Error: COMPILER_WARNING (CWE-252): [#def1] shadow-4.19.0/lib/audit_help.c: scope_hint: In function ‘audit_logger’ shadow-4.19.0/lib/audit_help.c:71:17: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’ # 71 | audit_log_acct_message (audit_fd, type, NULL, op, name, id, # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 72 | NULL, NULL, NULL, result); # | ~~~~~~~~~~~~~~~~~~~~~~~~~ # 69| return; # 70| } else { # 71|-> audit_log_acct_message (audit_fd, type, NULL, op, name, id, # 72| NULL, NULL, NULL, result); # 73| } Error: COMPILER_WARNING (CWE-252): [#def2] shadow-4.19.0/lib/audit_help.c: scope_hint: In function ‘audit_logger_with_group’ shadow-4.19.0/lib/audit_help.c:113:9: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’ # 113 | audit_log_acct_message(audit_fd, type, NULL, buf, name, id, # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 114 | NULL, NULL, NULL, result); # | ~~~~~~~~~~~~~~~~~~~~~~~~~ # 111| } # 112| # 113|-> audit_log_acct_message(audit_fd, type, NULL, buf, name, id, # 114| NULL, NULL, NULL, result); # 115| } Error: COMPILER_WARNING (CWE-252): [#def3] shadow-4.19.0/lib/audit_help.c: scope_hint: In function ‘audit_logger_message’ shadow-4.19.0/lib/audit_help.c:122:17: warning[-Wunused-result]: ignoring return value of ‘audit_log_user_message’ declared with attribute ‘warn_unused_result’ # 122 | audit_log_user_message (audit_fd, # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 123 | AUDIT_USYS_CONFIG, # | ~~~~~~~~~~~~~~~~~~ # 124 | message, # | ~~~~~~~~ # 125 | NULL, /* hostname */ # | ~~~~~~~~~~~~~~~~~~~~ # 126 | NULL, /* addr */ # | ~~~~~~~~~~~~~~~~ # 127 | NULL, /* tty */ # | ~~~~~~~~~~~~~~~ # 128 | result); # | ~~~~~~~ # 120| return; # 121| } else { # 122|-> audit_log_user_message (audit_fd, # 123| AUDIT_USYS_CONFIG, # 124| message, Error: GCC_ANALYZER_WARNING (CWE-401): [#def4] shadow-4.19.0/lib/copydir.c:233:22: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarray(0, 1, 40)’ shadow-4.19.0/lib/copydir.c:871:5: enter_function: entry to ‘copy_tree’ shadow-4.19.0/lib/copydir.c:887:16: call_function: calling ‘copy_tree_impl’ from ‘copy_tree’ # 231| # 232| lp = xmalloc_T(1, struct link_name); # 233|-> lp->ln_dev = sb->st_dev; # 234| lp->ln_ino = sb->st_ino; # 235| lp->ln_count = sb->st_nlink; Error: GCC_ANALYZER_WARNING (CWE-775): [#def5] shadow-4.19.0/lib/fd.c:39:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’ shadow-4.19.0/lib/fd.c:38:19: acquire_resource: opened here shadow-4.19.0/lib/fd.c:39:12: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0) # 37| # 38| devnull = open("/dev/null", O_RDWR); # 39|-> if (devnull != fd) # 40| abort(); # 41| } Error: COMPILER_WARNING (CWE-477): [#def6] shadow-4.19.0/lib/getdef.c: scope_hint: In function ‘def_load’ shadow-4.19.0/lib/getdef.c:486:9: warning[-Wdeprecated-declarations]: ‘econf_readDirs’ is deprecated: Use the econf_readConfig/econf_readConfigWithCallback instead # 486 | error = econf_readDirs (&defs_file, vendordir, sysconfdir, "login", "defs", " \t", "#"); # | ^~~~~ shadow-4.19.0/lib/getdef.c:22: included_from: Included from here. /usr/include/libeconf.h:497:1: note: declared here # 497 | econf_readDirs(econf_file **key_file, # | ^~~~~~~~~~~~~~ # 484| def_loaded = true; # 485| # 486|-> error = econf_readDirs (&defs_file, vendordir, sysconfdir, "login", "defs", " \t", "#"); # 487| if (error) { # 488| if (error == ECONF_NOFILE) Error: COMPILER_WARNING (CWE-477): [#def7] shadow-4.19.0/lib/getdef.c:486:9: warning[-Wdeprecated-declarations]: ‘econf_readDirs’ is deprecated: Use the econf_readConfig/econf_readConfigWithCallback instead # 484| def_loaded = true; # 485| # 486|-> error = econf_readDirs (&defs_file, vendordir, sysconfdir, "login", "defs", " \t", "#"); # 487| if (error) { # 488| if (error == ECONF_NOFILE) Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] shadow-4.19.0/lib/groupio.c:352:40: warning[-Wanalyzer-malloc-leak]: leak of ‘calloc(members + 1, 8)’ shadow-4.19.0/lib/groupio.c:315:12: branch_false: following ‘false’ branch... shadow-4.19.0/lib/groupio.c:320:9: branch_false: ...to here shadow-4.19.0/lib/groupio.c:322:12: branch_false: following ‘false’ branch... shadow-4.19.0/lib/groupio.c:328:20: branch_false: ...to here shadow-4.19.0/lib/groupio.c:329:12: branch_false: following ‘false’ branch... shadow-4.19.0/lib/groupio.c:329:12: branch_false: ...to here shadow-4.19.0/lib/groupio.c:347:23: acquire_memory: allocated here shadow-4.19.0/lib/groupio.c:348:12: branch_false: following ‘false’ branch... shadow-4.19.0/lib/groupio.c:348:12: branch_false: ...to here shadow-4.19.0/lib/groupio.c:352:19: branch_false: following ‘false’ branch... shadow-4.19.0/lib/groupio.c:352:19: branch_false: ...to here shadow-4.19.0/lib/groupio.c:358:19: branch_false: following ‘false’ branch... shadow-4.19.0/lib/groupio.c:373:9: branch_false: ...to here shadow-4.19.0/lib/groupio.c:352:40: danger: ‘calloc(members + 1, 8)’ leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6) # 350| return NULL; # 351| } # 352|-> for (i=0; NULL != gptr1->gr_mem[i]; i++) { # 353| new_members[i] = gptr1->gr_mem[i]; # 354| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def9] shadow-4.19.0/lib/list.c:64:25: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarray(0, (long unsigned int)(i + 2), 8)’ shadow-4.19.0/lib/list.c:32:1: enter_function: entry to ‘add_list’ shadow-4.19.0/lib/list.c:37:9: branch_true: following ‘true’ branch (when ‘member’ is non-NULL)... shadow-4.19.0/lib/list.c:38:9: branch_true: ...to here shadow-4.19.0/lib/list.c:38:9: branch_true: following ‘true’ branch (when ‘list’ is non-NULL)... shadow-4.19.0/lib/list.c:38:9: branch_true: ...to here shadow-4.19.0/lib/list.c:56:15: call_function: inlined call to ‘mallocarray’ from ‘add_list’ shadow-4.19.0/lib/list.c:56:15: call_function: inlined call to ‘exit_if_null_’ from ‘add_list’ shadow-4.19.0/lib/list.c:64:21: branch_false: following ‘false’ branch... shadow-4.19.0/lib/list.c:68:18: branch_false: ...to here shadow-4.19.0/lib/list.c:64:25: danger: ‘reallocarray(0, (long unsigned int)(i + 2), 8)’ leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6) # 62| */ # 63| # 64|-> for (i = 0; list[i] != NULL; i++) { # 65| tmp[i] = list[i]; # 66| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def10] shadow-4.19.0/lib/list.c:150:24: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarray(0, (long unsigned int)(i + 1), 8)’ shadow-4.19.0/lib/list.c:138:1: enter_function: entry to ‘dup_list’ shadow-4.19.0/lib/list.c:143:9: branch_true: following ‘true’ branch (when ‘list’ is non-NULL)... shadow-4.19.0/lib/list.c:143:9: branch_true: ...to here shadow-4.19.0/lib/list.c:147:15: call_function: inlined call to ‘mallocarray’ from ‘dup_list’ shadow-4.19.0/lib/list.c:147:15: call_function: inlined call to ‘exit_if_null_’ from ‘dup_list’ shadow-4.19.0/lib/list.c:150:16: branch_true: following ‘true’ branch... shadow-4.19.0/lib/list.c:151:26: branch_true: ...to here shadow-4.19.0/lib/list.c:150:24: danger: ‘reallocarray(0, (long unsigned int)(i + 1), 8)’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4) # 148| # 149| i = 0; # 150|-> while (NULL != *list) { # 151| tmp[i] = xstrdup (*list); # 152| i++; Error: GCC_ANALYZER_WARNING (CWE-775): [#def11] shadow-4.19.0/lib/readpassphrase.c:93:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 2)’ shadow-4.19.0/lib/readpassphrase.c:63:12: branch_false: following ‘false’ branch (when ‘bufsiz != 0’)... shadow-4.19.0/lib/readpassphrase.c:63:12: branch_false: ...to here shadow-4.19.0/lib/readpassphrase.c:69:21: branch_true: following ‘true’ branch (when ‘i != 65’)... shadow-4.19.0/lib/readpassphrase.c:70:17: branch_true: ...to here shadow-4.19.0/lib/readpassphrase.c:78:12: branch_false: following ‘false’ branch... shadow-4.19.0/lib/readpassphrase.c:79:31: branch_false: ...to here shadow-4.19.0/lib/readpassphrase.c:79:31: acquire_resource: opened here shadow-4.19.0/lib/readpassphrase.c:78:13: branch_false: following ‘false’ branch... shadow-4.19.0/lib/readpassphrase.c:93:12: branch_false: ...to here shadow-4.19.0/lib/readpassphrase.c:93:12: danger: ‘open("/dev/tty", 2)’ leaks here; was opened at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6) # 91| * generate SIGTTOU, so do it *before* installing the signal handlers. # 92| */ # 93|-> if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) { # 94| term = oterm; # 95| if (!(flags & RPP_ECHO_ON)) Error: COMPILER_WARNING (CWE-252): [#def12] shadow-4.19.0/lib/readpassphrase.c: scope_hint: In function ‘readpassphrase’ shadow-4.19.0/lib/readpassphrase.c:128:23: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’ # 128 | (void)write(output, prompt, strlen(prompt)); # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 126| # 127| if (!(flags & RPP_STDIN)) # 128|-> (void)write(output, prompt, strlen(prompt)); # 129| end = buf + bufsiz - 1; # 130| p = buf; Error: COMPILER_WARNING (CWE-252): [#def13] shadow-4.19.0/lib/readpassphrase.c:147:23: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’ # 147 | (void)write(output, "\n", 1); # | ^~~~~~~~~~~~~~~~~~~~~~ # 145| save_errno = errno; # 146| if (!(term.c_lflag & ECHO)) # 147|-> (void)write(output, "\n", 1); # 148| # 149| /* Restore old terminal settings and signals. */ Error: GCC_ANALYZER_WARNING (CWE-775): [#def14] shadow-4.19.0/lib/sulog.c:59:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(getdef_str("SULOG_FILE"), "a+")’ shadow-4.19.0/lib/sulog.c:35:17: branch_false: following ‘false’ branch (when ‘saved_locale’ is NULL)... shadow-4.19.0/lib/sulog.c:42:22: branch_false: ...to here shadow-4.19.0/lib/sulog.c:43:12: branch_false: following ‘false’ branch... shadow-4.19.0/lib/sulog.c:47:18: branch_false: ...to here shadow-4.19.0/lib/sulog.c:57:14: acquire_resource: opened here shadow-4.19.0/lib/sulog.c:59:12: branch_true: following ‘true’ branch (when ‘oldgid != 0’)... shadow-4.19.0/lib/sulog.c:59:31: branch_true: ...to here shadow-4.19.0/lib/sulog.c:59:13: danger: ‘fopen(getdef_str("SULOG_FILE"), "a+")’ leaks here; was opened at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4) # 57| fp = fopen (sulog_file, "a+"); # 58| (void) umask (oldmask); # 59|-> if ((oldgid != 0) && (setgid (oldgid) != 0)) { # 60| perror ("setgid"); # 61| SYSLOG ((LOG_ERR, Error: GCC_ANALYZER_WARNING (CWE-401): [#def15] shadow-4.19.0/lib/sulog.c:59:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(getdef_str("SULOG_FILE"), "a+")’ shadow-4.19.0/lib/sulog.c:35:17: branch_false: following ‘false’ branch (when ‘saved_locale’ is NULL)... shadow-4.19.0/lib/sulog.c:42:22: branch_false: ...to here shadow-4.19.0/lib/sulog.c:43:12: branch_false: following ‘false’ branch... shadow-4.19.0/lib/sulog.c:47:18: branch_false: ...to here shadow-4.19.0/lib/sulog.c:57:14: acquire_memory: allocated here shadow-4.19.0/lib/sulog.c:59:12: branch_true: following ‘true’ branch (when ‘oldgid != 0’)... shadow-4.19.0/lib/sulog.c:59:31: branch_true: ...to here shadow-4.19.0/lib/sulog.c:59:13: danger: ‘fopen(getdef_str("SULOG_FILE"), "a+")’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4) # 57| fp = fopen (sulog_file, "a+"); # 58| (void) umask (oldmask); # 59|-> if ((oldgid != 0) && (setgid (oldgid) != 0)) { # 60| perror ("setgid"); # 61| SYSLOG ((LOG_ERR, Error: GCC_ANALYZER_WARNING (CWE-401): [#def16] shadow-4.19.0/lib/xgetXXbyYY.c:65:26: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarray(0, 1, 32)’ shadow-4.19.0/lib/xgetXXbyYY.c:49:35: enter_function: entry to ‘xgetgrnam’ shadow-4.19.0/lib/xgetXXbyYY.c:57:18: call_function: inlined call to ‘mallocarray’ from ‘xgetgrnam’ shadow-4.19.0/lib/xgetXXbyYY.c:58:12: branch_false: following ‘false’ branch... shadow-4.19.0/lib/xgetXXbyYY.c:58:12: branch_false: ...to here shadow-4.19.0/lib/xgetXXbyYY.c:65:26: danger: ‘reallocarray(0, 1, 32)’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 63| int status; # 64| LOOKUP_TYPE *resbuf = NULL; # 65|-> buffer = xrealloc_T(buffer, length, char); # 66| status = REENTRANT_NAME(ARG_NAME, result, buffer, # 67| length, &resbuf); Error: GCC_ANALYZER_WARNING (CWE-401): [#def17] shadow-4.19.0/lib/xgetXXbyYY.c:65:26: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarray(0, 1, 48)’ shadow-4.19.0/lib/xgetXXbyYY.c:49:35: enter_function: entry to ‘xgetpwnam’ shadow-4.19.0/lib/xgetXXbyYY.c:57:18: call_function: inlined call to ‘mallocarray’ from ‘xgetpwnam’ shadow-4.19.0/lib/xgetXXbyYY.c:58:12: branch_false: following ‘false’ branch... shadow-4.19.0/lib/xgetXXbyYY.c:58:12: branch_false: ...to here shadow-4.19.0/lib/xgetXXbyYY.c:65:26: danger: ‘reallocarray(0, 1, 48)’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 63| int status; # 64| LOOKUP_TYPE *resbuf = NULL; # 65|-> buffer = xrealloc_T(buffer, length, char); # 66| status = REENTRANT_NAME(ARG_NAME, result, buffer, # 67| length, &resbuf); Error: GCC_ANALYZER_WARNING (CWE-401): [#def18] shadow-4.19.0/lib/xgetXXbyYY.c:65:26: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarray(0, 1, 72)’ shadow-4.19.0/lib/xgetXXbyYY.c:49:35: enter_function: entry to ‘xgetspnam’ shadow-4.19.0/lib/xgetXXbyYY.c:57:18: call_function: inlined call to ‘mallocarray’ from ‘xgetspnam’ shadow-4.19.0/lib/xgetXXbyYY.c:58:12: branch_false: following ‘false’ branch... shadow-4.19.0/lib/xgetXXbyYY.c:58:12: branch_false: ...to here shadow-4.19.0/lib/xgetXXbyYY.c:65:26: danger: ‘reallocarray(0, 1, 72)’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 63| int status; # 64| LOOKUP_TYPE *resbuf = NULL; # 65|-> buffer = xrealloc_T(buffer, length, char); # 66| status = REENTRANT_NAME(ARG_NAME, result, buffer, # 67| length, &resbuf); Error: GCC_ANALYZER_WARNING (CWE-401): [#def19] shadow-4.19.0/libsubid/api.c:45:1: warning[-Wanalyzer-malloc-leak]: leak of ‘progname’ shadow-4.19.0/libsubid/api.c:25:12: branch_true: following ‘true’ branch (when ‘progname’ is non-NULL)... shadow-4.19.0/libsubid/api.c:26:28: branch_true: ...to here shadow-4.19.0/libsubid/api.c:26:28: acquire_memory: allocated here shadow-4.19.0/libsubid/api.c:27:20: branch_false: following ‘false’ branch (when ‘progname’ is non-NULL)... shadow-4.19.0/libsubid/api.c:29:17: branch_false: ...to here shadow-4.19.0/libsubid/api.c:45:1: danger: ‘progname’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 43| log_set_logfd(shadow_logfd); # 44| return true; # 45|-> } # 46| # 47| void subid_free(void *ptr)
| analyzer-version-clippy | 1.95.0 |
| analyzer-version-cppcheck | 2.20.0 |
| analyzer-version-gcc | 16.1.1 |
| analyzer-version-gcc-analyzer | 16.1.1 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.95.0 |
| diffbase-analyzer-version-cppcheck | 2.20.0 |
| diffbase-analyzer-version-gcc | 16.1.1 |
| diffbase-analyzer-version-gcc-analyzer | 16.1.1 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-51.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | shadow-utils-4.19.3-3.fc45 |
| diffbase-store-results-to | /tmp/tmpw5gbwrc5/shadow-utils-4.19.3-3.fc45.tar.xz |
| diffbase-time-created | 2026-06-01 16:48:27 |
| diffbase-time-finished | 2026-06-01 16:51:28 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmpw5gbwrc5/shadow-utils-4.19.3-3.fc45.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpw5gbwrc5/shadow-utils-4.19.3-3.fc45.src.rpm' |
| diffbase-tool-version | csmock-3.8.5.20260529.133039.g6f3b5c6-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-51.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | shadow-utils-4.19.0-6.fc44 |
| store-results-to | /tmp/tmppfaw69p6/shadow-utils-4.19.0-6.fc44.tar.xz |
| time-created | 2026-06-01 16:44:41 |
| time-finished | 2026-06-01 16:48:11 |
| title | Fixed findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmppfaw69p6/shadow-utils-4.19.0-6.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmppfaw69p6/shadow-utils-4.19.0-6.fc44.src.rpm' |
| tool-version | csmock-3.8.5.20260529.133039.g6f3b5c6-1.el9 |