
qemu-11.0.0-rc3/monitor/hmp-cmds.c:785:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘mr’
qemu-11.0.0-rc3/monitor/hmp-cmds.c:767:6: enter_function: entry to ‘hmp_gpa2hpa’
qemu-11.0.0-rc3/monitor/hmp-cmds.c:771:19: release_memory: ‘mr’ is NULL
qemu-11.0.0-rc3/monitor/hmp-cmds.c:776:8: branch_false: following ‘false’ branch...
qemu-11.0.0-rc3/monitor/hmp-cmds.c:781:16: branch_false: ...to here
qemu-11.0.0-rc3/monitor/hmp-cmds.c:781:16: call_function: calling ‘vtop’ from ‘hmp_gpa2hpa’
qemu-11.0.0-rc3/monitor/hmp-cmds.c:781:16: return_function: returning to ‘hmp_gpa2hpa’ from ‘vtop’
qemu-11.0.0-rc3/monitor/hmp-cmds.c:782:8: branch_false: following ‘false’ branch...
qemu-11.0.0-rc3/monitor/hmp-cmds.c:787:32: branch_false: ...to here
qemu-11.0.0-rc3/monitor/hmp-cmds.c:787:32: release_memory: ‘mr’ is NULL
qemu-11.0.0-rc3/monitor/hmp-cmds.c:785:9: danger: dereference of NULL ‘mr’
#  783|           error_report_err(local_err);
#  784|       } else {
#  785|->         monitor_printf(mon, "Host physical address for 0x%" HWADDR_PRIx
#  786|                          " (%s) is 0x%" PRIx64 "\n",
#  787|                          addr, mr->name, (uint64_t) physaddr);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def16]
qemu-11.0.0-rc3/subprojects/libvduse/libvduse.c:273:12: warning[-Wanalyzer-malloc-leak]: leak of ‘*vq.resubmit_list’
qemu-11.0.0-rc3/subprojects/libvduse/libvduse.c:1001:5: enter_function: entry to ‘vduse_dev_handler’
qemu-11.0.0-rc3/subprojects/libvduse/libvduse.c:1009:8: branch_false: following ‘false’ branch (when ‘ret == 152’)...
qemu-11.0.0-rc3/subprojects/libvduse/libvduse.c:1014:23: branch_false: ...to here
qemu-11.0.0-rc3/subprojects/libvduse/libvduse.c:1023:12: branch_true: following ‘true’ branch...
qemu-11.0.0-rc3/subprojects/libvduse/libvduse.c:1024:13: branch_true: ...to here
qemu-11.0.0-rc3/subprojects/libvduse/libvduse.c:1024:13: call_function: calling ‘vduse_dev_start_dataplane’ from ‘vduse_dev_handler’
#  271|           }
#  272|   
#  273|->         if (vq->resubmit_num > 1) {
#  274|               qsort(vq->resubmit_list, vq->resubmit_num,
#  275|                     sizeof(VduseVirtqInflightDesc), inflight_desc_compare);

Scan Properties

analyzer-version-clippy	1.95.0
analyzer-version-cppcheck	2.20.0
analyzer-version-gcc	16.1.1
analyzer-version-gcc-analyzer	16.1.1
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.95.0
diffbase-analyzer-version-cppcheck	2.20.0
diffbase-analyzer-version-gcc	16.1.1
diffbase-analyzer-version-gcc-analyzer	16.1.1
diffbase-analyzer-version-shellcheck	0.11.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-233.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	qemu-10.2.2-1.fc44
diffbase-store-results-to	/tmp/tmp2xzrpmr_/qemu-10.2.2-1.fc44.tar.xz
diffbase-time-created	2026-06-01 16:18:22
diffbase-time-finished	2026-06-01 17:21:25
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmp2xzrpmr_/qemu-10.2.2-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp2xzrpmr_/qemu-10.2.2-1.fc44.src.rpm'
diffbase-tool-version	csmock-3.8.5.20260529.133039.g6f3b5c6-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-233.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	qemu-11.0.0-0.10.rc3.fc45
store-results-to	/tmp/tmpi4uibz5s/qemu-11.0.0-0.10.rc3.fc45.tar.xz
time-created	2026-06-01 17:22:54
time-finished	2026-06-01 18:22:56
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmpi4uibz5s/qemu-11.0.0-0.10.rc3.fc45.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpi4uibz5s/qemu-11.0.0-0.10.rc3.fc45.src.rpm'
tool-version	csmock-3.8.5.20260529.133039.g6f3b5c6-1.el9