Error: SHELLCHECK_WARNING: [#def1] /etc/qemu-ga/fsfreeze-hook:27:18: warning[SC3020]: In POSIX sh, &> is undefined. # 25| [ ! -w "$LOGFILE" ] && USE_SYSLOG=1 # 26| # try to update log file and fallback to syslog if it fails # 27|-> touch "$LOGFILE" &>/dev/null || USE_SYSLOG=1 # 28| # 29| # Ensure the log file is writable, fallback to syslog if not Error: SHELLCHECK_WARNING: [#def2] /etc/qemu-ga/fsfreeze-hook:31:5: warning[SC3043]: In POSIX sh, 'local' is undefined. # 29| # Ensure the log file is writable, fallback to syslog if not # 30| log_message() { # 31|-> local message="$1" # 32| if [ "$USE_SYSLOG" -eq 0 ]; then # 33| printf "%s: %s\n" "$(date)" "$message" >>"$LOGFILE" Error: SHELLCHECK_WARNING (CWE-138): [#def3] /etc/qemu-ga/fsfreeze-hook:46:34: error[SC2145]: Argument mixes string and array. Use * or separate argument. # 44| [ -x "$file" ] || continue # 45| # 46|-> log_message "Executing $file $@" # 47| if [ "$USE_SYSLOG" -eq 0 ]; then # 48| "$file" "$@" >>"$LOGFILE" 2>&1 Error: SHELLCHECK_WARNING: [#def4] /etc/qemu-ga/fsfreeze-hook:52:16: warning[SC3028]: In POSIX sh, PIPESTATUS is undefined. # 50| else # 51| "$file" "$@" 2>&1 | logger -t qemu-ga-freeze-hook # 52|-> STATUS=${PIPESTATUS[0]} # 53| fi # 54| Error: SHELLCHECK_WARNING: [#def5] /etc/qemu-ga/fsfreeze-hook:52:16: warning[SC3054]: In POSIX sh, array references are undefined. # 50| else # 51| "$file" "$@" 2>&1 | logger -t qemu-ga-freeze-hook # 52|-> STATUS=${PIPESTATUS[0]} # 53| fi # 54| Error: GCC_ANALYZER_WARNING (CWE-476): [#def6] qemu-10.2.2/audio/audio.c:1565:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘drv’ qemu-10.2.2/audio/audio.c:1799:15: enter_function: entry to ‘audio_get_default_audio_be’ qemu-10.2.2/audio/audio.c:1801:8: branch_true: following ‘true’ branch... qemu-10.2.2/audio/audio.c:1802:28: branch_true: ...to here qemu-10.2.2/audio/audio.c:1802:28: call_function: calling ‘audio_init’ from ‘audio_get_default_audio_be’ # 1563| Audiodev *dev, Error **errp) # 1564| { # 1565|-> s->drv_opaque = drv->init(dev, errp); # 1566| if (!s->drv_opaque) { # 1567| return false; Error: GCC_ANALYZER_WARNING (CWE-476): [#def7] qemu-10.2.2/hw/block/xen-block.c:856:11: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘drive’ qemu-10.2.2/hw/block/xen-block.c:870:23: enter_function: entry to ‘xen_block_drive_create’ qemu-10.2.2/hw/block/xen-block.c:887:8: branch_false: following ‘false’ branch... qemu-10.2.2/hw/block/xen-block.c:906:9: branch_false: ...to here qemu-10.2.2/hw/block/xen-block.c:978:8: branch_true: following ‘true’ branch... qemu-10.2.2/hw/block/xen-block.c:979:9: branch_true: ...to here qemu-10.2.2/hw/block/xen-block.c:979:9: call_function: calling ‘xen_block_drive_destroy’ from ‘xen_block_drive_create’ # 854| { # 855| ERRP_GUARD(); # 856|-> char *node_name = drive->node_name; # 857| # 858| if (node_name) { Error: COMPILER_WARNING: [#def8] qemu-10.2.2/hw/ppc/vof.c: scope_hint: In function ‘vof_dt_memory_available’ qemu-10.2.2/hw/ppc/vof.c:642:12: warning[-Wunused-but-set-variable=]: variable ‘n’ set but not used # 642 | int i, n, offset, proplen = 0, sc, ac; # | ^ # 640| static void vof_dt_memory_available(void *fdt, GArray *claimed, uint64_t base) # 641| { # 642|-> int i, n, offset, proplen = 0, sc, ac; # 643| target_ulong mem0_end; # 644| const uint8_t *mem0_reg; Error: GCC_ANALYZER_WARNING (CWE-476): [#def9] qemu-10.2.2/migration/migration.c:186:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘addr’ qemu-10.2.2/migration/migration.c:2208:6: enter_function: entry to ‘qmp_migrate’ qemu-10.2.2/migration/migration.c:2214:25: call_function: inlined call to ‘migrate_get_current’ from ‘qmp_migrate’ qemu-10.2.2/migration/migration.c:2215:33: branch_true: ...to here qemu-10.2.2/migration/migration.c:2223:8: branch_false: following ‘false’ branch... qemu-10.2.2/migration/migration.c:2228:8: branch_false: ...to here qemu-10.2.2/migration/migration.c:2228:8: branch_false: following ‘false’ branch (when ‘channels’ is NULL)... qemu-10.2.2/migration/migration.c:2247:8: branch_false: ...to here qemu-10.2.2/migration/migration.c:2247:8: branch_false: following ‘false’ branch (when ‘uri’ is NULL)... qemu-10.2.2/migration/migration.c:2256:10: branch_false: ...to here qemu-10.2.2/migration/migration.c:2256:10: call_function: calling ‘migration_transport_compatible’ from ‘qmp_migrate’ # 184| static bool transport_supports_multi_channels(MigrationAddress *addr) # 185| { # 186|-> if (addr->transport == MIGRATION_ADDRESS_TYPE_SOCKET) { # 187| SocketAddress *saddr = &addr->u.socket; # 188| Error: GCC_ANALYZER_WARNING (CWE-476): [#def10] qemu-10.2.2/migration/migration.c:216:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘addr’ qemu-10.2.2/migration/migration.c:2208:6: enter_function: entry to ‘qmp_migrate’ qemu-10.2.2/migration/migration.c:2214:25: call_function: inlined call to ‘migrate_get_current’ from ‘qmp_migrate’ qemu-10.2.2/migration/migration.c:2215:33: branch_true: ...to here qemu-10.2.2/migration/migration.c:2223:8: branch_false: following ‘false’ branch... qemu-10.2.2/migration/migration.c:2228:8: branch_false: ...to here qemu-10.2.2/migration/migration.c:2228:8: branch_false: following ‘false’ branch (when ‘channels’ is NULL)... qemu-10.2.2/migration/migration.c:2247:8: branch_false: ...to here qemu-10.2.2/migration/migration.c:2247:8: branch_false: following ‘false’ branch (when ‘uri’ is NULL)... qemu-10.2.2/migration/migration.c:2256:10: branch_false: ...to here qemu-10.2.2/migration/migration.c:2256:10: call_function: calling ‘migration_transport_compatible’ from ‘qmp_migrate’ # 214| static bool transport_supports_seeking(MigrationAddress *addr) # 215| { # 216|-> if (addr->transport == MIGRATION_ADDRESS_TYPE_FILE) { # 217| return true; # 218| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def11] qemu-10.2.2/migration/migration.c:226:12: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘addr’ qemu-10.2.2/migration/migration.c:2208:6: enter_function: entry to ‘qmp_migrate’ qemu-10.2.2/migration/migration.c:2214:25: call_function: inlined call to ‘migrate_get_current’ from ‘qmp_migrate’ qemu-10.2.2/migration/migration.c:2215:33: branch_true: ...to here qemu-10.2.2/migration/migration.c:2223:8: branch_false: following ‘false’ branch... qemu-10.2.2/migration/migration.c:2228:8: branch_false: ...to here qemu-10.2.2/migration/migration.c:2228:8: branch_false: following ‘false’ branch (when ‘channels’ is NULL)... qemu-10.2.2/migration/migration.c:2247:8: branch_false: ...to here qemu-10.2.2/migration/migration.c:2247:8: branch_false: following ‘false’ branch (when ‘uri’ is NULL)... qemu-10.2.2/migration/migration.c:2256:10: branch_false: ...to here qemu-10.2.2/migration/migration.c:2256:10: call_function: calling ‘migration_transport_compatible’ from ‘qmp_migrate’ # 224| { # 225| /* file: works because QEMU can open it multiple times */ # 226|-> return addr->transport == MIGRATION_ADDRESS_TYPE_FILE; # 227| } # 228| Error: GCC_ANALYZER_WARNING (CWE-476): [#def12] qemu-10.2.2/migration/migration.c:253:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘addr’ qemu-10.2.2/migration/migration.c:2208:6: enter_function: entry to ‘qmp_migrate’ qemu-10.2.2/migration/migration.c:2214:25: call_function: inlined call to ‘migrate_get_current’ from ‘qmp_migrate’ qemu-10.2.2/migration/migration.c:2215:33: branch_true: ...to here qemu-10.2.2/migration/migration.c:2223:8: branch_false: following ‘false’ branch... qemu-10.2.2/migration/migration.c:2228:8: branch_false: ...to here qemu-10.2.2/migration/migration.c:2228:8: branch_false: following ‘false’ branch (when ‘channels’ is NULL)... qemu-10.2.2/migration/migration.c:2247:8: branch_false: ...to here qemu-10.2.2/migration/migration.c:2247:8: branch_false: following ‘false’ branch (when ‘uri’ is NULL)... qemu-10.2.2/migration/migration.c:2256:10: branch_false: ...to here qemu-10.2.2/migration/migration.c:2256:10: call_function: calling ‘migration_transport_compatible’ from ‘qmp_migrate’ # 251| # 252| if (migrate_mode() == MIG_MODE_CPR_TRANSFER && # 253|-> addr->transport == MIGRATION_ADDRESS_TYPE_FILE) { # 254| error_setg(errp, "Migration requires streamable transport (eg unix)"); # 255| return false; Error: GCC_ANALYZER_WARNING (CWE-476): [#def13] qemu-10.2.2/migration/migration.c:265:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘addr’ qemu-10.2.2/migration/migration.c:2208:6: enter_function: entry to ‘qmp_migrate’ qemu-10.2.2/migration/migration.c:2214:25: call_function: inlined call to ‘migrate_get_current’ from ‘qmp_migrate’ qemu-10.2.2/migration/migration.c:2215:33: branch_true: ...to here qemu-10.2.2/migration/migration.c:2223:8: branch_false: following ‘false’ branch... qemu-10.2.2/migration/migration.c:2228:8: branch_false: ...to here qemu-10.2.2/migration/migration.c:2228:8: branch_false: following ‘false’ branch (when ‘channels’ is NULL)... qemu-10.2.2/migration/migration.c:2247:8: branch_false: ...to here qemu-10.2.2/migration/migration.c:2247:8: branch_false: following ‘false’ branch (when ‘uri’ is NULL)... qemu-10.2.2/migration/migration.c:2256:10: branch_false: ...to here qemu-10.2.2/migration/migration.c:2256:10: call_function: calling ‘migration_transport_compatible’ from ‘qmp_migrate’ # 263| Error **errp) # 264| { # 265|-> if (addr->transport == MIGRATION_ADDRESS_TYPE_RDMA) { # 266| return migrate_rdma_caps_check(migrate_get_current()->capabilities, # 267| errp); Error: GCC_ANALYZER_WARNING (CWE-476): [#def14] qemu-10.2.2/monitor/hmp-cmds-target.c:295:5: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘mr’ qemu-10.2.2/monitor/hmp-cmds-target.c:286:19: release_memory: ‘mr’ is NULL qemu-10.2.2/monitor/hmp-cmds-target.c:290:8: branch_false: following ‘false’ branch... qemu-10.2.2/monitor/hmp-cmds-target.c:297:28: branch_false: ...to here qemu-10.2.2/monitor/hmp-cmds-target.c:297:28: release_memory: ‘mr’ is NULL qemu-10.2.2/monitor/hmp-cmds-target.c:295:5: danger: dereference of NULL ‘mr’ # 293| } # 294| # 295|-> monitor_printf(mon, "Host virtual address for 0x%" HWADDR_PRIx # 296| " (%s) is %p\n", # 297| addr, mr->name, ptr); Error: GCC_ANALYZER_WARNING (CWE-476): [#def15] qemu-10.2.2/monitor/hmp-cmds-target.c:374:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘mr’ qemu-10.2.2/monitor/hmp-cmds-target.c:356:6: enter_function: entry to ‘hmp_gpa2hpa’ qemu-10.2.2/monitor/hmp-cmds-target.c:360:19: release_memory: ‘mr’ is NULL qemu-10.2.2/monitor/hmp-cmds-target.c:365:8: branch_false: following ‘false’ branch... qemu-10.2.2/monitor/hmp-cmds-target.c:370:16: branch_false: ...to here qemu-10.2.2/monitor/hmp-cmds-target.c:370:16: call_function: calling ‘vtop’ from ‘hmp_gpa2hpa’ qemu-10.2.2/monitor/hmp-cmds-target.c:370:16: return_function: returning to ‘hmp_gpa2hpa’ from ‘vtop’ qemu-10.2.2/monitor/hmp-cmds-target.c:371:8: branch_false: following ‘false’ branch... qemu-10.2.2/monitor/hmp-cmds-target.c:376:32: branch_false: ...to here qemu-10.2.2/monitor/hmp-cmds-target.c:376:32: release_memory: ‘mr’ is NULL qemu-10.2.2/monitor/hmp-cmds-target.c:374:9: danger: dereference of NULL ‘mr’ # 372| error_report_err(local_err); # 373| } else { # 374|-> monitor_printf(mon, "Host physical address for 0x%" HWADDR_PRIx # 375| " (%s) is 0x%" PRIx64 "\n", # 376| addr, mr->name, (uint64_t) physaddr); Error: GCC_ANALYZER_WARNING (CWE-688): [#def16] qemu-10.2.2/net/tap.c:719:13: warning[-Wanalyzer-null-argument]: use of NULL ‘downscript’ where non-null expected qemu-10.2.2/net/tap.c:809:5: enter_function: entry to ‘net_init_tap’ qemu-10.2.2/net/tap.c:822:5: branch_true: following ‘true’ branch... qemu-10.2.2/net/tap.c:823:5: branch_true: ...to here qemu-10.2.2/net/tap.c:836:8: branch_true: following ‘true’ branch... qemu-10.2.2/net/tap.c:837:13: branch_true: ...to here qemu-10.2.2/net/tap.c:837:12: branch_false: following ‘false’ branch... qemu-10.2.2/net/tap.c:837:13: branch_false: following ‘false’ branch... qemu-10.2.2/net/tap.c:837:13: branch_false: following ‘false’ branch... qemu-10.2.2/net/tap.c:846:14: branch_false: ...to here qemu-10.2.2/net/tap.c:847:12: branch_false: following ‘false’ branch... qemu-10.2.2/net/tap.c:851:14: branch_false: ...to here qemu-10.2.2/net/tap.c:851:12: branch_true: following ‘true’ branch... qemu-10.2.2/net/tap.c:856:20: branch_true: ...to here qemu-10.2.2/net/tap.c:857:12: branch_false: following ‘false’ branch... qemu-10.2.2/net/tap.c:862:9: branch_false: ...to here qemu-10.2.2/net/tap.c:862:9: call_function: calling ‘net_init_tap_one’ from ‘net_init_tap’ # 717| script, downscript); # 718| # 719|-> if (strcmp(downscript, "no") != 0) { # 720| snprintf(s->down_script, sizeof(s->down_script), "%s", downscript); # 721| snprintf(s->down_script_arg, sizeof(s->down_script_arg), Error: COMPILER_WARNING: [#def17] qemu-10.2.2/target/riscv/cpu.c: scope_hint: In function ‘riscv_isa_write_fdt’ qemu-10.2.2/target/riscv/cpu.c:2913:35: warning[-Wformat-truncation=]: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size 5 # 2913 | snprintf(isa_base, maxlen, "rv%di", xlen); # | ^~ qemu-10.2.2/target/riscv/cpu.c:2913:32: note: directive argument in the range [-2147483648, 2147483632] # 2913 | snprintf(isa_base, maxlen, "rv%di", xlen); # | ^~~~~~~ /usr/include/bits/stdio2.h:68:10: note: ‘__builtin___snprintf_chk’ output between 5 and 15 bytes into a destination of size 7 # 68 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 69 | __glibc_objsize (__s), __fmt, # | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 70 | __va_arg_pack ()); # | ~~~~~~~~~~~~~~~~~ # 2911| qemu_fdt_setprop_string(fdt, nodename, "riscv,isa", riscv_isa); # 2912| # 2913|-> snprintf(isa_base, maxlen, "rv%di", xlen); # 2914| qemu_fdt_setprop_string(fdt, nodename, "riscv,isa-base", isa_base); # 2915| Error: COMPILER_WARNING: [#def18] qemu-10.2.2/tests/qtest/libqtest.c: scope_hint: In function ‘qtest_qom_has_concrete_type’ qemu-10.2.2/tests/qtest/libqtest.c:1044:9: warning[-Wunused-but-set-variable=]: variable ‘idx’ set but not used # 1044 | int idx; # | ^~~ # 1042| QString *qstr; # 1043| QDict *devinfo; # 1044|-> int idx; # 1045| # 1046| if (!list) { Error: GCC_ANALYZER_WARNING (CWE-688): [#def19] qemu-10.2.2/tests/qtest/migration/cpr-tests.c:168:9: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected qemu-10.2.2/tests/qtest/migration/cpr-tests.c:162:12: branch_false: following ‘false’ branch (when ‘done == 0’)... qemu-10.2.2/tests/qtest/migration/cpr-tests.c:163:15: branch_false: ...to here qemu-10.2.2/tests/qtest/migration/cpr-tests.c:164:9: branch_true: following ‘true’ branch... qemu-10.2.2/tests/qtest/migration/cpr-tests.c:165:16: branch_true: ...to here qemu-10.2.2/tests/qtest/migration/cpr-tests.c:166:9: branch_true: following ‘true’ branch... qemu-10.2.2/tests/qtest/migration/cpr-tests.c:167:18: branch_true: ...to here qemu-10.2.2/tests/qtest/migration/cpr-tests.c:168:9: danger: argument 1 (‘<unknown>’) NULL where non-null expected # 166| g_assert(qdict_haskey(data, "status")); # 167| status = g_strdup(qdict_get_str(data, "status")); # 168|-> g_assert(strcmp(status, "failed")); # 169| done = !strcmp(status, waitfor); # 170| qobject_unref(rsp); Error: COMPILER_WARNING: [#def20] qemu-10.2.2/tests/unit/rcutorture.c: scope_hint: In function ‘rcu_read_stress_test’ qemu-10.2.2/tests/unit/rcutorture.c:251:18: warning[-Wunused-but-set-variable=]: variable ‘garbage’ set but not used # 251 | volatile int garbage = 0; # | ^~~~~~~ # 249| long long n_reads_local = 0; # 250| long long rcu_stress_local[RCU_STRESS_PIPE_LEN + 1] = { 0 }; # 251|-> volatile int garbage = 0; # 252| # 253| rcu_register_thread();
| analyzer-version-clippy | 1.95.0 |
| analyzer-version-cppcheck | 2.20.0 |
| analyzer-version-gcc | 16.1.1 |
| analyzer-version-gcc-analyzer | 16.1.1 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.95.0 |
| diffbase-analyzer-version-cppcheck | 2.20.0 |
| diffbase-analyzer-version-gcc | 16.1.1 |
| diffbase-analyzer-version-gcc-analyzer | 16.1.1 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-233.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | qemu-11.0.0-0.10.rc3.fc45 |
| diffbase-store-results-to | /tmp/tmpi4uibz5s/qemu-11.0.0-0.10.rc3.fc45.tar.xz |
| diffbase-time-created | 2026-06-01 17:22:54 |
| diffbase-time-finished | 2026-06-01 18:22:56 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmpi4uibz5s/qemu-11.0.0-0.10.rc3.fc45.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpi4uibz5s/qemu-11.0.0-0.10.rc3.fc45.src.rpm' |
| diffbase-tool-version | csmock-3.8.5.20260529.133039.g6f3b5c6-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-233.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | qemu-10.2.2-1.fc44 |
| store-results-to | /tmp/tmp2xzrpmr_/qemu-10.2.2-1.fc44.tar.xz |
| time-created | 2026-06-01 16:18:22 |
| time-finished | 2026-06-01 17:21:25 |
| title | Fixed findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmp2xzrpmr_/qemu-10.2.2-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp2xzrpmr_/qemu-10.2.2-1.fc44.src.rpm' |
| tool-version | csmock-3.8.5.20260529.133039.g6f3b5c6-1.el9 |