Error: GCC_ANALYZER_WARNING (CWE-401): [#def1] systemd-261-rc2/src/basic/alloc-util.h:79:9: warning[-Wanalyzer-malloc-leak]: leak of ‘options’ systemd-261-rc2/src/gpt-auto-generator/gpt-auto-generator.c:1388:1: enter_function: entry to ‘main’ systemd-261-rc2/src/gpt-auto-generator/gpt-auto-generator.c:1388:1: call_function: calling ‘run’ from ‘main’ # 77| # 78| static inline void freep(void *p) { # 79|-> *(void**)p = mfree(*(void**) p); # 80| } # 81| Error: COMPILER_WARNING: [#def2] [important] systemd-261-rc2/src/basic/cgroup-util.c:78:44: error[error]: ‘FILEID_KERNFS’ undeclared (first use in this function) # 76| } fh = { # 77| .file_handle.handle_bytes = sizeof(uint64_t), # 78|-> .file_handle.handle_type = FILEID_KERNFS, # 79| }; # 80| Error: GCC_ANALYZER_WARNING (CWE-476): [#def3] systemd-261-rc2/src/basic/mountpoint-util.c:205:13: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘h’ systemd-261-rc2/src/basic/mountpoint-util.c:194:5: enter_function: entry to ‘name_to_handle_at_u64’ systemd-261-rc2/src/basic/mountpoint-util.c:195:44: release_memory: ‘h’ is NULL systemd-261-rc2/src/basic/mountpoint-util.c:198:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/basic/mountpoint-util.c:202:13: branch_false: ...to here systemd-261-rc2/src/basic/mountpoint-util.c:202:13: call_function: calling ‘name_to_handle_at_loop’ from ‘name_to_handle_at_u64’ systemd-261-rc2/src/basic/mountpoint-util.c:202:13: return_function: returning to ‘name_to_handle_at_u64’ from ‘name_to_handle_at_loop’ systemd-261-rc2/src/basic/mountpoint-util.c:203:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/basic/mountpoint-util.c:205:14: branch_false: ...to here systemd-261-rc2/src/basic/mountpoint-util.c:205:14: release_memory: ‘h’ is NULL systemd-261-rc2/src/basic/mountpoint-util.c:205:13: danger: dereference of NULL ‘h’ # 203| if (r < 0) # 204| return r; # 205|-> if (h->handle_bytes < sizeof(uint64_t)) # 206| return -EBADMSG; # 207| Error: COMPILER_WARNING: [#def4] [important] systemd-261-rc2/src/basic/namespace-util.c:917:38: error[error]: ‘FILEID_NSFS’ undeclared (first use in this function) # 915| } fh = {}; # 916| fh.file_handle.handle_bytes = sizeof(struct nsfs_file_handle); # 917|-> fh.file_handle.handle_type = FILEID_NSFS; # 918| # 919| /* The first 8 bytes of struct nsfs_file_handle (see <linux/nsfs.h>, uapi since kernel v6.18) Error: COMPILER_WARNING: [#def5] [important] systemd-261-rc2/src/basic/namespace-util.c:925:45: error[error]: ‘FD_NSFS_ROOT’ undeclared (first use in this function); did you mean ‘FD_PIDFS_ROOT’? # 923| unaligned_write_ne64(fh.file_handle.f_handle, ns_id); # 924| # 925|-> return RET_NERRNO(open_by_handle_at(FD_NSFS_ROOT, &fh.file_handle, O_PATH|O_CLOEXEC)); # 926| } # 927| Error: GCC_ANALYZER_WARNING (CWE-688): [#def6] systemd-261-rc2/src/basic/os-util.c:414:23: warning[-Wanalyzer-null-argument]: use of NULL ‘root’ where non-null expected systemd-261-rc2/src/basic/os-util.c:467:5: enter_function: entry to ‘os_release_support_ended’ systemd-261-rc2/src/basic/os-util.c:471:12: branch_true: following ‘true’ branch (when ‘support_end’ is NULL)... systemd-261-rc2/src/basic/os-util.c:475:21: branch_true: ...to here systemd-261-rc2/src/basic/os-util.c:475:21: call_function: calling ‘parse_extension_release_sentinel’ from ‘os_release_support_ended’ # 412| # 413| if (!empty_or_root(root)) { # 414|-> rfd = open(root, O_CLOEXEC | O_DIRECTORY | O_PATH); # 415| if (rfd < 0) # 416| return -errno; Error: GCC_ANALYZER_WARNING (CWE-457): [#def7] systemd-261-rc2/src/basic/stat-util.c:617:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘mntidb’ systemd-261-rc2/src/basic/stat-util.c:527:5: enter_function: entry to ‘inode_same_at’ systemd-261-rc2/src/basic/stat-util.c:531:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/basic/stat-util.c:532:9: branch_false: ...to here systemd-261-rc2/src/basic/stat-util.c:532:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/basic/stat-util.c:533:9: branch_false: ...to here systemd-261-rc2/src/basic/stat-util.c:533:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/basic/stat-util.c:536:14: call_function: inlined call to ‘isempty’ from ‘inode_same_at’ systemd-261-rc2/src/basic/stat-util.c:536:13: branch_false: following ‘false’ branch... systemd-261-rc2/src/basic/stat-util.c:540:13: branch_false: ...to here systemd-261-rc2/src/basic/stat-util.c:544:12: branch_true: following ‘true’ branch... systemd-261-rc2/src/basic/stat-util.c:550:22: call_function: inlined call to ‘isempty’ from ‘inode_same_at’ systemd-261-rc2/src/basic/stat-util.c:582:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/basic/stat-util.c:588:22: branch_false: ...to here systemd-261-rc2/src/basic/stat-util.c:590:20: branch_true: following ‘true’ branch... systemd-261-rc2/src/basic/stat-util.c:591:25: branch_true: ...to here systemd-261-rc2/src/basic/stat-util.c:600:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/basic/stat-util.c:606:20: branch_false: ...to here systemd-261-rc2/src/basic/stat-util.c:606:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/basic/stat-util.c:612:22: branch_false: ...to here systemd-261-rc2/src/basic/stat-util.c:612:20: branch_true: following ‘true’ branch... systemd-261-rc2/src/basic/stat-util.c:617:21: branch_true: ...to here systemd-261-rc2/src/basic/stat-util.c:617:21: danger: use of uninitialized value ‘mntidb’ here # 615| /* If the file handles are the same and they come from the same mount ID? Great, then we are # 616| * good, they are definitely the same */ # 617|-> if (mntida == mntidb) # 618| return true; # 619| Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] systemd-261-rc2/src/basic/strv.c:590:9: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(key)’ systemd-261-rc2/src/basic/strv.c:1137:12: enter_function: entry to ‘string_strv_hashmap_put_internal’ systemd-261-rc2/src/basic/strv.c:1141:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/basic/strv.c:1142:9: branch_false: ...to here systemd-261-rc2/src/basic/strv.c:1142:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/basic/strv.c:1143:9: branch_false: ...to here systemd-261-rc2/src/basic/strv.c:1143:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/basic/strv.c:1145:13: call_function: inlined call to ‘hashmap_get’ from ‘string_strv_hashmap_put_internal’ systemd-261-rc2/src/basic/strv.c:1146:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/basic/strv.c:1158:44: branch_false: ...to here systemd-261-rc2/src/basic/strv.c:1161:21: acquire_memory: allocated here systemd-261-rc2/src/basic/strv.c:1162:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/basic/strv.c:1165:21: call_function: inlined call to ‘strv_extend’ from ‘string_strv_hashmap_put_internal’ systemd-261-rc2/src/basic/strv.c:1165:21: call_function: inlined call to ‘strv_extend’ from ‘string_strv_hashmap_put_internal’ systemd-261-rc2/src/basic/strv.c:1166:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/basic/strv.c:1169:21: branch_false: ...to here systemd-261-rc2/src/basic/strv.c:590:9: danger: ‘strdup(key)’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10) # 588| * If value is empty, no action is taken and *n is not set. */ # 589| # 590|-> assert(l); # 591| POINTER_MAY_BE_NULL(n); # 592| Error: GCC_ANALYZER_WARNING (CWE-457): [#def9] systemd-261-rc2/src/boot/part-discovery.c:165:32: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘gpt.NumberOfPartitionEntries’ systemd-261-rc2/src/boot/part-discovery.c:293:12: enter_function: entry to ‘partition_open’ systemd-261-rc2/src/boot/part-discovery.c:300:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/boot/part-discovery.c:301:9: branch_false: ...to here systemd-261-rc2/src/boot/part-discovery.c:301:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/boot/part-discovery.c:302:9: branch_false: ...to here systemd-261-rc2/src/boot/part-discovery.c:302:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/boot/part-discovery.c:304:15: branch_false: ...to here systemd-261-rc2/src/boot/part-discovery.c:304:15: call_function: calling ‘find_device’ from ‘partition_open’ # 163| return err; # 164| # 165|-> for (size_t i = 0; i < gpt.NumberOfPartitionEntries; i++) { # 166| EFI_PARTITION_ENTRY *entry = # 167| (EFI_PARTITION_ENTRY *) ((uint8_t *) entries + gpt.SizeOfPartitionEntry * i); Error: GCC_ANALYZER_WARNING (CWE-457): [#def10] systemd-261-rc2/src/boot/part-discovery.c:422:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘gpt.NumberOfPartitionEntries’ systemd-261-rc2/src/boot/part-discovery.c:323:18: enter_function: entry to ‘disk_get_part_uuid_eltorito’ systemd-261-rc2/src/boot/part-discovery.c:326:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/boot/part-discovery.c:326:9: branch_false: ...to here systemd-261-rc2/src/boot/part-discovery.c:335:49: call_function: calling ‘device_path_is_end’ from ‘disk_get_part_uuid_eltorito’ systemd-261-rc2/src/boot/part-discovery.c:335:49: return_function: returning to ‘disk_get_part_uuid_eltorito’ from ‘device_path_is_end’ systemd-261-rc2/src/boot/part-discovery.c:335:48: branch_false: following ‘false’ branch... systemd-261-rc2/src/boot/part-discovery.c:336:21: branch_false: ...to here systemd-261-rc2/src/boot/part-discovery.c:335:49: call_function: calling ‘device_path_is_end’ from ‘disk_get_part_uuid_eltorito’ systemd-261-rc2/src/boot/part-discovery.c:335:49: return_function: returning to ‘disk_get_part_uuid_eltorito’ from ‘device_path_is_end’ systemd-261-rc2/src/boot/part-discovery.c:338:12: branch_false: following ‘false’ branch (when ‘cdrom’ is non-NULL)... systemd-261-rc2/src/boot/part-discovery.c:344:53: branch_false: ...to here systemd-261-rc2/src/boot/part-discovery.c:349:12: branch_false: following ‘false’ branch (when ‘err == 0’)... systemd-261-rc2/src/boot/part-discovery.c:354:18: branch_false: ...to here systemd-261-rc2/src/boot/part-discovery.c:358:12: branch_false: following ‘false’ branch (when ‘err == 0’)... systemd-261-rc2/src/boot/part-discovery.c:363:21: branch_false: ...to here systemd-261-rc2/src/boot/part-discovery.c:363:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/boot/part-discovery.c:363:51: branch_false: ...to here systemd-261-rc2/src/boot/part-discovery.c:363:13: branch_true: following ‘true’ branch... systemd-261-rc2/src/boot/part-discovery.c:364:13: branch_true: ...to here systemd-261-rc2/src/boot/part-discovery.c:363:13: branch_false: following ‘false’ branch... systemd-261-rc2/src/boot/part-discovery.c:372:18: branch_false: ...to here systemd-261-rc2/src/boot/part-discovery.c:373:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/boot/part-discovery.c:373:71: branch_false: ...to here systemd-261-rc2/src/boot/part-discovery.c:373:71: branch_true: following ‘true’ branch... systemd-261-rc2/src/boot/part-discovery.c:378:31: branch_true: ...to here systemd-261-rc2/src/boot/part-discovery.c:380:12: branch_false: following ‘false’ branch (when ‘err == 0’)... systemd-261-rc2/src/boot/part-discovery.c:385:37: branch_false: ...to here systemd-261-rc2/src/boot/part-discovery.c:395:33: branch_true: following ‘true’ branch (when ‘ss <= 4096’)... systemd-261-rc2/src/boot/part-discovery.c:396:25: branch_true: ...to here systemd-261-rc2/src/boot/part-discovery.c:398:23: call_function: calling ‘read_gpt_entries’ from ‘disk_get_part_uuid_eltorito’ systemd-261-rc2/src/boot/part-discovery.c:398:23: return_function: returning to ‘disk_get_part_uuid_eltorito’ from ‘read_gpt_entries’ systemd-261-rc2/src/boot/part-discovery.c:417:12: branch_false: following ‘false’ branch (when ‘gpt_sector_size != 0’)... systemd-261-rc2/src/boot/part-discovery.c:422:9: branch_false: ...to here systemd-261-rc2/src/boot/part-discovery.c:422:9: danger: use of uninitialized value ‘gpt.NumberOfPartitionEntries’ here # 420| } # 421| # 422|-> log_debug("Found GPT on El Torito disk with sector size %" PRIu32 ", %" PRIu32 " partition entries.", # 423| gpt_sector_size, gpt.NumberOfPartitionEntries); # 424| Error: CPPCHECK_WARNING (CWE-401): [#def11] systemd-261-rc2/src/bootctl/bootctl-install.c:1130: error[memleak]: Memory leak: siglist # 1128| r = efi_timestamp(×tamp); # 1129| if (r < 0) # 1130|-> return r; # 1131| # 1132| uint32_t attrs = Error: CPPCHECK_WARNING (CWE-457): [#def12] systemd-261-rc2/src/bootctl/bootctl-link.c:1063: error[uninitvar]: Uninitialized variable: i # 1061| }; # 1062| # 1063|-> r = sd_json_dispatch(i, dispatch_table, /* flags= */ 0, &xp); # 1064| if (r < 0) # 1065| return r; Error: GCC_ANALYZER_WARNING (CWE-401): [#def13] systemd-261-rc2/src/bootctl/bootctl-unlink.c:96:77: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(fn)’ systemd-261-rc2/src/bootctl/bootctl-unlink.c:562:5: enter_function: entry to ‘vl_method_unlink’ systemd-261-rc2/src/bootctl/bootctl-unlink.c:570:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/bootctl/bootctl-unlink.c:572:60: branch_false: ...to here systemd-261-rc2/src/bootctl/bootctl-unlink.c:587:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/bootctl/bootctl-unlink.c:591:13: branch_false: ...to here systemd-261-rc2/src/bootctl/bootctl-unlink.c:591:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/bootctl/bootctl-unlink.c:593:12: branch_false: ...to here systemd-261-rc2/src/bootctl/bootctl-unlink.c:638:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/bootctl/bootctl-unlink.c:640:13: branch_false: ...to here systemd-261-rc2/src/bootctl/bootctl-unlink.c:648:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/bootctl/bootctl-unlink.c:652:14: branch_false: ...to here systemd-261-rc2/src/bootctl/bootctl-unlink.c:655:13: call_function: calling ‘run_unlink’ from ‘vl_method_unlink’ # 94| return -ENOMEM; # 95| # 96|-> r = hashmap_ensure_put(known_files, &path_hash_ops_free, t, INT_TO_PTR(n)); # 97| if (r < 0) # 98| return r; Error: GCC_ANALYZER_WARNING (CWE-401): [#def14] systemd-261-rc2/src/bootctl/bootspec-util.c:255:1: warning[-Wanalyzer-malloc-leak]: leak of ‘et’ systemd-261-rc2/src/bootctl/bootspec-util.c:167:5: enter_function: entry to ‘boot_config_find_oldest_commit’ systemd-261-rc2/src/bootctl/bootspec-util.c:174:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/bootctl/bootspec-util.c:175:9: branch_false: ...to here systemd-261-rc2/src/bootctl/bootspec-util.c:175:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/bootctl/bootspec-util.c:176:9: branch_false: ...to here systemd-261-rc2/src/bootctl/bootspec-util.c:176:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/bootctl/bootspec-util.c:182:9: branch_false: ...to here systemd-261-rc2/src/bootctl/bootspec-util.c:182:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/bootctl/bootspec-util.c:182:9: branch_false: ...to here systemd-261-rc2/src/bootctl/bootspec-util.c:182:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/bootctl/bootspec-util.c:183:38: branch_true: ...to here systemd-261-rc2/src/bootctl/bootspec-util.c:186:21: call_function: calling ‘boot_entry_parse_commit’ from ‘boot_config_find_oldest_commit’ systemd-261-rc2/src/bootctl/bootspec-util.c:186:21: return_function: returning to ‘boot_config_find_oldest_commit’ from ‘boot_entry_parse_commit’ systemd-261-rc2/src/bootctl/bootspec-util.c:187:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/bootctl/bootspec-util.c:189:20: branch_false: ...to here systemd-261-rc2/src/bootctl/bootspec-util.c:189:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/bootctl/bootspec-util.c:194:22: branch_false: ...to here systemd-261-rc2/src/bootctl/bootspec-util.c:194:20: branch_true: following ‘true’ branch (when the strings are non-equal)... systemd-261-rc2/src/bootctl/bootspec-util.c:194:20: branch_true: ...to here systemd-261-rc2/src/bootctl/bootspec-util.c:255:1: danger: ‘et’ leaks here; was allocated at [(34)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/33) # 253| *ret_ids = TAKE_PTR(l); # 254| return 0; # 255|-> } Error: COMPILER_WARNING: [#def15] [important] systemd-261-rc2/src/bpf/restrict-fsaccess.bpf.c:126:9: error[-Wimplicit-function-declaration]: implicit declaration of function ‘__builtin_preserve_access_index’ # 124| __u8 *sig_valid; # 125| # 126|-> BPF_CORE_READ_INTO(&s_dev, file, f_inode, i_sb, s_dev); # 127| # 128| /* Check initramfs trust (active only during early boot) */ Error: COMPILER_WARNING: [#def16] [important] systemd-261-rc2/src/coredump/coredump-context.c:201:13: error[error]: ‘PIDFD_INFO_COREDUMP_CODE’ undeclared (first use in this function); did you mean ‘PIDFD_INFO_COREDUMP’? # 199| return log_debug_errno(r, "Failed to get pidfd coredump info, ignoring: %m"); # 200| # 201|-> if (FLAGS_SET(info.mask, PIDFD_INFO_COREDUMP_CODE)) { # 202| context->code = (int) info.coredump_code; # 203| context->got_code = true; Error: COMPILER_WARNING: [#def17] [important] systemd-261-rc2/src/coredump/coredump-context.c:202:44: error[error]: ‘struct pidfd_info’ has no member named ‘coredump_code’; did you mean ‘coredump_mask’? # 200| # 201| if (FLAGS_SET(info.mask, PIDFD_INFO_COREDUMP_CODE)) { # 202|-> context->code = (int) info.coredump_code; # 203| context->got_code = true; # 204| } Error: CPPCHECK_WARNING (CWE-457): [#def18] systemd-261-rc2/src/coredump/coredumpctl.c:868: error[uninitvar]: Uninitialized variable: module_name # 866| # 867| /* We only print the build-id for the 'main' ELF module */ # 868|-> if (!path_equal_filename(module_name, f.fields[COREDUMP_FIELD_EXE])) # 869| continue; # 870| Error: GCC_ANALYZER_WARNING (CWE-401): [#def19] systemd-261-rc2/src/coredump/coredumpctl.c:1252:1: warning[-Wanalyzer-malloc-leak]: leak of ‘filename’ systemd-261-rc2/src/coredump/coredumpctl.c:1116:12: enter_function: entry to ‘save_core’ systemd-261-rc2/src/coredump/coredumpctl.c:1124:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/coredump/coredumpctl.c:1125:9: branch_false: ...to here systemd-261-rc2/src/coredump/coredumpctl.c:1125:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/coredump/coredumpctl.c:1128:13: branch_false: ...to here systemd-261-rc2/src/coredump/coredumpctl.c:1129:12: branch_true: following ‘true’ branch... systemd-261-rc2/src/coredump/coredumpctl.c:1130:38: branch_true: ...to here systemd-261-rc2/src/coredump/coredumpctl.c:1132:21: call_function: calling ‘retrieve’ from ‘save_core’ systemd-261-rc2/src/coredump/coredumpctl.c:1132:21: return_function: returning to ‘save_core’ from ‘retrieve’ systemd-261-rc2/src/coredump/coredumpctl.c:1133:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/coredump/coredumpctl.c:1135:17: branch_false: ...to here systemd-261-rc2/src/coredump/coredumpctl.c:1135:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/coredump/coredumpctl.c:1137:21: branch_false: ...to here systemd-261-rc2/src/coredump/coredumpctl.c:1138:20: branch_true: following ‘true’ branch... systemd-261-rc2/src/coredump/coredumpctl.c:1139:32: branch_true: ...to here systemd-261-rc2/src/coredump/coredumpctl.c:1139:32: branch_false: following ‘false’ branch... systemd-261-rc2/src/coredump/coredumpctl.c:1139:32: branch_false: ...to here systemd-261-rc2/src/coredump/coredumpctl.c:1139:32: branch_true: following ‘true’ branch (when ‘_e < 0’)... systemd-261-rc2/src/coredump/coredumpctl.c:1130:38: call_function: inlined call to ‘freep’ from ‘save_core’ systemd-261-rc2/src/coredump/coredumpctl.c:1252:1: danger: ‘filename’ leaks here; was allocated at [(18)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/17) # 1250| } # 1251| return r; # 1252|-> } # 1253| # 1254| VERB(verb_dump_core, "dump", "[MATCHES…]", VERB_ANY, VERB_ANY, 0, Error: GCC_ANALYZER_WARNING (CWE-476): [#def20] systemd-261-rc2/src/hibernate-resume/hibernate-resume.c:150:35: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘args’ systemd-261-rc2/src/hibernate-resume/hibernate-resume.c:117:12: enter_function: entry to ‘run’ systemd-261-rc2/src/hibernate-resume/hibernate-resume.c:123:16: release_memory: ‘args’ is NULL systemd-261-rc2/src/hibernate-resume/hibernate-resume.c:124:13: call_function: calling ‘parse_argv’ from ‘run’ systemd-261-rc2/src/hibernate-resume/hibernate-resume.c:124:13: return_function: returning to ‘run’ from ‘parse_argv’ systemd-261-rc2/src/hibernate-resume/hibernate-resume.c:125:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/hibernate-resume/hibernate-resume.c:128:25: branch_false: ...to here systemd-261-rc2/src/hibernate-resume/hibernate-resume.c:128:25: release_memory: ‘args’ is NULL systemd-261-rc2/src/hibernate-resume/hibernate-resume.c:130:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/hibernate-resume/hibernate-resume.c:133:9: branch_false: ...to here systemd-261-rc2/src/hibernate-resume/hibernate-resume.c:135:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/hibernate-resume/hibernate-resume.c:138:14: branch_false: ...to here systemd-261-rc2/src/hibernate-resume/hibernate-resume.c:138:12: branch_true: following ‘true’ branch... systemd-261-rc2/src/hibernate-resume/hibernate-resume.c:142:12: branch_true: ...to here systemd-261-rc2/src/hibernate-resume/hibernate-resume.c:142:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/hibernate-resume/hibernate-resume.c:150:35: branch_false: ...to here systemd-261-rc2/src/hibernate-resume/hibernate-resume.c:150:35: danger: dereference of NULL ‘args’ # 148| (void) clear_efi_hibernate_location_and_warn(); # 149| } else { # 150|-> arg_info.device = ASSERT_PTR(args[0]); # 151| # 152| if (n_args == 2) { Error: GCC_ANALYZER_WARNING (CWE-476): [#def21] systemd-261-rc2/src/home/pam_systemd_home.c:1017:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ur’ /usr/include/security/pam_modules.h:40:5: enter_function: entry to ‘pam_sm_acct_mgmt’ systemd-261-rc2/src/home/pam_systemd_home.c:976:51: release_memory: ‘ur’ is NULL systemd-261-rc2/src/home/pam_systemd_home.c:983:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/home/pam_systemd_home.c:986:16: branch_false: ...to here systemd-261-rc2/src/home/pam_systemd_home.c:993:13: call_function: calling ‘parse_argv’ from ‘pam_sm_acct_mgmt’ systemd-261-rc2/src/home/pam_systemd_home.c:993:13: return_function: returning to ‘pam_sm_acct_mgmt’ from ‘parse_argv’ systemd-261-rc2/src/home/pam_systemd_home.c:1001:13: call_function: calling ‘fallback_shell_can_work’ from ‘pam_sm_acct_mgmt’ systemd-261-rc2/src/home/pam_systemd_home.c:1001:13: return_function: returning to ‘pam_sm_acct_mgmt’ from ‘fallback_shell_can_work’ systemd-261-rc2/src/home/pam_systemd_home.c:1002:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/home/pam_systemd_home.c:1005:13: branch_false: ...to here systemd-261-rc2/src/home/pam_systemd_home.c:1005:13: call_function: calling ‘acquire_home’ from ‘pam_sm_acct_mgmt’ systemd-261-rc2/src/home/pam_systemd_home.c:1005:13: return_function: returning to ‘pam_sm_acct_mgmt’ from ‘acquire_home’ systemd-261-rc2/src/home/pam_systemd_home.c:1006:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/home/pam_systemd_home.c:1009:13: branch_false: ...to here systemd-261-rc2/src/home/pam_systemd_home.c:1009:13: call_function: calling ‘acquire_user_record’ from ‘pam_sm_acct_mgmt’ systemd-261-rc2/src/home/pam_systemd_home.c:1009:13: return_function: returning to ‘pam_sm_acct_mgmt’ from ‘acquire_user_record’ systemd-261-rc2/src/home/pam_systemd_home.c:1010:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/home/pam_systemd_home.c:1013:13: branch_false: ...to here systemd-261-rc2/src/home/pam_systemd_home.c:1013:13: release_memory: ‘ur’ is NULL systemd-261-rc2/src/home/pam_systemd_home.c:1017:17: danger: dereference of NULL ‘ur’ # 1015| # 1016| case -ESTALE: # 1017|-> sym_pam_syslog(pamh, LOG_WARNING, "User record for '%s' is newer than current system time, assuming incorrect system clock, allowing access.", ur->user_name); # 1018| break; # 1019| Error: GCC_ANALYZER_WARNING (CWE-457): [#def22] systemd-261-rc2/src/hostname/hostnamed.c:739:24: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘dmi’ systemd-261-rc2/src/hostname/hostnamed.c:1910:12: enter_function: entry to ‘method_describe’ systemd-261-rc2/src/hostname/hostnamed.c:1912:22: branch_false: following ‘false’ branch... systemd-261-rc2/src/hostname/hostnamed.c:1913:30: branch_false: ...to here systemd-261-rc2/src/hostname/hostnamed.c:1917:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/hostname/hostnamed.c:1919:13: branch_false: ...to here systemd-261-rc2/src/hostname/hostnamed.c:1925:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/hostname/hostnamed.c:1930:9: branch_false: ...to here systemd-261-rc2/src/hostname/hostnamed.c:1932:13: call_function: calling ‘build_describe_response’ from ‘method_describe’ # 737| # 738| if (get_dmi_property(c, "ID_CHASSIS", &dmi) >= 0) # 739|-> return dmi; # 740| # 741| fallback = fallback_chassis(c); Error: CPPCHECK_WARNING (CWE-457): [#def23] systemd-261-rc2/src/imds/imds-tool.c:524: error[uninitvar]: Uninitialized variable: c # 522| # 523| _cleanup_(credential_data_done) CredentialData d = {}; # 524|-> r = sd_json_dispatch(c, credential_table, SD_JSON_LOG|SD_JSON_WARNING, &d); # 525| if (r < 0) { # 526| RET_GATHER(ret, r); Error: CPPCHECK_WARNING (CWE-457): [#def24] systemd-261-rc2/src/import/pull-oci.c:428: error[uninitvar]: Uninitialized variable: m # 426| }; # 427| # 428|-> r = json_dispatch_oci_index_entry(m, &entry); # 429| if (r < 0) # 430| return r; Error: CPPCHECK_WARNING (CWE-457): [#def25] systemd-261-rc2/src/import/pull-oci.c:841: error[uninitvar]: Uninitialized variable: m # 839| }; # 840| # 841|-> r = json_dispatch_oci_manifest_layer(m, &layer); # 842| if (r < 0) # 843| return r; Error: CPPCHECK_WARNING (CWE-476): [#def26] systemd-261-rc2/src/import/pull-oci.c:1066: warning[nullPointer]: Possible null pointer dereference: ej # 1064| } # 1065| # 1066|-> fprintf(f, "Parameters=%s\n", ej); # 1067| } # 1068| Error: GCC_ANALYZER_WARNING (CWE-401): [#def27] systemd-261-rc2/src/import/pull-oci.c:1410:24: warning[-Wanalyzer-malloc-leak]: leak of ‘realm’ systemd-261-rc2/src/import/pull-oci.c:1401:12: enter_function: entry to ‘oci_pull_process_authentication_challenge’ systemd-261-rc2/src/import/pull-oci.c:1404:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/import/pull-oci.c:1405:9: branch_false: ...to here systemd-261-rc2/src/import/pull-oci.c:1405:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/import/pull-oci.c:1408:25: branch_false: ...to here systemd-261-rc2/src/import/pull-oci.c:1409:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/import/pull-oci.c:1412:13: branch_false: ...to here systemd-261-rc2/src/import/pull-oci.c:1412:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/import/pull-oci.c:1415:14: branch_false: ...to here systemd-261-rc2/src/import/pull-oci.c:1419:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/import/pull-oci.c:1422:30: branch_false: ...to here systemd-261-rc2/src/import/pull-oci.c:1432:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/import/pull-oci.c:1435:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/import/pull-oci.c:1436:41: branch_true: ...to here systemd-261-rc2/src/import/pull-oci.c:1437:28: branch_false: following ‘false’ branch... systemd-261-rc2/src/import/pull-oci.c:1440:41: branch_false: ...to here systemd-261-rc2/src/import/pull-oci.c:1441:28: branch_false: following ‘false’ branch... systemd-261-rc2/src/import/pull-oci.c:1446:61: branch_false: ...to here systemd-261-rc2/src/import/pull-oci.c:1446:50: acquire_memory: allocated here systemd-261-rc2/src/import/pull-oci.c:1447:28: branch_false: following ‘false’ branch... systemd-261-rc2/src/import/pull-oci.c:1450:25: branch_false: ...to here systemd-261-rc2/src/import/pull-oci.c:1432:9: branch_true: following ‘true’ branch (when ‘__unique_prefix_i29’ is non-NULL)... systemd-261-rc2/src/import/pull-oci.c:1432:9: branch_true: ...to here systemd-261-rc2/src/import/pull-oci.c:1459:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/import/pull-oci.c:1459:23: branch_false: ...to here systemd-261-rc2/src/import/pull-oci.c:1459:13: branch_true: following ‘true’ branch... systemd-261-rc2/src/import/pull-oci.c:1460:24: branch_true: ...to here systemd-261-rc2/src/import/pull-oci.c:1417:36: call_function: calling ‘strv_freep’ from ‘oci_pull_process_authentication_challenge’ systemd-261-rc2/src/import/pull-oci.c:1417:36: return_function: returning to ‘oci_pull_process_authentication_challenge’ from ‘strv_freep’ systemd-261-rc2/src/import/pull-oci.c:1410:24: danger: ‘realm’ leaks here; was allocated at [(20)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/19) # 1408| const char *e = startswith_no_case(challenge, "bearer "); # 1409| if (!e) # 1410|-> return log_error_errno(SYNTHETIC_ERRNO(ENOKEY), "Authentication mechanism not recognized, cannot authenticate."); # 1411| # 1412| if (i->bearer_token_job) Error: GCC_ANALYZER_WARNING (CWE-476): [#def28] systemd-261-rc2/src/kernel-install/kernel-install.c:1314:28: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘args’ systemd-261-rc2/src/kernel-install/kernel-install.c:1685:12: enter_function: entry to ‘run’ systemd-261-rc2/src/kernel-install/kernel-install.c:1690:16: release_memory: ‘args’ is NULL systemd-261-rc2/src/kernel-install/kernel-install.c:1691:13: call_function: calling ‘parse_argv’ from ‘run’ systemd-261-rc2/src/kernel-install/kernel-install.c:1691:13: return_function: returning to ‘run’ from ‘parse_argv’ systemd-261-rc2/src/kernel-install/kernel-install.c:1692:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/kernel-install/kernel-install.c:1695:51: branch_false: ...to here systemd-261-rc2/src/kernel-install/kernel-install.c:1697:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/kernel-install/kernel-install.c:1719:13: branch_false: ...to here systemd-261-rc2/src/kernel-install/kernel-install.c:1719:12: branch_true: following ‘true’ branch... systemd-261-rc2/src/kernel-install/kernel-install.c:1720:24: branch_true: ...to here systemd-261-rc2/src/kernel-install/kernel-install.c:1720:24: release_memory: ‘args’ is NULL systemd-261-rc2/src/kernel-install/kernel-install.c:1720:24: call_function: calling ‘run_as_installkernel’ from ‘run’ # 1312| return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "'installkernel' command requires at least two arguments."); # 1313| # 1314|-> return verb_add(3, STRV_MAKE("add", args[0], args[1]), /* data= */ 0, /* userdata= */ NULL); # 1315| } # 1316| Error: COMPILER_WARNING: [#def29] [important] systemd-261-rc2/src/libc/epoll.c:13:1: error[error]: called object ‘epoll_pwait2_shim_cache’ is not a function or function pointer # 11| * the legacy 32-bit-time_t entry point. */ # 12| #ifdef __USE_TIME_BITS64 # 13|-> DEFINE_LIBC_ERRNO_SHIM_NAMED(epoll_pwait2, "__epoll_pwait2_time64", int, # 14| int, fd, # 15| struct epoll_event *, events, Error: COMPILER_WARNING: [#def30] [important] systemd-261-rc2/src/libc/epoll.c:13:1: error[error]: ‘epoll_pwait2_shim’ undeclared here (not in a function); did you mean ‘epoll_pwait2’? # 11| * the legacy 32-bit-time_t entry point. */ # 12| #ifdef __USE_TIME_BITS64 # 13|-> DEFINE_LIBC_ERRNO_SHIM_NAMED(epoll_pwait2, "__epoll_pwait2_time64", int, # 14| int, fd, # 15| struct epoll_event *, events, Error: COMPILER_WARNING: [#def31] [important] systemd-261-rc2/src/libc/fcntl.c:7:1: error[error]: called object ‘openat2_shim_cache’ is not a function or function pointer # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_SYSCALL_SHIM(openat2, int, # 8| int, dfd, # 9| const char *, filename, Error: COMPILER_WARNING: [#def32] [important] systemd-261-rc2/src/libc/fcntl.c:7:1: error[error]: ‘openat2_shim’ undeclared here (not in a function) # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_SYSCALL_SHIM(openat2, int, # 8| int, dfd, # 9| const char *, filename, Error: COMPILER_WARNING: [#def33] [important] systemd-261-rc2/src/libc/kexec.c:3:10: error[fatal error]: sys/kexec.h: No such file or directory # 1| /* SPDX-License-Identifier: LGPL-2.1-or-later */ # 2| # 3|-> #include <sys/kexec.h> # 4| # 5| #include "libc-shim.h" Error: COMPILER_WARNING: [#def34] [important] systemd-261-rc2/src/libc/mount.c:7:1: error[error]: called object ‘fsopen_shim_cache’ is not a function or function pointer # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_SYSCALL_SHIM(fsopen, int, # 8| const char *, fsname, # 9| unsigned, flags) Error: COMPILER_WARNING: [#def35] [important] systemd-261-rc2/src/libc/mount.c:7:1: error[error]: ‘fsopen_shim’ undeclared here (not in a function) # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_SYSCALL_SHIM(fsopen, int, # 8| const char *, fsname, # 9| unsigned, flags) Error: COMPILER_WARNING: [#def36] [important] systemd-261-rc2/src/libc/mount.c:11:1: error[error]: called object ‘fsmount_shim_cache’ is not a function or function pointer # 9| unsigned, flags) # 10| # 11|-> DEFINE_SYSCALL_SHIM(fsmount, int, # 12| int, fd, # 13| unsigned, flags, Error: COMPILER_WARNING: [#def37] [important] systemd-261-rc2/src/libc/mount.c:11:1: error[error]: ‘fsmount_shim’ undeclared here (not in a function); did you mean ‘fsopen_shim’? # 9| unsigned, flags) # 10| # 11|-> DEFINE_SYSCALL_SHIM(fsmount, int, # 12| int, fd, # 13| unsigned, flags, Error: COMPILER_WARNING: [#def38] [important] systemd-261-rc2/src/libc/mount.c:16:1: error[error]: called object ‘move_mount_shim_cache’ is not a function or function pointer # 14| unsigned, ms_flags) # 15| # 16|-> DEFINE_SYSCALL_SHIM(move_mount, int, # 17| int, from_dfd, # 18| const char *, from_pathname, Error: COMPILER_WARNING: [#def39] [important] systemd-261-rc2/src/libc/mount.c:16:1: error[error]: ‘move_mount_shim’ undeclared here (not in a function); did you mean ‘fsmount_shim’? # 14| unsigned, ms_flags) # 15| # 16|-> DEFINE_SYSCALL_SHIM(move_mount, int, # 17| int, from_dfd, # 18| const char *, from_pathname, Error: COMPILER_WARNING: [#def40] [important] systemd-261-rc2/src/libc/mount.c:23:1: error[error]: called object ‘fsconfig_shim_cache’ is not a function or function pointer # 21| unsigned, flags) # 22| # 23|-> DEFINE_SYSCALL_SHIM(fsconfig, int, # 24| int, fd, # 25| unsigned, cmd, Error: COMPILER_WARNING: [#def41] [important] systemd-261-rc2/src/libc/mount.c:23:1: error[error]: ‘fsconfig_shim’ undeclared here (not in a function) # 21| unsigned, flags) # 22| # 23|-> DEFINE_SYSCALL_SHIM(fsconfig, int, # 24| int, fd, # 25| unsigned, cmd, Error: COMPILER_WARNING: [#def42] [important] systemd-261-rc2/src/libc/mount.c:30:1: error[error]: called object ‘open_tree_shim_cache’ is not a function or function pointer # 28| int, aux) # 29| # 30|-> DEFINE_SYSCALL_SHIM(open_tree, int, # 31| int, dfd, # 32| const char *, filename, Error: COMPILER_WARNING: [#def43] [important] systemd-261-rc2/src/libc/mount.c:30:1: error[error]: ‘open_tree_shim’ undeclared here (not in a function); did you mean ‘open_tree’? # 28| int, aux) # 29| # 30|-> DEFINE_SYSCALL_SHIM(open_tree, int, # 31| int, dfd, # 32| const char *, filename, Error: COMPILER_WARNING: [#def44] [important] systemd-261-rc2/src/libc/mount.c:35:1: error[error]: called object ‘mount_setattr_shim_cache’ is not a function or function pointer # 33| unsigned, flags) # 34| # 35|-> DEFINE_SYSCALL_SHIM(mount_setattr, int, # 36| int, dfd, # 37| const char *, path, Error: COMPILER_WARNING: [#def45] [important] systemd-261-rc2/src/libc/mount.c:35:1: error[error]: ‘mount_setattr_shim’ undeclared here (not in a function); did you mean ‘mount_setattr’? # 33| unsigned, flags) # 34| # 35|-> DEFINE_SYSCALL_SHIM(mount_setattr, int, # 36| int, dfd, # 37| const char *, path, Error: COMPILER_WARNING: [#def46] [important] systemd-261-rc2/src/libc/mount.c:42:1: error[error]: called object ‘open_tree_attr_shim_cache’ is not a function or function pointer # 40| size_t, size) # 41| # 42|-> DEFINE_SYSCALL_SHIM(open_tree_attr, int, # 43| int, dfd, # 44| const char *, filename, Error: COMPILER_WARNING: [#def47] [important] systemd-261-rc2/src/libc/mount.c:42:1: error[error]: ‘open_tree_attr_shim’ undeclared here (not in a function); did you mean ‘open_tree_shim’? # 40| size_t, size) # 41| # 42|-> DEFINE_SYSCALL_SHIM(open_tree_attr, int, # 43| int, dfd, # 44| const char *, filename, Error: COMPILER_WARNING: [#def48] [important] systemd-261-rc2/src/libc/pidfd.c:7:1: error[error]: called object ‘pidfd_open_shim_cache’ is not a function or function pointer # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_SYSCALL_SHIM(pidfd_open, int, # 8| pid_t, pid, # 9| unsigned, flags) Error: COMPILER_WARNING: [#def49] [important] systemd-261-rc2/src/libc/pidfd.c:7:1: error[error]: ‘pidfd_open_shim’ undeclared here (not in a function); did you mean ‘pidfd_open’? # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_SYSCALL_SHIM(pidfd_open, int, # 8| pid_t, pid, # 9| unsigned, flags) Error: COMPILER_WARNING: [#def50] [important] systemd-261-rc2/src/libc/pidfd.c:11:1: error[error]: called object ‘pidfd_send_signal_shim_cache’ is not a function or function pointer # 9| unsigned, flags) # 10| # 11|-> DEFINE_SYSCALL_SHIM(pidfd_send_signal, int, # 12| int, fd, # 13| int, sig, Error: COMPILER_WARNING: [#def51] [important] systemd-261-rc2/src/libc/pidfd.c:11:1: error[error]: ‘pidfd_send_signal_shim’ undeclared here (not in a function); did you mean ‘pidfd_send_signal’? # 9| unsigned, flags) # 10| # 11|-> DEFINE_SYSCALL_SHIM(pidfd_send_signal, int, # 12| int, fd, # 13| int, sig, Error: COMPILER_WARNING: [#def52] [important] systemd-261-rc2/src/libc/quota.c:7:1: error[error]: called object ‘quotactl_fd_shim_cache’ is not a function or function pointer # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_SYSCALL_SHIM(quotactl_fd, int, # 8| int, fd, # 9| int, cmd, Error: COMPILER_WARNING: [#def53] [important] systemd-261-rc2/src/libc/quota.c:7:1: error[error]: ‘quotactl_fd_shim’ undeclared here (not in a function) # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_SYSCALL_SHIM(quotactl_fd, int, # 8| int, fd, # 9| int, cmd, Error: COMPILER_WARNING: [#def54] [important] systemd-261-rc2/src/libc/sched.c:7:1: error[error]: called object ‘sched_setattr_shim_cache’ is not a function or function pointer # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_SYSCALL_SHIM(sched_setattr, int, # 8| pid_t, pid, # 9| struct sched_attr *, attr, Error: COMPILER_WARNING: [#def55] [important] systemd-261-rc2/src/libc/sched.c:7:1: error[error]: ‘sched_setattr_shim’ undeclared here (not in a function); did you mean ‘sched_setattr’? # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_SYSCALL_SHIM(sched_setattr, int, # 8| pid_t, pid, # 9| struct sched_attr *, attr, Error: COMPILER_WARNING: [#def56] [important] systemd-261-rc2/src/libc/signal.c:7:1: error[error]: called object ‘rt_tgsigqueueinfo_shim_cache’ is not a function or function pointer # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_SYSCALL_SHIM(rt_tgsigqueueinfo, int, # 8| pid_t, tgid, # 9| pid_t, tid, Error: COMPILER_WARNING: [#def57] [important] systemd-261-rc2/src/libc/signal.c:7:1: error[error]: ‘rt_tgsigqueueinfo_shim’ undeclared here (not in a function) # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_SYSCALL_SHIM(rt_tgsigqueueinfo, int, # 8| pid_t, tgid, # 9| pid_t, tid, Error: COMPILER_WARNING: [#def58] [important] systemd-261-rc2/src/libc/spawn.c:7:1: error[error]: called object ‘pidfd_spawn_shim_cache’ is not a function or function pointer # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_LIBC_SHIM(pidfd_spawn, int, # 8| pid_t *restrict, pidfd, # 9| const char *restrict, path, Error: COMPILER_WARNING: [#def59] [important] systemd-261-rc2/src/libc/spawn.c:7:1: error[error]: ‘pidfd_spawn_shim’ undeclared here (not in a function); did you mean ‘pidfd_spawnp’? # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_LIBC_SHIM(pidfd_spawn, int, # 8| pid_t *restrict, pidfd, # 9| const char *restrict, path, Error: COMPILER_WARNING: [#def60] [important] systemd-261-rc2/src/libc/spawn.c:15:1: error[error]: called object ‘posix_spawnattr_setcgroup_np_shim_cache’ is not a function or function pointer # 13| char *const *restrict, envp) # 14| # 15|-> DEFINE_LIBC_SHIM(posix_spawnattr_setcgroup_np, int, # 16| posix_spawnattr_t *, attr, # 17| int, cgroup) Error: COMPILER_WARNING: [#def61] [important] systemd-261-rc2/src/libc/spawn.c:15:1: error[error]: ‘posix_spawnattr_setcgroup_np_shim’ undeclared here (not in a function); did you mean ‘posix_spawnattr_setcgroup_np’? # 13| char *const *restrict, envp) # 14| # 15|-> DEFINE_LIBC_SHIM(posix_spawnattr_setcgroup_np, int, # 16| posix_spawnattr_t *, attr, # 17| int, cgroup) Error: COMPILER_WARNING: [#def62] [important] systemd-261-rc2/src/libc/stat.c:7:1: error[error]: called object ‘fchmodat2_shim_cache’ is not a function or function pointer # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_SYSCALL_SHIM(fchmodat2, int, # 8| int, dirfd, # 9| const char *, path, Error: COMPILER_WARNING: [#def63] [important] systemd-261-rc2/src/libc/stat.c:7:1: error[error]: ‘fchmodat2_shim’ undeclared here (not in a function) # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_SYSCALL_SHIM(fchmodat2, int, # 8| int, dirfd, # 9| const char *, path, Error: COMPILER_WARNING: [#def64] [important] systemd-261-rc2/src/libc/unistd.c:5:1: error[error]: called object ‘pivot_root_shim_cache’ is not a function or function pointer # 3| #include "libc-shim.h" # 4| # 5|-> DEFINE_SYSCALL_SHIM(pivot_root, int, # 6| const char *, new_root, # 7| const char *, put_old) Error: COMPILER_WARNING: [#def65] [important] systemd-261-rc2/src/libc/unistd.c:5:1: error[error]: ‘pivot_root_shim’ undeclared here (not in a function) # 3| #include "libc-shim.h" # 4| # 5|-> DEFINE_SYSCALL_SHIM(pivot_root, int, # 6| const char *, new_root, # 7| const char *, put_old) Error: COMPILER_WARNING: [#def66] [important] systemd-261-rc2/src/libc/xattr.c:7:1: error[error]: called object ‘setxattrat_shim_cache’ is not a function or function pointer # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_SYSCALL_SHIM(setxattrat, int, # 8| int, fd, # 9| const char *, path, Error: COMPILER_WARNING: [#def67] [important] systemd-261-rc2/src/libc/xattr.c:7:1: error[error]: ‘setxattrat_shim’ undeclared here (not in a function) # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_SYSCALL_SHIM(setxattrat, int, # 8| int, fd, # 9| const char *, path, Error: COMPILER_WARNING: [#def68] systemd-261-rc2/src/libc/xattr.c:7:1: warning[warning]: ‘struct xattr_args’ declared inside parameter list will not be visible outside of this definition or declaration # 5| #include "libc-shim.h" # 6| # 7|-> DEFINE_SYSCALL_SHIM(setxattrat, int, # 8| int, fd, # 9| const char *, path, Error: COMPILER_WARNING: [#def69] [important] systemd-261-rc2/src/libc/xattr.c:15:1: error[error]: called object ‘removexattrat_shim_cache’ is not a function or function pointer # 13| size_t, size) # 14| # 15|-> DEFINE_SYSCALL_SHIM(removexattrat, int, # 16| int, fd, # 17| const char *, path, Error: COMPILER_WARNING: [#def70] [important] systemd-261-rc2/src/libc/xattr.c:15:1: error[error]: ‘removexattrat_shim’ undeclared here (not in a function); did you mean ‘setxattrat_shim’? # 13| size_t, size) # 14| # 15|-> DEFINE_SYSCALL_SHIM(removexattrat, int, # 16| int, fd, # 17| const char *, path, Error: GCC_ANALYZER_WARNING (CWE-457): [#def71] systemd-261-rc2/src/libsystemd-network/dhcp-message.c:547:24: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘b’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:536:5: enter_function: entry to ‘dhcp_message_get_option_u16’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:540:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:542:13: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/dhcp-message.c:542:13: call_function: calling ‘dhcp_message_get_option’ from ‘dhcp_message_get_option_u16’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:542:13: return_function: returning to ‘dhcp_message_get_option_u16’ from ‘dhcp_message_get_option’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:543:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:546:12: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/dhcp-message.c:546:12: branch_true: following ‘true’ branch (when ‘ret’ is non-NULL)... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:547:24: branch_true: ...to here systemd-261-rc2/src/libsystemd-network/dhcp-message.c:547:24: danger: use of uninitialized value ‘b’ here # 545| # 546| if (ret) # 547|-> *ret = be16toh(b); # 548| return 0; # 549| } Error: GCC_ANALYZER_WARNING (CWE-457): [#def72] systemd-261-rc2/src/libsystemd-network/dhcp-message.c:567:24: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘t’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:556:5: enter_function: entry to ‘dhcp_message_get_option_sec’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:559:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:561:16: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/dhcp-message.c:562:13: call_function: calling ‘dhcp_message_get_option_be32’ from ‘dhcp_message_get_option_sec’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:562:13: return_function: returning to ‘dhcp_message_get_option_sec’ from ‘dhcp_message_get_option_be32’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:563:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:566:12: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/dhcp-message.c:566:12: branch_true: following ‘true’ branch (when ‘ret’ is non-NULL)... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:567:24: branch_true: ...to here systemd-261-rc2/src/libsystemd-network/dhcp-message.c:567:24: danger: use of uninitialized value ‘t’ here # 565| # 566| if (ret) # 567|-> *ret = be32_sec_to_usec(t, max_as_infinity); # 568| return 0; # 569| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def73] systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1255:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘i.iov_base’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1171:12: enter_function: entry to ‘parse_dnr_one’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1175:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1177:57: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1181:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1184:29: call_function: inlined call to ‘unaligned_read_be16’ from ‘parse_dnr_one’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1185:9: call_function: inlined call to ‘iovec_inc’ from ‘parse_dnr_one’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1185:9: call_function: inlined call to ‘iovec_inc’ from ‘parse_dnr_one’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1191:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1197:14: call_function: inlined call to ‘iovec_is_set’ from ‘parse_dnr_one’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1201:9: call_function: inlined call to ‘iovec_inc’ from ‘parse_dnr_one’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1201:9: call_function: inlined call to ‘iovec_inc’ from ‘parse_dnr_one’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1202:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1205:35: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1206:9: call_function: inlined call to ‘iovec_inc’ from ‘parse_dnr_one’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1206:9: call_function: inlined call to ‘iovec_inc’ from ‘parse_dnr_one’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1209:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1211:12: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1211:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1215:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1217:12: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1217:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1220:30: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1220:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1226:14: call_function: inlined call to ‘iovec_is_set’ from ‘parse_dnr_one’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1233:9: call_function: inlined call to ‘iovec_inc’ from ‘parse_dnr_one’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1233:9: call_function: inlined call to ‘iovec_inc’ from ‘parse_dnr_one’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1235:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1238:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1241:12: branch_false: following ‘false’ branch (when ‘n != 0’)... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1244:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1246:26: call_function: calling ‘malloc_multiply’ from ‘parse_dnr_one’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1246:26: return_function: returning to ‘parse_dnr_one’ from ‘malloc_multiply’ systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1247:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1247:12: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1250:28: branch_true: following ‘true’ branch (when ‘j < n’)... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1251:21: branch_true: ...to here systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1251:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1255:28: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1255:28: release_memory: ‘i.iov_base’ is NULL systemd-261-rc2/src/libsystemd-network/dhcp-message.c:1255:17: danger: dereference of NULL ‘i.iov_base’ # 1253| # 1254| struct in_addr a; # 1255|-> memcpy(&a, i.iov_base, sizeof(struct in_addr)); # 1256| iovec_inc(&i, sizeof(struct in_addr)); # 1257| Error: GCC_ANALYZER_WARNING (CWE-476): [#def74] systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:701:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lease’ systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:686:12: enter_function: entry to ‘client_parse_bootreply’ systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:689:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:690:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:690:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:691:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:691:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:693:13: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:693:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:696:56: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:696:56: release_memory: ‘lease’ is NULL systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:697:13: call_function: calling ‘dhcp_lease_new_from_message’ from ‘client_parse_bootreply’ systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:697:13: return_function: returning to ‘client_parse_bootreply’ from ‘dhcp_lease_new_from_message’ systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:698:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:701:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:701:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:701:9: release_memory: ‘lease’ is NULL systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:701:9: danger: dereference of NULL ‘lease’ # 699| return log_dhcp_client_errno(client, r, "Failed to create BOOTP lease: %m"); # 700| # 701|-> log_dhcp_client(client, "Received BOOTREPLY from %s", IN4_ADDR_TO_STRING(&(struct in_addr) { .s_addr = lease->server_address })); # 702| # 703| *ret = TAKE_PTR(lease); Error: GCC_ANALYZER_WARNING (CWE-476): [#def75] systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:738:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lease’ systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:707:12: enter_function: entry to ‘client_parse_ack’ systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:710:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:711:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:711:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:712:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:712:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:714:17: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:733:56: release_memory: ‘lease’ is NULL systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:734:13: call_function: calling ‘dhcp_lease_new_from_message’ from ‘client_parse_ack’ systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:734:13: return_function: returning to ‘client_parse_ack’ from ‘dhcp_lease_new_from_message’ systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:735:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:738:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:738:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:738:9: release_memory: ‘lease’ is NULL systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:738:9: danger: dereference of NULL ‘lease’ # 736| return log_dhcp_client_errno(client, r, "Failed to create DHCP lease: %m"); # 737| # 738|-> log_dhcp_client(client, "Received DHCPACK from %s", IN4_ADDR_TO_STRING(&(struct in_addr) { .s_addr = lease->server_address })); # 739| # 740| *ret = TAKE_PTR(lease); Error: GCC_ANALYZER_WARNING (CWE-476): [#def76] systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:759:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lease’ systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:744:12: enter_function: entry to ‘client_parse_offer’ systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:747:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:748:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:748:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:749:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:749:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:751:13: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:751:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:754:56: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:754:56: release_memory: ‘lease’ is NULL systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:755:13: call_function: calling ‘dhcp_lease_new_from_message’ from ‘client_parse_offer’ systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:755:13: return_function: returning to ‘client_parse_offer’ from ‘dhcp_lease_new_from_message’ systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:756:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:759:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:759:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:759:9: release_memory: ‘lease’ is NULL systemd-261-rc2/src/libsystemd-network/sd-dhcp-lease.c:759:9: danger: dereference of NULL ‘lease’ # 757| return log_dhcp_client_errno(client, r, "Failed to create DHCP lease: %m"); # 758| # 759|-> log_dhcp_client(client, "Received DHCPOFFER from %s", IN4_ADDR_TO_STRING(&(struct in_addr) { .s_addr = lease->server_address })); # 760| # 761| *ret = TAKE_PTR(lease); Error: CPPCHECK_WARNING (CWE-401): [#def77] systemd-261-rc2/src/libsystemd-network/test-dhcp-client.c:134: error[leakNoVarFunctionCall]: Allocation with calloc, typeof doesn't release it. # 132| static void receive_message(int fd, bool raw, bool check_xid, sd_dhcp_client *client, sd_dhcp_message **ret) { # 133| ssize_t buflen = ASSERT_OK_POSITIVE(next_datagram_size_fd(fd)); # 134|-> _cleanup_free_ void *buf = ASSERT_NOT_NULL(malloc0(buflen)); # 135| # 136| struct msghdr msg = { Error: CPPCHECK_WARNING (CWE-401): [#def78] systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:208: error[leakNoVarFunctionCall]: Allocation with calloc, typeof doesn't release it. # 206| # 207| ssize_t buflen = ASSERT_OK_POSITIVE(next_datagram_size_fd(socket_fd[1])); # 208|-> _cleanup_free_ void *buf = ASSERT_NOT_NULL(malloc0(buflen)); # 209| # 210| struct msghdr msg = { Error: CPPCHECK_WARNING (CWE-401): [#def79] systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:252: error[leakNoVarFunctionCall]: Allocation with calloc, typeof doesn't release it. # 250| # 251| ssize_t buflen = ASSERT_OK_POSITIVE(next_datagram_size_fd(socket_fd[1])); # 252|-> _cleanup_free_ void *buf = ASSERT_NOT_NULL(malloc0(buflen)); # 253| # 254| struct msghdr msg = { Error: GCC_ANALYZER_WARNING (CWE-476): [#def80] systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:577:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:557:13: enter_function: entry to ‘test_domains_one’ systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:560:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:562:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:562:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:563:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:563:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:564:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:564:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:566:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:569:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:570:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:570:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:571:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:571:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:572:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:572:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:574:16: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:576:39: call_function: calling ‘malloc_multiply’ from ‘test_domains_one’ systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:576:39: return_function: returning to ‘test_domains_one’ from ‘malloc_multiply’ systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:577:9: danger: dereference of NULL ‘malloc_multiply(len + 1, 1)’ # 575| # 576| _cleanup_free_ uint8_t *sip = new(uint8_t, len + 1); # 577|-> sip[0] = 0; # 578| memcpy(sip + 1, data, len); # 579| Error: GCC_ANALYZER_WARNING (CWE-476): [#def81] systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:577:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc_multiply(len + 1, 1)’ systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:557:13: enter_function: entry to ‘test_domains_one’ systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:560:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:562:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:562:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:563:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:563:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:564:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:564:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:566:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:569:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:570:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:570:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:571:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:571:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:572:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:572:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:574:16: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:576:39: call_function: calling ‘malloc_multiply’ from ‘test_domains_one’ systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:576:39: return_function: returning to ‘test_domains_one’ from ‘malloc_multiply’ systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:577:9: danger: ‘malloc_multiply(len + 1, 1)’ could be NULL: unchecked value from [(20)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/19) # 575| # 576| _cleanup_free_ uint8_t *sip = new(uint8_t, len + 1); # 577|-> sip[0] = 0; # 578| memcpy(sip + 1, data, len); # 579| Error: GCC_ANALYZER_WARNING (CWE-476): [#def82] systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:605:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:595:13: enter_function: entry to ‘test_domains_fail’ systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:597:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:599:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:599:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:600:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:600:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:604:39: call_function: calling ‘malloc_multiply’ from ‘test_domains_fail’ systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:604:39: return_function: returning to ‘test_domains_fail’ from ‘malloc_multiply’ systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:605:9: danger: dereference of NULL ‘malloc_multiply(len + 1, 1)’ # 603| # 604| _cleanup_free_ uint8_t *sip = new(uint8_t, len + 1); # 605|-> sip[0] = 0; # 606| memcpy(sip + 1, data, len); # 607| Error: GCC_ANALYZER_WARNING (CWE-476): [#def83] systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:605:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc_multiply(len + 1, 1)’ systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:595:13: enter_function: entry to ‘test_domains_fail’ systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:597:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:599:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:599:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:600:9: branch_false: ...to here systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:600:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:604:39: call_function: calling ‘malloc_multiply’ from ‘test_domains_fail’ systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:604:39: return_function: returning to ‘test_domains_fail’ from ‘malloc_multiply’ systemd-261-rc2/src/libsystemd-network/test-dhcp-message.c:605:9: danger: ‘malloc_multiply(len + 1, 1)’ could be NULL: unchecked value from [(10)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/9) # 603| # 604| _cleanup_free_ uint8_t *sip = new(uint8_t, len + 1); # 605|-> sip[0] = 0; # 606| memcpy(sip + 1, data, len); # 607| Error: CPPCHECK_WARNING (CWE-401): [#def84] systemd-261-rc2/src/libsystemd-network/test-dhcp-relay.c:86: error[leakNoVarFunctionCall]: Allocation with calloc, typeof doesn't release it. # 84| # 85| ssize_t buflen = ASSERT_OK_POSITIVE(next_datagram_size_fd(fd)); # 86|-> _cleanup_free_ void *buf = ASSERT_NOT_NULL(malloc0(buflen)); # 87| # 88| struct msghdr msg = { Error: CPPCHECK_WARNING (CWE-401): [#def85] systemd-261-rc2/src/libsystemd-network/test-dhcp-relay.c:180: error[leakNoVarFunctionCall]: Allocation with calloc, typeof doesn't release it. # 178| static void fake_client_verify(int fd, uint8_t type, bool raw) { # 179| ssize_t buflen = ASSERT_OK_POSITIVE(next_datagram_size_fd(fd)); # 180|-> _cleanup_free_ void *buf = ASSERT_NOT_NULL(malloc0(buflen)); # 181| # 182| struct msghdr msg = { Error: CPPCHECK_WARNING (CWE-457): [#def86] systemd-261-rc2/src/libsystemd-network/tlv-util.c:564: error[uninitvar]: Uninitialized variable: e # 562| JSON_VARIANT_ARRAY_FOREACH(e, v) { # 563| _cleanup_(tlv_param_done) TLVParam p = {}; # 564|-> r = sd_json_dispatch(e, dispatch_table, SD_JSON_ALLOW_EXTENSIONS, &p); # 565| if (r < 0) # 566| return r; Error: CPPCHECK_WARNING (CWE-758): [#def87] systemd-261-rc2/src/libsystemd/sd-bus/bus-error.c:88: error[comparePointers]: Comparing pointers that point to different objects # 86| assert_cc(sizeof(sd_bus_error_map) % sizeof(void*) == 0); # 87| # 88|-> for (const sd_bus_error_map *m = __start_SYSTEMD_BUS_ERROR_MAP; m < __stop_SYSTEMD_BUS_ERROR_MAP; m++) { # 89| /* For magic ELF error maps, the end marker might appear in the middle of things, since # 90| * multiple maps might appear in the same section. Skip over it. */ Error: CPPCHECK_WARNING (CWE-758): [#def88] systemd-261-rc2/src/libsystemd/sd-bus/test-bus-error.c:132: error[comparePointers]: Comparing pointers that point to different objects # 130| static int dump_mapping_table(void) { # 131| printf("----- errno mappings ------\n"); # 132|-> for (const sd_bus_error_map *m = __start_SYSTEMD_BUS_ERROR_MAP; m < __stop_SYSTEMD_BUS_ERROR_MAP; m++) { # 133| assert((uintptr_t) m % sizeof(void*) == 0); # 134| Error: CPPCHECK_WARNING (CWE-401): [#def89] systemd-261-rc2/src/libsystemd/sd-bus/test-bus-marshal.c:271: error[leakNoVarFunctionCall]: Allocation with calloc, typeof doesn't release it. # 269| size_t total = sizeof(BusMessageHeader) + padded_fields; # 270| # 271|-> _cleanup_free_ void *buf = ASSERT_PTR(malloc0(total)); # 272| # 273| BusMessageHeader *h = buf; Error: CPPCHECK_WARNING (CWE-457): [#def90] systemd-261-rc2/src/libsystemd/sd-json/json-util.c:898: error[uninitvar]: Uninitialized variable: k # 896| continue; # 897| # 898|-> r = json_variant_compare(v, sd_json_variant_by_key(b, k)); # 899| if (r != 0) { # 900| lowest = k; Error: CPPCHECK_WARNING (CWE-457): [#def91] systemd-261-rc2/src/libsystemd/sd-json/json-util.c:898: error[uninitvar]: Uninitialized variable: v # 896| continue; # 897| # 898|-> r = json_variant_compare(v, sd_json_variant_by_key(b, k)); # 899| if (r != 0) { # 900| lowest = k; Error: GCC_ANALYZER_WARNING (CWE-401): [#def92] systemd-261-rc2/src/libsystemd/sd-json/test-json.c:450:1: warning[-Wanalyzer-malloc-leak]: leak of ‘__unique_prefix__expr_25’ systemd-261-rc2/src/libsystemd/sd-json/test-json.c:299:1: enter_function: entry to ‘test_build’ systemd-261-rc2/src/libsystemd/sd-json/test-json.c:303:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:304:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:304:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:305:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:305:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:307:13: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:309:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:310:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:310:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:312:13: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:313:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:314:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:314:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:316:13: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:319:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:325:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:325:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:331:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:331:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:333:13: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:337:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:348:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:348:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:349:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:350:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:351:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:351:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:353:13: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:356:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:358:13: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:359:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:360:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:361:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:362:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:362:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:363:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:365:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:367:13: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:370:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:376:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:376:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:384:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:384:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:386:60: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:387:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:390:26: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:393:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:395:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:395:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:396:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:396:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:397:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:397:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:398:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:398:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:399:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:399:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:400:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:400:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:401:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:401:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:402:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:402:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:404:60: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:405:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:408:30: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:409:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:411:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:411:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:412:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:412:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:414:60: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:415:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:416:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:416:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:417:13: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:419:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:421:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:421:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:422:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:422:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:424:33: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:425:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:426:9: acquire_memory: allocated here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:426:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:427:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:430:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:431:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:431:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:433:60: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:434:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:436:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:436:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:438:48: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:439:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:440:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:441:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:444:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:446:60: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:447:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:449:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:449:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:446:60: call_function: inlined call to ‘sd_json_variant_unrefp’ from ‘test_build’ systemd-261-rc2/src/libsystemd/sd-json/test-json.c:438:48: call_function: calling ‘ordered_set_freep’ from ‘test_build’ systemd-261-rc2/src/libsystemd/sd-json/test-json.c:438:48: return_function: returning to ‘test_build’ from ‘ordered_set_freep’ systemd-261-rc2/src/libsystemd/sd-json/test-json.c:424:33: call_function: calling ‘set_freep’ from ‘test_build’ systemd-261-rc2/src/libsystemd/sd-json/test-json.c:424:33: return_function: returning to ‘test_build’ from ‘set_freep’ systemd-261-rc2/src/libsystemd/sd-json/test-json.c:414:60: call_function: inlined call to ‘sd_json_variant_unrefp’ from ‘test_build’ systemd-261-rc2/src/libsystemd/sd-json/test-json.c:408:42: call_function: inlined call to ‘freep’ from ‘test_build’ systemd-261-rc2/src/libsystemd/sd-json/test-json.c:450:1: danger: ‘__unique_prefix__expr_25’ leaks here; was allocated at [(86)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/85) # 448| # 449| assert_se(sd_json_variant_equal(ossv, ossv2)); # 450|-> } # 451| # 452| TEST(json_buildo) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def93] systemd-261-rc2/src/libsystemd/sd-json/test-json.c:450:1: warning[-Wanalyzer-malloc-leak]: leak of ‘__unique_prefix__expr_26’ systemd-261-rc2/src/libsystemd/sd-json/test-json.c:299:1: enter_function: entry to ‘test_build’ systemd-261-rc2/src/libsystemd/sd-json/test-json.c:303:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:304:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:304:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:305:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:305:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:307:13: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:309:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:310:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:310:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:312:13: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:313:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:314:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:314:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:316:13: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:319:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:325:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:325:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:331:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:331:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:333:13: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:337:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:348:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:348:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:349:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:350:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:351:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:351:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:353:13: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:356:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:358:13: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:359:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:360:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:361:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:362:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:362:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:363:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:365:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:367:13: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:370:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:376:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:376:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:384:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:384:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:386:60: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:387:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:390:26: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:393:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:395:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:395:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:396:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:396:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:397:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:397:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:398:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:398:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:399:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:399:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:400:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:400:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:401:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:401:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:402:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:402:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:404:60: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:405:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:408:30: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:409:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:411:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:411:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:412:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:412:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:414:60: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:415:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:416:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:416:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:417:13: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:419:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:421:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:421:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:422:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:422:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:424:33: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:425:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:426:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:427:9: acquire_memory: allocated here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:427:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:430:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:431:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:431:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:433:60: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:434:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:436:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:436:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:438:48: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:439:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:440:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:441:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:444:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:446:60: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:447:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:449:9: branch_false: ...to here systemd-261-rc2/src/libsystemd/sd-json/test-json.c:449:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/libsystemd/sd-json/test-json.c:446:60: call_function: inlined call to ‘sd_json_variant_unrefp’ from ‘test_build’ systemd-261-rc2/src/libsystemd/sd-json/test-json.c:438:48: call_function: calling ‘ordered_set_freep’ from ‘test_build’ systemd-261-rc2/src/libsystemd/sd-json/test-json.c:438:48: return_function: returning to ‘test_build’ from ‘ordered_set_freep’ systemd-261-rc2/src/libsystemd/sd-json/test-json.c:424:33: call_function: calling ‘set_freep’ from ‘test_build’ systemd-261-rc2/src/libsystemd/sd-json/test-json.c:424:33: return_function: returning to ‘test_build’ from ‘set_freep’ systemd-261-rc2/src/libsystemd/sd-json/test-json.c:414:60: call_function: inlined call to ‘sd_json_variant_unrefp’ from ‘test_build’ systemd-261-rc2/src/libsystemd/sd-json/test-json.c:408:42: call_function: inlined call to ‘freep’ from ‘test_build’ systemd-261-rc2/src/libsystemd/sd-json/test-json.c:450:1: danger: ‘__unique_prefix__expr_26’ leaks here; was allocated at [(88)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/87) # 448| # 449| assert_se(sd_json_variant_equal(ossv, ossv2)); # 450|-> } # 451| # 452| TEST(json_buildo) { Error: GCC_ANALYZER_WARNING (CWE-457): [#def94] systemd-261-rc2/src/login/logind-varlink.c:441:24: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘session’ systemd-261-rc2/src/login/logind-varlink.c:410:12: enter_function: entry to ‘vl_method_list_sessions’ systemd-261-rc2/src/login/logind-varlink.c:411:22: branch_false: following ‘false’ branch... systemd-261-rc2/src/login/logind-varlink.c:420:73: branch_false: ...to here systemd-261-rc2/src/login/logind-varlink.c:425:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/login/logind-varlink.c:429:13: branch_false: ...to here systemd-261-rc2/src/login/logind-varlink.c:431:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/login/logind-varlink.c:434:26: branch_false: ...to here systemd-261-rc2/src/login/logind-varlink.c:435:21: call_function: calling ‘manager_varlink_get_session_by_name_or_pidref’ from ‘vl_method_list_sessions’ systemd-261-rc2/src/login/logind-varlink.c:435:21: return_function: returning to ‘vl_method_list_sessions’ from ‘manager_varlink_get_session_by_name_or_pidref’ systemd-261-rc2/src/login/logind-varlink.c:436:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/login/logind-varlink.c:438:20: branch_false: ...to here systemd-261-rc2/src/login/logind-varlink.c:438:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/login/logind-varlink.c:441:24: branch_false: ...to here systemd-261-rc2/src/login/logind-varlink.c:441:24: danger: use of uninitialized value ‘session’ here # 439| return r; # 440| # 441|-> return emit_session_reply(link, session); # 442| } # 443| Error: GCC_ANALYZER_WARNING (CWE-457): [#def95] systemd-261-rc2/src/machine/machine-varlink.c:563:28: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘machine’ systemd-261-rc2/src/machine/machine-varlink.c:502:5: enter_function: entry to ‘vl_method_open’ systemd-261-rc2/src/machine/machine-varlink.c:514:28: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machine-varlink.c:516:71: branch_false: ...to here systemd-261-rc2/src/machine/machine-varlink.c:527:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machine-varlink.c:528:9: branch_false: ...to here systemd-261-rc2/src/machine/machine-varlink.c:528:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machine-varlink.c:530:13: branch_false: ...to here systemd-261-rc2/src/machine/machine-varlink.c:531:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machine-varlink.c:534:13: branch_false: ...to here systemd-261-rc2/src/machine/machine-varlink.c:534:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machine-varlink.c:550:13: branch_false: ...to here systemd-261-rc2/src/machine/machine-varlink.c:550:13: call_function: calling ‘lookup_machine_by_name_or_pidref’ from ‘vl_method_open’ systemd-261-rc2/src/machine/machine-varlink.c:550:13: return_function: returning to ‘vl_method_open’ from ‘lookup_machine_by_name_or_pidref’ systemd-261-rc2/src/machine/machine-varlink.c:551:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machine-varlink.c:553:12: branch_false: ...to here systemd-261-rc2/src/machine/machine-varlink.c:553:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machine-varlink.c:556:13: branch_false: ...to here systemd-261-rc2/src/machine/machine-varlink.c:556:12: branch_true: following ‘true’ branch... systemd-261-rc2/src/machine/machine-varlink.c:563:28: branch_true: ...to here systemd-261-rc2/src/machine/machine-varlink.c:563:28: danger: use of uninitialized value ‘machine’ here # 561| * and the caller's do not match, authorization will be required. It's only the case where the # 562| * caller owns the machine that will be shortcut and needs to be checked here. */ # 563|-> if (machine->uid != 0) { # 564| assert(machine->class != MACHINE_HOST); # 565| Error: GCC_ANALYZER_WARNING (CWE-401): [#def96] systemd-261-rc2/src/machine/machinectl.c:1261:1: warning[-Wanalyzer-malloc-leak]: leak of ‘address’ systemd-261-rc2/src/machine/machinectl.c:1238:12: enter_function: entry to ‘verb_machine_control_one’ systemd-261-rc2/src/machine/machinectl.c:1242:13: call_function: calling ‘machine_get_control_address’ from ‘verb_machine_control_one’ systemd-261-rc2/src/machine/machinectl.c:1242:13: return_function: returning to ‘verb_machine_control_one’ from ‘machine_get_control_address’ systemd-261-rc2/src/machine/machinectl.c:1243:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machinectl.c:1246:50: branch_false: ...to here systemd-261-rc2/src/machine/machinectl.c:1261:1: danger: ‘address’ leaks here; was allocated at [(20)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/19) # 1259| # 1260| return 0; # 1261|-> } # 1262| # 1263| VERB(verb_poweroff_machine, "poweroff", "NAME…", 2, VERB_ANY, 0, Error: GCC_ANALYZER_WARNING (CWE-401): [#def97] systemd-261-rc2/src/machine/machinectl.c:2212:24: warning[-Wanalyzer-malloc-leak]: leak of ‘address’ systemd-261-rc2/src/machine/machinectl.c:2208:12: enter_function: entry to ‘verb_bind_volume’ systemd-261-rc2/src/machine/machinectl.c:2211:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machinectl.c:2215:50: branch_false: ...to here systemd-261-rc2/src/machine/machinectl.c:2217:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machinectl.c:2220:9: branch_false: ...to here systemd-261-rc2/src/machine/machinectl.c:2225:13: call_function: calling ‘machine_get_control_address’ from ‘verb_bind_volume’ systemd-261-rc2/src/machine/machinectl.c:2225:13: return_function: returning to ‘verb_bind_volume’ from ‘machine_get_control_address’ systemd-261-rc2/src/machine/machinectl.c:2226:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machinectl.c:2228:12: branch_false: ...to here systemd-261-rc2/src/machine/machinectl.c:2228:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machinectl.c:2231:50: branch_false: ...to here systemd-261-rc2/src/machine/machinectl.c:2234:24: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machinectl.c:2234:24: branch_false: ...to here systemd-261-rc2/src/machine/machinectl.c:2212:24: danger: ‘address’ leaks here; was allocated at [(24)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/23) # 2210| # 2211| if (arg_transport != BUS_TRANSPORT_LOCAL) # 2212|-> return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), # 2213| "bind-volume is only supported on the local transport."); # 2214| Error: GCC_ANALYZER_WARNING (CWE-401): [#def98] systemd-261-rc2/src/machine/machinectl.c:2284:24: warning[-Wanalyzer-malloc-leak]: leak of ‘address’ systemd-261-rc2/src/machine/machinectl.c:2280:12: enter_function: entry to ‘verb_unbind_volume’ systemd-261-rc2/src/machine/machinectl.c:2283:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machinectl.c:2287:13: branch_false: ...to here systemd-261-rc2/src/machine/machinectl.c:2288:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machinectl.c:2290:12: branch_false: ...to here systemd-261-rc2/src/machine/machinectl.c:2290:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machinectl.c:2294:9: branch_false: ...to here systemd-261-rc2/src/machine/machinectl.c:2297:13: call_function: calling ‘machine_get_control_address’ from ‘verb_unbind_volume’ systemd-261-rc2/src/machine/machinectl.c:2297:13: return_function: returning to ‘verb_unbind_volume’ from ‘machine_get_control_address’ systemd-261-rc2/src/machine/machinectl.c:2298:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machinectl.c:2300:12: branch_false: ...to here systemd-261-rc2/src/machine/machinectl.c:2300:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machinectl.c:2303:50: branch_false: ...to here systemd-261-rc2/src/machine/machinectl.c:2284:24: danger: ‘address’ leaks here; was allocated at [(26)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/25) # 2282| # 2283| if (arg_transport != BUS_TRANSPORT_LOCAL) # 2284|-> return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), # 2285| "unbind-volume is only supported on the local transport."); # 2286| Error: GCC_ANALYZER_WARNING (CWE-476): [#def99] systemd-261-rc2/src/machine/machined-resolve-hook.c:147:38: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘key’ systemd-261-rc2/src/machine/machined-resolve-hook.c:106:5: enter_function: entry to ‘vl_method_resolve_record’ systemd-261-rc2/src/machine/machined-resolve-hook.c:112:22: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machined-resolve-hook.c:115:9: branch_false: ...to here systemd-261-rc2/src/machine/machined-resolve-hook.c:115:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machined-resolve-hook.c:117:75: branch_false: ...to here systemd-261-rc2/src/machine/machined-resolve-hook.c:119:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machined-resolve-hook.c:122:13: branch_false: ...to here systemd-261-rc2/src/machine/machined-resolve-hook.c:122:13: call_function: inlined call to ‘dns_question_isempty’ from ‘vl_method_resolve_record’ systemd-261-rc2/src/machine/machined-resolve-hook.c:122:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machined-resolve-hook.c:125:49: branch_false: ...to here systemd-261-rc2/src/machine/machined-resolve-hook.c:132:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/machine/machined-resolve-hook.c:134:20: branch_true: following ‘true’ branch... systemd-261-rc2/src/machine/machined-resolve-hook.c:138:30: branch_true: ...to here systemd-261-rc2/src/machine/machined-resolve-hook.c:141:28: branch_true: following ‘true’ branch (when ‘n_addresses == -1’)... systemd-261-rc2/src/machine/machined-resolve-hook.c:142:47: branch_true: ...to here systemd-261-rc2/src/machine/machined-resolve-hook.c:143:36: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machined-resolve-hook.c:147:38: branch_false: ...to here systemd-261-rc2/src/machine/machined-resolve-hook.c:148:25: branch_true: following ‘true’ branch... systemd-261-rc2/src/machine/machined-resolve-hook.c:149:37: branch_true: ...to here systemd-261-rc2/src/machine/machined-resolve-hook.c:154:36: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machined-resolve-hook.c:160:49: branch_false: ...to here systemd-261-rc2/src/machine/machined-resolve-hook.c:163:36: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machined-resolve-hook.c:152:90: branch_false: ...to here systemd-261-rc2/src/machine/machined-resolve-hook.c:170:24: branch_false: following ‘false’ branch (when ‘nxdomain == 0’)... systemd-261-rc2/src/machine/machined-resolve-hook.c:171:29: branch_false: ...to here systemd-261-rc2/src/machine/machined-resolve-hook.c:172:28: branch_false: following ‘false’ branch... systemd-261-rc2/src/machine/machined-resolve-hook.c:174:28: branch_false: ...to here systemd-261-rc2/src/machine/machined-resolve-hook.c:132:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/machine/machined-resolve-hook.c:134:20: branch_true: following ‘true’ branch... systemd-261-rc2/src/machine/machined-resolve-hook.c:138:30: branch_true: ...to here systemd-261-rc2/src/machine/machined-resolve-hook.c:141:28: branch_false: following ‘false’ branch (when ‘n_addresses != -1’)... systemd-261-rc2/src/machine/machined-resolve-hook.c:147:38: branch_false: ...to here systemd-261-rc2/src/machine/machined-resolve-hook.c:147:38: danger: dereference of NULL ‘key’ # 145| } # 146| # 147|-> int family = dns_type_to_af(key->type); # 148| FOREACH_ARRAY(address, addresses, n_addresses) { # 149| if (address->family != family) Error: CPPCHECK_WARNING (CWE-457): [#def100] systemd-261-rc2/src/mountfsd/mountwork.c:83: error[uninitvar]: Uninitialized variable: k # 81| sd_json_variant *e; # 82| JSON_VARIANT_OBJECT_FOREACH(k, e, variant) { # 83|-> PartitionDesignator pd = partition_designator_from_string(k); # 84| if (pd < 0) # 85| return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Invalid partition designator '%s'.", strna(k)); Error: CPPCHECK_WARNING (CWE-457): [#def101] systemd-261-rc2/src/mountfsd/mountwork.c:87: error[uninitvar]: Uninitialized variable: e # 85| return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Invalid partition designator '%s'.", strna(k)); # 86| # 87|-> if (!sd_json_variant_is_string(e)) # 88| return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "Mount option for partition '%s' is not a string.", strna(k)); # 89| Error: CPPCHECK_WARNING (CWE-457): [#def102] systemd-261-rc2/src/network/networkctl-status-link.c:78: error[uninitvar]: Uninitialized variable: lease # 76| _cleanup_free_ char *client_id = NULL; # 77| # 78|-> r = sd_json_dispatch(lease, dispatch_table, SD_JSON_LOG | SD_JSON_WARNING | SD_JSON_ALLOW_EXTENSIONS, &info); # 79| if (r < 0) # 80| continue; Error: GCC_ANALYZER_WARNING (CWE-457): [#def103] systemd-261-rc2/src/network/networkd-link-varlink.c:83:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘link’ systemd-261-rc2/src/network/networkd-link-varlink.c:71:5: enter_function: entry to ‘vl_method_link_describe’ systemd-261-rc2/src/network/networkd-link-varlink.c:73:28: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:74:15: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:77:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:79:13: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:79:13: call_function: calling ‘dispatch_link’ from ‘vl_method_link_describe’ systemd-261-rc2/src/network/networkd-link-varlink.c:79:13: return_function: returning to ‘vl_method_link_describe’ from ‘dispatch_link’ systemd-261-rc2/src/network/networkd-link-varlink.c:80:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:83:13: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:83:13: danger: use of uninitialized value ‘link’ here # 81| return r; # 82| # 83|-> r = link_build_json(link, &v); # 84| if (r < 0) # 85| return log_link_error_errno(link, r, "Failed to format JSON data: %m"); Error: GCC_ANALYZER_WARNING (CWE-457): [#def104] systemd-261-rc2/src/network/networkd-link-varlink.c:115:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘link’ systemd-261-rc2/src/network/networkd-link-varlink.c:92:12: enter_function: entry to ‘vl_method_link_up_or_down’ systemd-261-rc2/src/network/networkd-link-varlink.c:96:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:97:9: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:97:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:99:13: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:99:13: call_function: calling ‘dispatch_link’ from ‘vl_method_link_up_or_down’ systemd-261-rc2/src/network/networkd-link-varlink.c:99:13: return_function: returning to ‘vl_method_link_up_or_down’ from ‘dispatch_link’ systemd-261-rc2/src/network/networkd-link-varlink.c:100:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:103:13: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:109:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:112:12: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:112:12: branch_false: following ‘false’ branch (when ‘up == 0’)... systemd-261-rc2/src/network/networkd-link-varlink.c:115:17: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:115:17: danger: use of uninitialized value ‘link’ here # 113| /* Stop all network engines while interface is still up to allow proper cleanup, # 114| * e.g. sending IPv6 shutdown RA messages before the interface is brought down. */ # 115|-> (void) link_stop_engines(link, /* may_keep_dynamic = */ false); # 116| # 117| return link_up_or_down_now_by_varlink(link, up, vlink); Error: GCC_ANALYZER_WARNING (CWE-457): [#def105] systemd-261-rc2/src/network/networkd-link-varlink.c:117:16: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘link’ systemd-261-rc2/src/network/networkd-link-varlink.c:92:12: enter_function: entry to ‘vl_method_link_up_or_down’ systemd-261-rc2/src/network/networkd-link-varlink.c:96:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:97:9: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:97:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:99:13: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:99:13: call_function: calling ‘dispatch_link’ from ‘vl_method_link_up_or_down’ systemd-261-rc2/src/network/networkd-link-varlink.c:99:13: return_function: returning to ‘vl_method_link_up_or_down’ from ‘dispatch_link’ systemd-261-rc2/src/network/networkd-link-varlink.c:100:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:103:13: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:109:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:112:12: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:112:12: branch_true: following ‘true’ branch (when ‘up != 0’)... systemd-261-rc2/src/network/networkd-link-varlink.c:117:16: branch_true: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:117:16: danger: use of uninitialized value ‘link’ here # 115| (void) link_stop_engines(link, /* may_keep_dynamic = */ false); # 116| # 117|-> return link_up_or_down_now_by_varlink(link, up, vlink); # 118| } # 119| Error: GCC_ANALYZER_WARNING (CWE-457): [#def106] systemd-261-rc2/src/network/networkd-link-varlink.c:139:18: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘link’ systemd-261-rc2/src/network/networkd-link-varlink.c:128:5: enter_function: entry to ‘vl_method_link_renew’ systemd-261-rc2/src/network/networkd-link-varlink.c:129:28: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:130:15: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:133:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:135:13: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:135:13: call_function: calling ‘dispatch_link’ from ‘vl_method_link_renew’ systemd-261-rc2/src/network/networkd-link-varlink.c:135:13: return_function: returning to ‘vl_method_link_renew’ from ‘dispatch_link’ systemd-261-rc2/src/network/networkd-link-varlink.c:136:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:139:18: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:139:18: danger: use of uninitialized value ‘link’ here # 137| return r; # 138| # 139|-> if (!link->network) # 140| return sd_varlink_error(vlink, "io.systemd.Network.Link.InterfaceUnmanaged", NULL); # 141| Error: GCC_ANALYZER_WARNING (CWE-457): [#def107] systemd-261-rc2/src/network/networkd-link-varlink.c:169:18: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘link’ systemd-261-rc2/src/network/networkd-link-varlink.c:158:5: enter_function: entry to ‘vl_method_link_force_renew’ systemd-261-rc2/src/network/networkd-link-varlink.c:159:28: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:160:15: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:163:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:165:13: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:165:13: call_function: calling ‘dispatch_link’ from ‘vl_method_link_force_renew’ systemd-261-rc2/src/network/networkd-link-varlink.c:165:13: return_function: returning to ‘vl_method_link_force_renew’ from ‘dispatch_link’ systemd-261-rc2/src/network/networkd-link-varlink.c:166:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:169:18: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:169:18: danger: use of uninitialized value ‘link’ here # 167| return r; # 168| # 169|-> if (!link->network) # 170| return sd_varlink_error(vlink, "io.systemd.Network.Link.InterfaceUnmanaged", NULL); # 171| Error: GCC_ANALYZER_WARNING (CWE-457): [#def108] systemd-261-rc2/src/network/networkd-link-varlink.c:210:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘link’ systemd-261-rc2/src/network/networkd-link-varlink.c:190:5: enter_function: entry to ‘vl_method_link_reconfigure’ systemd-261-rc2/src/network/networkd-link-varlink.c:191:28: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:192:15: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:195:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:197:13: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:197:13: call_function: calling ‘dispatch_link’ from ‘vl_method_link_reconfigure’ systemd-261-rc2/src/network/networkd-link-varlink.c:197:13: return_function: returning to ‘vl_method_link_reconfigure’ from ‘dispatch_link’ systemd-261-rc2/src/network/networkd-link-varlink.c:198:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:201:13: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:207:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/network/networkd-link-varlink.c:210:13: branch_false: ...to here systemd-261-rc2/src/network/networkd-link-varlink.c:210:13: danger: use of uninitialized value ‘link’ here # 208| return r; # 209| # 210|-> r = link_reconfigure_full(link, # 211| LINK_RECONFIGURE_UNCONDITIONALLY | LINK_RECONFIGURE_CLEANLY, # 212| /* message= */ NULL, Error: CPPCHECK_WARNING (CWE-457): [#def109] systemd-261-rc2/src/nsresourced/userns-registry.c:184: error[uninitvar]: Uninitialized variable: e # 182| delegates[n] = DELEGATED_USER_NAMESPACE_INFO_NULL; # 183| # 184|-> r = sd_json_dispatch(e, delegate_dispatch_table, flags, &delegates[n]); # 185| if (r < 0) # 186| return r; Error: CPPCHECK_WARNING (CWE-457): [#def110] systemd-261-rc2/src/nsresourced/userns-registry.c:224: error[uninitvar]: Uninitialized variable: e # 222| sd_json_variant *e; # 223| JSON_VARIANT_ARRAY_FOREACH(e, variant) { # 224|-> if (!sd_json_variant_is_unsigned(e)) # 225| return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an unsigned integer."); # 226| Error: GCC_ANALYZER_WARNING (CWE-401): [#def111] systemd-261-rc2/src/oom/oomd-manager.c:828:21: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(*ctx.path)’ systemd-261-rc2/src/oom/oomd-manager.c:774:12: enter_function: entry to ‘ruleset_check_conditions’ systemd-261-rc2/src/oom/oomd-manager.c:783:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/oom/oomd-manager.c:784:9: branch_false: ...to here systemd-261-rc2/src/oom/oomd-manager.c:784:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/oom/oomd-manager.c:785:9: branch_false: ...to here systemd-261-rc2/src/oom/oomd-manager.c:785:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/oom/oomd-manager.c:786:9: branch_false: ...to here systemd-261-rc2/src/oom/oomd-manager.c:786:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/oom/oomd-manager.c:792:13: branch_false: ...to here systemd-261-rc2/src/oom/oomd-manager.c:816:12: branch_true: following ‘true’ branch... systemd-261-rc2/src/oom/oomd-manager.c:818:57: call_function: inlined call to ‘malloc_multiply’ from ‘ruleset_check_conditions’ systemd-261-rc2/src/oom/oomd-manager.c:819:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/oom/oomd-manager.c:822:17: branch_false: ...to here systemd-261-rc2/src/oom/oomd-manager.c:824:50: acquire_memory: allocated here systemd-261-rc2/src/oom/oomd-manager.c:825:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/oom/oomd-manager.c:828:21: branch_false: ...to here systemd-261-rc2/src/oom/oomd-manager.c:828:21: danger: ‘strdup(*ctx.path)’ leaks here; was allocated at [(15)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/14) # 826| return log_oom(); # 827| # 828|-> r = hashmap_ensure_put(&ruleset->start_times, &string_hash_ops_free_free, path_copy, new_start_time); # 829| if (r < 0) # 830| return log_error_errno(r, "Failed to record start time for rule '%s' on %s: %m", Error: GCC_ANALYZER_WARNING (CWE-401): [#def112] systemd-261-rc2/src/oom/oomd-util.c:88:1: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(32)’ systemd-261-rc2/src/oom/oomd-util.c:473:5: enter_function: entry to ‘oomd_cgroup_kill_mark’ systemd-261-rc2/src/oom/oomd-util.c:476:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/oom/oomd-util.c:477:9: branch_false: ...to here systemd-261-rc2/src/oom/oomd-util.c:477:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/oom/oomd-util.c:478:9: branch_false: ...to here systemd-261-rc2/src/oom/oomd-util.c:478:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/oom/oomd-util.c:480:13: branch_false: ...to here systemd-261-rc2/src/oom/oomd-util.c:480:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/oom/oomd-util.c:491:44: branch_false: ...to here systemd-261-rc2/src/oom/oomd-util.c:492:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/oom/oomd-util.c:495:64: call_function: inlined call to ‘malloc_multiply’ from ‘oomd_cgroup_kill_mark’ systemd-261-rc2/src/oom/oomd-util.c:496:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/oom/oomd-util.c:501:24: branch_false: ...to here systemd-261-rc2/src/oom/oomd-util.c:501:24: call_function: calling ‘oomd_cgroup_context_ref’ from ‘oomd_cgroup_kill_mark’ systemd-261-rc2/src/oom/oomd-util.c:501:24: return_function: returning to ‘oomd_cgroup_kill_mark’ from ‘oomd_cgroup_context_ref’ systemd-261-rc2/src/oom/oomd-util.c:506:12: branch_true: following ‘true’ branch... systemd-261-rc2/src/oom/oomd-util.c:507:24: branch_true: ...to here systemd-261-rc2/src/oom/oomd-util.c:495:59: call_function: inlined call to ‘oomd_kill_state_removep’ from ‘oomd_cgroup_kill_mark’ # 86| } # 87| # 88|-> DEFINE_TRIVIAL_REF_UNREF_FUNC(OomdCGroupContext, oomd_cgroup_context, oomd_cgroup_context_free); # 89| # 90| int oomd_pressure_above(Hashmap *h, Set **ret) { Error: GCC_ANALYZER_WARNING (CWE-476): [#def113] systemd-261-rc2/src/pcrextend/pcrextend.c:524:24: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘args’ systemd-261-rc2/src/pcrextend/pcrextend.c:461:12: enter_function: entry to ‘run’ systemd-261-rc2/src/pcrextend/pcrextend.c:468:16: release_memory: ‘args’ is NULL systemd-261-rc2/src/pcrextend/pcrextend.c:469:13: call_function: calling ‘parse_argv’ from ‘run’ systemd-261-rc2/src/pcrextend/pcrextend.c:469:13: return_function: returning to ‘run’ from ‘parse_argv’ systemd-261-rc2/src/pcrextend/pcrextend.c:470:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/pcrextend/pcrextend.c:473:25: branch_false: ...to here systemd-261-rc2/src/pcrextend/pcrextend.c:473:25: release_memory: ‘args’ is NULL systemd-261-rc2/src/pcrextend/pcrextend.c:475:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/pcrextend/pcrextend.c:478:13: branch_false: ...to here systemd-261-rc2/src/pcrextend/pcrextend.c:478:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/pcrextend/pcrextend.c:488:20: branch_false: ...to here systemd-261-rc2/src/pcrextend/pcrextend.c:488:19: branch_false: following ‘false’ branch... systemd-261-rc2/src/pcrextend/pcrextend.c:499:20: branch_false: ...to here systemd-261-rc2/src/pcrextend/pcrextend.c:499:19: branch_false: following ‘false’ branch... systemd-261-rc2/src/pcrextend/pcrextend.c:510:20: branch_false: ...to here systemd-261-rc2/src/pcrextend/pcrextend.c:510:19: branch_false: following ‘false’ branch... systemd-261-rc2/src/pcrextend/pcrextend.c:521:20: branch_false: ...to here systemd-261-rc2/src/pcrextend/pcrextend.c:521:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/pcrextend/pcrextend.c:524:24: branch_false: ...to here systemd-261-rc2/src/pcrextend/pcrextend.c:524:24: danger: dereference of NULL ‘args’ # 522| return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Expected a single argument."); # 523| # 524|-> word = strdup(args[0]); # 525| if (!word) # 526| return log_oom(); Error: GCC_ANALYZER_WARNING (CWE-476): [#def114] systemd-261-rc2/src/portable/portable.c:912:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘os_release’ systemd-261-rc2/src/portable/portable.c:2025:5: enter_function: entry to ‘portable_attach’ systemd-261-rc2/src/portable/portable.c:2040:63: release_memory: ‘os_release’ is NULL systemd-261-rc2/src/portable/portable.c:2048:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/portable/portable.c:2056:62: branch_false: ...to here systemd-261-rc2/src/portable/portable.c:2050:13: call_function: calling ‘extract_image_and_extensions’ from ‘portable_attach’ # 910| _cleanup_free_ char *prefixes = NULL, *portable_scope_str = NULL; # 911| # 912|-> r = parse_env_file_fd( # 913| os_release->fd, os_release->name, # 914| "ID", &id, Error: GCC_ANALYZER_WARNING (CWE-457): [#def115] systemd-261-rc2/src/report/report-cgroup.c:168:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘values[i]’ systemd-261-rc2/src/report/report-cgroup.c:349:12: enter_function: entry to ‘cgroup_stats_send’ systemd-261-rc2/src/report/report-cgroup.c:355:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/report/report-cgroup.c:356:9: branch_false: ...to here systemd-261-rc2/src/report/report-cgroup.c:356:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/report/report-cgroup.c:358:16: branch_false: ...to here systemd-261-rc2/src/report/report-cgroup.c:358:16: call_function: calling ‘walk_cgroups’ from ‘cgroup_stats_send’ # 166| # 167| for (unsigned i = 0; i < 2; i++) { # 168|-> r = metric_build_send_unsigned(mf + i, link, unit, values[i], /* fields= */ NULL); # 169| if (r < 0) # 170| return r; Error: CPPCHECK_WARNING (CWE-457): [#def116] systemd-261-rc2/src/resolve/resolvectl.c:1487: error[uninitvar]: Uninitialized variable: &pos1 # 1485| # 1486| if (c->ifname) # 1487|-> printf("%s%nLink %i (%s)%n%s:", ansi_highlight(), &pos1, c->ifindex, c->ifname, &pos2, ansi_normal()); # 1488| else if (c->delegate) # 1489| printf("%s%nDelegate %s%n%s:", ansi_highlight(), &pos1, c->delegate, &pos2, ansi_normal()); Error: CPPCHECK_WARNING (CWE-457): [#def117] systemd-261-rc2/src/resolve/resolvectl.c:1487: error[uninitvar]: Uninitialized variable: &pos2 # 1485| # 1486| if (c->ifname) # 1487|-> printf("%s%nLink %i (%s)%n%s:", ansi_highlight(), &pos1, c->ifindex, c->ifname, &pos2, ansi_normal()); # 1488| else if (c->delegate) # 1489| printf("%s%nDelegate %s%n%s:", ansi_highlight(), &pos1, c->delegate, &pos2, ansi_normal()); Error: CPPCHECK_WARNING (CWE-457): [#def118] systemd-261-rc2/src/resolve/resolvectl.c:1715: error[uninitvar]: Uninitialized variable: w # 1713| JSON_VARIANT_ARRAY_FOREACH(w, v) { # 1714| _cleanup_(dns_configuration_freep) DNSConfiguration *c = NULL; # 1715|-> r = dns_configuration_from_json(w, &c); # 1716| if (r < 0) # 1717| return r; Error: CPPCHECK_WARNING (CWE-457): [#def119] systemd-261-rc2/src/resolve/resolved-static-records.c:112: error[uninitvar]: Uninitialized variable: i # 110| int ret = 0; # 111| JSON_VARIANT_ARRAY_FOREACH(i, j) # 112|-> RET_GATHER(ret, load_static_record_file_item(i, records)); # 113| if (ret < 0) # 114| return ret; Error: CPPCHECK_WARNING (CWE-401): [#def120] systemd-261-rc2/src/resolve/test-dns-rr.c:1020: error[leakNoVarFunctionCall]: Allocation with strdup, typeof doesn't release it. # 1018| a = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_CNAME, "www.example.com"); # 1019| ASSERT_NOT_NULL(a); # 1020|-> a->cname.name = ASSERT_PTR(strdup("example.com")); # 1021| # 1022| b = dns_resource_record_copy(a); Error: CPPCHECK_WARNING (CWE-401): [#def121] systemd-261-rc2/src/resolve/test-dns-rr.c:1239: error[leakNoVarFunctionCall]: Allocation with strdup, typeof doesn't release it. # 1237| a = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_PTR, "127.1.168.192.in-addr-arpa"); # 1238| ASSERT_NOT_NULL(a); # 1239|-> a->ptr.name = ASSERT_PTR(strdup("example.com")); # 1240| # 1241| b = dns_resource_record_copy(a); Error: GCC_ANALYZER_WARNING (CWE-476): [#def122] systemd-261-rc2/src/sbsign/sbsign.c:580:38: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘si’ systemd-261-rc2/src/sbsign/sbsign.c:420:12: enter_function: entry to ‘verb_sign’ systemd-261-rc2/src/sbsign/sbsign.c:429:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/sbsign/sbsign.c:432:12: branch_false: ...to here systemd-261-rc2/src/sbsign/sbsign.c:432:12: branch_false: following ‘false’ branch (when ‘argc > 1’)... systemd-261-rc2/src/sbsign/sbsign.c:435:13: branch_false: ...to here systemd-261-rc2/src/sbsign/sbsign.c:435:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/sbsign/sbsign.c:439:13: branch_false: ...to here systemd-261-rc2/src/sbsign/sbsign.c:443:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/sbsign/sbsign.c:446:13: branch_false: ...to here systemd-261-rc2/src/sbsign/sbsign.c:457:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/sbsign/sbsign.c:460:13: branch_false: ...to here systemd-261-rc2/src/sbsign/sbsign.c:460:12: branch_true: following ‘true’ branch... systemd-261-rc2/src/sbsign/sbsign.c:461:21: branch_true: ...to here systemd-261-rc2/src/sbsign/sbsign.c:481:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/sbsign/sbsign.c:721:1: branch_false: ...to here systemd-261-rc2/src/sbsign/sbsign.c:485:12: branch_true: following ‘true’ branch... systemd-261-rc2/src/sbsign/sbsign.c:486:38: branch_true: ...to here systemd-261-rc2/src/sbsign/sbsign.c:490:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/sbsign/sbsign.c:493:32: branch_false: ...to here systemd-261-rc2/src/sbsign/sbsign.c:494:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/sbsign/sbsign.c:486:38: call_function: inlined call to ‘freep’ from ‘verb_sign’ systemd-261-rc2/src/sbsign/sbsign.c:499:12: branch_true: following ‘true’ branch... systemd-261-rc2/src/sbsign/sbsign.c:500:38: branch_true: ...to here systemd-261-rc2/src/sbsign/sbsign.c:504:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/sbsign/sbsign.c:507:47: branch_false: ...to here systemd-261-rc2/src/sbsign/sbsign.c:511:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/sbsign/sbsign.c:514:21: branch_false: ...to here systemd-261-rc2/src/sbsign/sbsign.c:515:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/sbsign/sbsign.c:518:13: branch_false: ...to here systemd-261-rc2/src/sbsign/sbsign.c:519:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/sbsign/sbsign.c:522:43: branch_false: ...to here systemd-261-rc2/src/sbsign/sbsign.c:524:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/sbsign/sbsign.c:527:13: branch_false: ...to here systemd-261-rc2/src/sbsign/sbsign.c:534:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/sbsign/sbsign.c:537:33: branch_false: ...to here systemd-261-rc2/src/sbsign/sbsign.c:539:13: call_function: calling ‘spc_indirect_data_content_new’ from ‘verb_sign’ systemd-261-rc2/src/sbsign/sbsign.c:539:13: return_function: returning to ‘verb_sign’ from ‘spc_indirect_data_content_new’ systemd-261-rc2/src/sbsign/sbsign.c:540:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/sbsign/sbsign.c:543:39: branch_false: ...to here systemd-261-rc2/src/sbsign/sbsign.c:544:28: release_memory: ‘si’ is NULL systemd-261-rc2/src/sbsign/sbsign.c:545:13: call_function: calling ‘pkcs7_new_with_attributes’ from ‘verb_sign’ systemd-261-rc2/src/sbsign/sbsign.c:545:13: return_function: returning to ‘verb_sign’ from ‘pkcs7_new_with_attributes’ systemd-261-rc2/src/sbsign/sbsign.c:546:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/sbsign/sbsign.c:549:9: branch_false: ...to here systemd-261-rc2/src/sbsign/sbsign.c:551:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/sbsign/sbsign.c:579:13: call_function: inlined call to ‘iovec_is_set’ from ‘verb_sign’ systemd-261-rc2/src/sbsign/sbsign.c:580:40: release_memory: ‘si’ is NULL systemd-261-rc2/src/sbsign/sbsign.c:580:38: danger: dereference of NULL ‘si’ # 578| # 579| if (iovec_is_set(&signed_attributes_signature)) # 580|-> sym_ASN1_STRING_set0(si->enc_digest, TAKE_PTR(signed_attributes_signature.iov_base), signed_attributes_signature.iov_len); # 581| else { # 582| _cleanup_(BIO_free_allp) BIO *bio = NULL; Error: GCC_ANALYZER_WARNING (CWE-401): [#def123] systemd-261-rc2/src/shared/bootspec.c:118:14: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(path)’ systemd-261-rc2/src/shared/bootspec.c:1802:5: enter_function: entry to ‘boot_config_load_auto’ systemd-261-rc2/src/shared/bootspec.c:1811:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/bootspec.c:1820:13: branch_false: ...to here systemd-261-rc2/src/shared/bootspec.c:1820:12: branch_true: following ‘true’ branch... systemd-261-rc2/src/shared/bootspec.c:1821:21: branch_true: ...to here systemd-261-rc2/src/shared/bootspec.c:1821:20: branch_true: following ‘true’ branch... systemd-261-rc2/src/shared/bootspec.c:1822:32: branch_true: ...to here systemd-261-rc2/src/shared/bootspec.c:1822:32: call_function: calling ‘boot_config_load’ from ‘boot_config_load_auto’ # 116| } # 117| # 118|-> if (!GREEDY_REALLOC(extras->items, extras->n_items + 1)) # 119| return -ENOMEM; # 120| Error: GCC_ANALYZER_WARNING (CWE-401): [#def124] systemd-261-rc2/src/shared/bootspec.c:1901:17: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(*__unique_prefix_i39)’ systemd-261-rc2/src/shared/bootspec.c:1861:5: enter_function: entry to ‘boot_config_augment_from_loader’ systemd-261-rc2/src/shared/bootspec.c:1879:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/bootspec.c:1879:9: branch_false: ...to here systemd-261-rc2/src/shared/bootspec.c:1884:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/shared/bootspec.c:1888:28: call_function: calling ‘boot_config_find_entry’ from ‘boot_config_augment_from_loader’ systemd-261-rc2/src/shared/bootspec.c:1888:28: return_function: returning to ‘boot_config_augment_from_loader’ from ‘boot_config_find_entry’ systemd-261-rc2/src/shared/bootspec.c:1889:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/bootspec.c:1894:20: branch_false: ...to here systemd-261-rc2/src/shared/bootspec.c:1897:21: acquire_memory: allocated here systemd-261-rc2/src/shared/bootspec.c:1898:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/bootspec.c:1898:20: branch_false: ...to here systemd-261-rc2/src/shared/bootspec.c:1901:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/shared/bootspec.c:1904:36: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/bootspec.c:1909:21: branch_false: ...to here systemd-261-rc2/src/shared/bootspec.c:1910:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/bootspec.c:1913:22: branch_false: ...to here systemd-261-rc2/src/shared/bootspec.c:1913:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/bootspec.c:1916:17: branch_false: ...to here systemd-261-rc2/src/shared/bootspec.c:1901:17: danger: ‘strdup(*__unique_prefix_i39)’ leaks here; was allocated at [(15)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/14) # 1899| return log_oom(); # 1900| # 1901|-> STRV_FOREACH_PAIR(a, b, title_table) # 1902| if (streq(*a, *i)) { # 1903| t = strdup(*b); Error: GCC_ANALYZER_WARNING (CWE-688): [#def125] systemd-261-rc2/src/shared/cryptsetup-util.c:262:9: warning[-Wanalyzer-null-argument]: use of NULL ‘prefix’ where non-null expected systemd-261-rc2/src/shared/cryptsetup-util.c:244:5: enter_function: entry to ‘cryptsetup_get_volume_key_id’ systemd-261-rc2/src/shared/cryptsetup-util.c:251:30: release_memory: ‘prefix’ is NULL systemd-261-rc2/src/shared/cryptsetup-util.c:256:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/cryptsetup-util.c:258:13: branch_false: ...to here systemd-261-rc2/src/shared/cryptsetup-util.c:258:13: call_function: calling ‘cryptsetup_get_volume_key_prefix’ from ‘cryptsetup_get_volume_key_id’ systemd-261-rc2/src/shared/cryptsetup-util.c:258:13: return_function: returning to ‘cryptsetup_get_volume_key_id’ from ‘cryptsetup_get_volume_key_prefix’ systemd-261-rc2/src/shared/cryptsetup-util.c:259:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/cryptsetup-util.c:262:9: branch_false: ...to here systemd-261-rc2/src/shared/cryptsetup-util.c:262:9: release_memory: ‘prefix’ is NULL systemd-261-rc2/src/shared/cryptsetup-util.c:262:9: danger: argument 1 (‘prefix’) NULL where non-null expected # 260| return log_debug_errno(r, "Failed to get LUKS volume key prefix."); # 261| # 262|-> hmac_sha256(volume_key, volume_key_size, prefix, strlen(prefix), digest); # 263| # 264| hex = hexmem(digest, sizeof(digest)); Error: CPPCHECK_WARNING (CWE-457): [#def126] systemd-261-rc2/src/shared/dissect-image.c:483: error[uninitvar]: Uninitialized variable: w # 481| }; # 482| # 483|-> r = sd_json_dispatch(w, dispatch_segment, SD_JSON_ALLOW_EXTENSIONS, &data); # 484| if (r < 0) { # 485| log_debug("Failed to get integrity information from LUKS JSON for segment %s, assuming no integrity.", key); Error: CPPCHECK_WARNING (CWE-457): [#def127] systemd-261-rc2/src/shared/dissect-image.c:485: error[uninitvar]: Uninitialized variable: key # 483| r = sd_json_dispatch(w, dispatch_segment, SD_JSON_ALLOW_EXTENSIONS, &data); # 484| if (r < 0) { # 485|-> log_debug("Failed to get integrity information from LUKS JSON for segment %s, assuming no integrity.", key); # 486| return 0; # 487| } Error: CPPCHECK_WARNING (CWE-457): [#def128] systemd-261-rc2/src/shared/dns-configuration.c:213: error[uninitvar]: Uninitialized variable: v # 211| _cleanup_(dns_scope_freep) DNSScope *s = NULL; # 212| # 213|-> r = dispatch_dns_scope(name, v, flags, &s); # 214| if (r < 0) # 215| return json_log(v, flags, r, "JSON array element is not a valid DNSScope."); Error: GCC_ANALYZER_WARNING (CWE-416): [#def129] systemd-261-rc2/src/shared/dns-rr.c:139:9: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘k’ systemd-261-rc2/src/shared/dns-rr.c:2522:5: enter_function: entry to ‘dns_resource_record_from_json’ systemd-261-rc2/src/shared/dns-rr.c:2525:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/dns-rr.c:2527:30: branch_false: ...to here systemd-261-rc2/src/shared/dns-rr.c:2528:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/dns-rr.c:2531:60: branch_false: ...to here systemd-261-rc2/src/shared/dns-rr.c:2532:13: call_function: calling ‘dns_resource_key_from_json’ from ‘dns_resource_record_from_json’ systemd-261-rc2/src/shared/dns-rr.c:2532:13: return_function: returning to ‘dns_resource_record_from_json’ from ‘dns_resource_key_from_json’ systemd-261-rc2/src/shared/dns-rr.c:2533:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/dns-rr.c:2536:66: branch_false: ...to here systemd-261-rc2/src/shared/dns-rr.c:2537:14: call_function: calling ‘dns_resource_record_new’ from ‘dns_resource_record_from_json’ systemd-261-rc2/src/shared/dns-rr.c:2537:14: return_function: returning to ‘dns_resource_record_from_json’ from ‘dns_resource_record_new’ systemd-261-rc2/src/shared/dns-rr.c:2538:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/dns-rr.c:2542:20: branch_false: ...to here systemd-261-rc2/src/shared/dns-rr.c:2536:66: call_function: calling ‘dns_resource_record_unrefp’ from ‘dns_resource_record_from_json’ systemd-261-rc2/src/shared/dns-rr.c:2536:66: return_function: returning to ‘dns_resource_record_from_json’ from ‘dns_resource_record_unrefp’ systemd-261-rc2/src/shared/dns-rr.c:2531:60: call_function: calling ‘dns_resource_key_unrefp’ from ‘dns_resource_record_from_json’ # 137| return NULL; # 138| # 139|-> assert(k->n_ref != UINT_MAX); # 140| assert(k->n_ref > 0); # 141| Error: CPPCHECK_WARNING (CWE-457): [#def130] systemd-261-rc2/src/shared/elf-util.c:477: error[uninitvar]: Uninitialized variable: z # 475| # 476| JSON_VARIANT_ARRAY_FOREACH(z, v) { # 477|-> r = sd_json_variant_append_array(c->dlopen_metadata, z); # 478| if (r < 0) # 479| return log_error_errno(r, "Failed to append entry to dlopen metadata: %m"); Error: GCC_ANALYZER_WARNING (CWE-401): [#def131] systemd-261-rc2/src/shared/format-table.h:103:1: warning[-Wanalyzer-malloc-leak]: leak of ‘subsystem’ systemd-261-rc2/src/udev/udevadm-monitor.c:121:12: enter_function: entry to ‘parse_argv’ systemd-261-rc2/src/udev/udevadm-monitor.c:124:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:125:9: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:125:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:127:22: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_true: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:130:17: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:159:28: branch_true: following ‘true’ branch (when ‘slash’ is non-NULL)... systemd-261-rc2/src/udev/udevadm-monitor.c:160:43: branch_true: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:161:36: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:164:63: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:164:45: acquire_memory: allocated here systemd-261-rc2/src/udev/udevadm-monitor.c:168:28: branch_false: following ‘false’ branch (when ‘subsystem’ is non-NULL)... systemd-261-rc2/src/udev/udevadm-monitor.c:171:29: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:172:28: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:172:28: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_true: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:130:17: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:135:32: call_function: calling ‘help’ from ‘parse_argv’ systemd-261-rc2/src/udev/udevadm-monitor.c:135:32: return_function: returning to ‘parse_argv’ from ‘help’ systemd-261-rc2/src/shared/format-table.h:103:1: danger: ‘subsystem’ leaks here; was allocated at [(15)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/14) # 101| Table* table_unref(Table *t); # 102| # 103|-> DEFINE_TRIVIAL_CLEANUP_FUNC(Table*, table_unref); # 104| static inline DEFINE_POINTER_ARRAY_CLEAR_FUNC(Table*, table_unref); # 105| Error: GCC_ANALYZER_WARNING (CWE-476): [#def132] systemd-261-rc2/src/shared/loop-util.c:714:30: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘d’ systemd-261-rc2/src/shared/loop-util.c:850:5: enter_function: entry to ‘loop_device_make_by_path_memory’ systemd-261-rc2/src/shared/loop-util.c:862:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/loop-util.c:863:9: branch_false: ...to here systemd-261-rc2/src/shared/loop-util.c:864:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/loop-util.c:867:12: branch_false: ...to here systemd-261-rc2/src/shared/loop-util.c:873:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/loop-util.c:876:13: branch_false: ...to here systemd-261-rc2/src/shared/loop-util.c:877:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/loop-util.c:880:13: call_function: inlined call to ‘path_extract_filename’ from ‘loop_device_make_by_path_memory’ systemd-261-rc2/src/shared/loop-util.c:881:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/loop-util.c:884:15: branch_false: ...to here systemd-261-rc2/src/shared/loop-util.c:885:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/loop-util.c:888:14: branch_false: ...to here systemd-261-rc2/src/shared/loop-util.c:890:16: call_function: calling ‘loop_device_make_internal’ from ‘loop_device_make_by_path_memory’ # 712| /* Open+close to drain GD_NEED_PART_SCAN harmlessly (GD_SUPPRESS_PART_SCAN is still # 713| * set so no partitions appear). Then enable partscan via LOOP_SET_STATUS64. */ # 714|-> int tmp_fd = fd_reopen(d->fd, O_RDONLY|O_CLOEXEC|O_NONBLOCK); # 715| if (tmp_fd < 0) # 716| return log_debug_errno(tmp_fd, "Failed to reopen loop device to drain partscan flag: %m"); Error: CPPCHECK_WARNING (CWE-457): [#def133] systemd-261-rc2/src/shared/luo-util.c:158: error[uninitvar]: Uninitialized variable: unit_entries # 156| sd_json_variant *entry; # 157| # 158|-> JSON_VARIANT_ARRAY_FOREACH(entry, unit_entries) { # 159| struct { # 160| int fd; Error: CPPCHECK_WARNING (CWE-457): [#def134] systemd-261-rc2/src/shared/luo-util.c:170: error[uninitvar]: Uninitialized variable: entry # 168| }; # 169| # 170|-> r = sd_json_dispatch(entry, dispatch_table, SD_JSON_ALLOW_EXTENSIONS|SD_JSON_LOG|SD_JSON_WARNING, &p); # 171| if (r < 0) # 172| continue; Error: CPPCHECK_WARNING (CWE-457): [#def135] systemd-261-rc2/src/shared/luo-util.c:235: error[uninitvar]: Uninitialized variable: entries # 233| sd_json_variant *entry; # 234| # 235|-> JSON_VARIANT_ARRAY_FOREACH(entry, entries) { # 236| struct { # 237| const char *type; Error: CPPCHECK_WARNING (CWE-457): [#def136] systemd-261-rc2/src/shared/luo-util.c:253: error[uninitvar]: Uninitialized variable: entry # 251| }; # 252| # 253|-> r = sd_json_dispatch(entry, dispatch_table, SD_JSON_ALLOW_EXTENSIONS|SD_JSON_LOG|SD_JSON_WARNING, &p); # 254| if (r < 0) # 255| continue; Error: CPPCHECK_WARNING (CWE-457): [#def137] systemd-261-rc2/src/shared/metrics.c:161: error[uninitvar]: Uninitialized variable: e # 159| _unused_ sd_json_variant *e; # 160| JSON_VARIANT_OBJECT_FOREACH(k, e, fields) # 161|-> assert(sd_json_variant_is_string(e)); # 162| } # 163| Error: GCC_ANALYZER_WARNING (CWE-401): [#def138] systemd-261-rc2/src/shared/mstack.c:93:9: warning[-Wanalyzer-malloc-leak]: leak of ‘parameter’ systemd-261-rc2/src/shared/mstack.c:1082:5: enter_function: entry to ‘mstack_apply’ systemd-261-rc2/src/shared/mstack.c:1095:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/mstack.c:1097:39: branch_false: ...to here systemd-261-rc2/src/shared/mstack.c:1098:13: call_function: calling ‘mstack_load_now’ from ‘mstack_apply’ # 91| # 92| static MStackMount *mstack_find(MStack *mstack, MStackMountType t, const char *sort_key, const char *where) { # 93|-> assert(mstack); # 94| # 95| FOREACH_ARRAY(m, mstack->mounts, mstack->n_mounts) { Error: GCC_ANALYZER_WARNING (CWE-416): [#def139] systemd-261-rc2/src/shared/qmp-client.c:105:1: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘p’ systemd-261-rc2/src/shared/qmp-client.c:636:12: enter_function: entry to ‘qmp_client_capabilities_reply’ systemd-261-rc2/src/shared/qmp-client.c:652:9: call_function: calling ‘qmp_client_handle_disconnect’ from ‘qmp_client_capabilities_reply’ # 103| } # 104| # 105|-> DEFINE_TRIVIAL_REF_UNREF_FUNC(QmpSlot, qmp_slot, qmp_slot_free); # 106| # 107| QmpClient* qmp_slot_get_client(QmpSlot *slot) { Error: CPPCHECK_WARNING (CWE-457): [#def140] systemd-261-rc2/src/shared/qmp-client.c:1097: error[uninitvar]: Uninitialized variable: entry # 1095| # 1096| JSON_VARIANT_ARRAY_FOREACH(entry, schema) { # 1097|-> if (!sd_json_variant_is_object(entry)) # 1098| continue; # 1099| Error: CPPCHECK_WARNING (CWE-457): [#def141] systemd-261-rc2/src/shared/qmp-client.c:1110: error[uninitvar]: Uninitialized variable: m # 1108| sd_json_variant *m; # 1109| JSON_VARIANT_ARRAY_FOREACH(m, members) { # 1110|-> if (!sd_json_variant_is_object(m)) # 1111| continue; # 1112| sd_json_variant *mn = sd_json_variant_by_key(m, "name"); Error: GCC_ANALYZER_WARNING (CWE-457): [#def142] systemd-261-rc2/src/shared/rm-rf.c:117:36: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘old_mode’ systemd-261-rc2/src/shared/rm-rf.c:547:7: enter_function: entry to ‘rm_rf_subvolume_and_free’ systemd-261-rc2/src/shared/rm-rf.c:550:12: branch_false: following ‘false’ branch (when ‘p’ is non-NULL)... systemd-261-rc2/src/shared/rm-rf.c:553:16: call_function: inlined call to ‘rm_rf’ from ‘rm_rf_subvolume_and_free’ # 115| if (fstatat(dfd, filename, ret, fstatat_flags) < 0) { # 116| r = -errno; # 117|-> (void) fchmod(dfd, old_mode & 07777); # 118| return r; # 119| } Error: CPPCHECK_WARNING (CWE-457): [#def143] systemd-261-rc2/src/shared/swtpm-util.c:101: error[uninitvar]: Uninitialized variable: i # 99| sd_json_variant *i; # 100| JSON_VARIANT_ARRAY_FOREACH(i, v) { # 101|-> if (!sd_json_variant_is_object(i)) # 102| return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Profile object is not a JSON object."); # 103| Error: GCC_ANALYZER_WARNING (CWE-401): [#def144] systemd-261-rc2/src/shared/swtpm-util.c:238:1: warning[-Wanalyzer-malloc-leak]: leak of ‘best_profile’ systemd-261-rc2/src/shared/swtpm-util.c:133:5: enter_function: entry to ‘manufacture_swtpm’ systemd-261-rc2/src/shared/swtpm-util.c:136:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/swtpm-util.c:138:30: branch_false: ...to here systemd-261-rc2/src/shared/swtpm-util.c:140:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/swtpm-util.c:143:30: branch_false: ...to here systemd-261-rc2/src/shared/swtpm-util.c:144:13: call_function: calling ‘swtpm_find_best_profile’ from ‘manufacture_swtpm’ systemd-261-rc2/src/shared/swtpm-util.c:144:13: return_function: returning to ‘manufacture_swtpm’ from ‘swtpm_find_best_profile’ systemd-261-rc2/src/shared/swtpm-util.c:145:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/swtpm-util.c:150:45: branch_false: ...to here systemd-261-rc2/src/shared/swtpm-util.c:238:1: danger: ‘best_profile’ leaks here; was allocated at [(41)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/40) # 236| # 237| return 0; # 238|-> } Error: GCC_ANALYZER_WARNING (CWE-457): [#def145] systemd-261-rc2/src/shared/tar-util.c:1192:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘unique_mnt_id’ systemd-261-rc2/src/shared/tar-util.c:1160:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/tar-util.c:1161:9: branch_false: ...to here systemd-261-rc2/src/shared/tar-util.c:1161:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/tar-util.c:1162:9: branch_false: ...to here systemd-261-rc2/src/shared/tar-util.c:1162:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/tar-util.c:1163:9: branch_false: ...to here systemd-261-rc2/src/shared/tar-util.c:1163:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/tar-util.c:1166:13: branch_false: ...to here systemd-261-rc2/src/shared/tar-util.c:1175:13: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/tar-util.c:1175:13: branch_false: ...to here systemd-261-rc2/src/shared/tar-util.c:1175:13: branch_true: following ‘true’ branch... systemd-261-rc2/src/shared/tar-util.c:1175:13: branch_true: ...to here systemd-261-rc2/src/shared/tar-util.c:1180:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/tar-util.c:1182:13: branch_false: ...to here systemd-261-rc2/src/shared/tar-util.c:1188:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/tar-util.c:1191:13: branch_false: ...to here systemd-261-rc2/src/shared/tar-util.c:1191:12: branch_true: following ‘true’ branch... systemd-261-rc2/src/shared/tar-util.c:1192:76: branch_true: ...to here systemd-261-rc2/src/shared/tar-util.c:1192:21: danger: use of uninitialized value ‘unique_mnt_id’ here # 1190| # 1191| if (d->have_unique_mount_id) # 1192|-> r = asprintf(&n, "%" PRIu64 ":%i:%s", unique_mnt_id, handle->handle_type, m); # 1193| else # 1194| r = asprintf(&n, "%i:%i:%s", mnt_id, handle->handle_type, m); Error: GCC_ANALYZER_WARNING (CWE-457): [#def146] systemd-261-rc2/src/shared/tar-util.c:1194:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘mnt_id’ systemd-261-rc2/src/shared/tar-util.c:1160:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/tar-util.c:1161:9: branch_false: ...to here systemd-261-rc2/src/shared/tar-util.c:1161:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/tar-util.c:1162:9: branch_false: ...to here systemd-261-rc2/src/shared/tar-util.c:1162:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/tar-util.c:1163:9: branch_false: ...to here systemd-261-rc2/src/shared/tar-util.c:1163:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/tar-util.c:1166:13: branch_false: ...to here systemd-261-rc2/src/shared/tar-util.c:1175:13: branch_true: following ‘true’ branch... systemd-261-rc2/src/shared/tar-util.c:1175:13: branch_true: ...to here systemd-261-rc2/src/shared/tar-util.c:1175:13: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/tar-util.c:1175:13: branch_false: ...to here systemd-261-rc2/src/shared/tar-util.c:1180:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/tar-util.c:1182:13: branch_false: ...to here systemd-261-rc2/src/shared/tar-util.c:1188:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/tar-util.c:1191:13: branch_false: ...to here systemd-261-rc2/src/shared/tar-util.c:1191:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/shared/tar-util.c:1194:60: branch_false: ...to here systemd-261-rc2/src/shared/tar-util.c:1194:21: danger: use of uninitialized value ‘mnt_id’ here # 1192| r = asprintf(&n, "%" PRIu64 ":%i:%s", unique_mnt_id, handle->handle_type, m); # 1193| else # 1194|-> r = asprintf(&n, "%i:%i:%s", mnt_id, handle->handle_type, m); # 1195| if (r < 0) # 1196| return log_oom(); Error: GCC_ANALYZER_WARNING (CWE-401): [#def147] systemd-261-rc2/src/socket-proxy/socket-proxyd.c:418:13: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(40)’ systemd-261-rc2/src/socket-proxy/socket-proxyd.c:383:12: enter_function: entry to ‘context_add_connection’ systemd-261-rc2/src/socket-proxy/socket-proxyd.c:386:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/socket-proxy/socket-proxyd.c:388:35: branch_false: ...to here systemd-261-rc2/src/socket-proxy/socket-proxyd.c:389:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/socket-proxy/socket-proxyd.c:396:13: branch_false: ...to here systemd-261-rc2/src/socket-proxy/socket-proxyd.c:402:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/socket-proxy/socket-proxyd.c:405:13: branch_false: ...to here systemd-261-rc2/src/socket-proxy/socket-proxyd.c:409:53: call_function: inlined call to ‘malloc_multiply’ from ‘context_add_connection’ systemd-261-rc2/src/socket-proxy/socket-proxyd.c:410:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/socket-proxy/socket-proxyd.c:413:9: branch_false: ...to here systemd-261-rc2/src/socket-proxy/socket-proxyd.c:419:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/socket-proxy/socket-proxyd.c:422:9: branch_false: ...to here systemd-261-rc2/src/socket-proxy/socket-proxyd.c:424:13: call_function: calling ‘resolve_remote’ from ‘context_add_connection’ systemd-261-rc2/src/socket-proxy/socket-proxyd.c:424:13: return_function: returning to ‘context_add_connection’ from ‘resolve_remote’ systemd-261-rc2/src/socket-proxy/socket-proxyd.c:418:13: danger: ‘malloc(40)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8) # 416| }; # 417| # 418|-> r = set_ensure_put(&context->connections, &connection_hash_ops, c); # 419| if (r < 0) # 420| return log_oom(); Error: GCC_ANALYZER_WARNING (CWE-476): [#def148] systemd-261-rc2/src/sysext/sysext.c:2030:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘op’ systemd-261-rc2/src/sysext/sysext.c:2694:12: enter_function: entry to ‘vl_method_refresh’ systemd-261-rc2/src/sysext/sysext.c:2702:37: branch_false: following ‘false’ branch... systemd-261-rc2/src/sysext/sysext.c:2703:36: branch_false: ...to here systemd-261-rc2/src/sysext/sysext.c:2708:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/sysext/sysext.c:2710:13: branch_false: ...to here systemd-261-rc2/src/sysext/sysext.c:2710:13: call_function: calling ‘parse_merge_parameters’ from ‘vl_method_refresh’ systemd-261-rc2/src/sysext/sysext.c:2710:13: return_function: returning to ‘vl_method_refresh’ from ‘parse_merge_parameters’ systemd-261-rc2/src/sysext/sysext.c:2711:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/sysext/sysext.c:2714:13: branch_false: ...to here systemd-261-rc2/src/sysext/sysext.c:2714:13: call_function: calling ‘parse_image_class_parameter’ from ‘vl_method_refresh’ systemd-261-rc2/src/sysext/sysext.c:2714:13: return_function: returning to ‘vl_method_refresh’ from ‘parse_image_class_parameter’ systemd-261-rc2/src/sysext/sysext.c:2715:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/sysext/sysext.c:2718:17: branch_false: ...to here systemd-261-rc2/src/sysext/sysext.c:2733:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/sysext/sysext.c:2736:46: branch_false: ...to here systemd-261-rc2/src/sysext/sysext.c:2736:13: call_function: calling ‘refresh’ from ‘vl_method_refresh’ # 2028| return r; # 2029| # 2030|-> if (op->resolved_mutable_directory && !isempty(arg_root)) { # 2031| const char *without_root = NULL; # 2032| without_root = path_startswith(op->resolved_mutable_directory, root_resolved); Error: CPPCHECK_WARNING (CWE-457): [#def149] systemd-261-rc2/src/sysinstall/sysinstall.c:323: error[uninitvar]: Uninitialized variable: i # 321| }; # 322| # 323|-> r = sd_json_dispatch(i, dispatch_table, SD_JSON_LOG|SD_JSON_ALLOW_EXTENSIONS, &bd); # 324| if (r < 0) # 325| return r; Error: COMPILER_WARNING: [#def150] [important] systemd-261-rc2/src/systemctl/systemctl-start-special.c:3:10: error[fatal error]: sys/kexec.h: No such file or directory # 1| /* SPDX-License-Identifier: LGPL-2.1-or-later */ # 2| # 3|-> #include <sys/kexec.h> # 4| #include <unistd.h> # 5| Error: CPPCHECK_WARNING (CWE-476): [#def151] systemd-261-rc2/src/test/test-compress.c:422: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: full_compressed # 420| _cleanup_free_ void *full_compressed = malloc(total_compressed); # 421| ASSERT_NOT_NULL(full_compressed); # 422|-> memcpy(full_compressed, compressed, compressed_size); # 423| if (finish_size > 0) # 424| memcpy((uint8_t*) full_compressed + compressed_size, finish_buf, finish_size); Error: GCC_ANALYZER_WARNING (CWE-121): [#def152] systemd-261-rc2/src/test/test-curl-util.c:36:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow systemd-261-rc2/src/test/test-curl-util.c:227:1: enter_function: entry to ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:229:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:231:47: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:232:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:234:43: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:236:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:236:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:237:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:237:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:238:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:238:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:248:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:248:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:249:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:249:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:250:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:250:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:255:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:256:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:257:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:258:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:259:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:260:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:262:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: following ‘false’ branch (when ‘_expr1 == 0’)... systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:270:17: call_function: calling ‘context_done’ from ‘test_curl_concurrent’ # 34| # 35| static void context_done(Context *f) { # 36|-> f->event = sd_event_unref(f->event); # 37| f->body = mfree(f->body); # 38| } Error: GCC_ANALYZER_WARNING (CWE-126): [#def153] systemd-261-rc2/src/test/test-curl-util.c:36:20: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read systemd-261-rc2/src/test/test-curl-util.c:227:1: enter_function: entry to ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:229:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:231:47: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:232:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:234:43: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:236:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:236:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:237:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:237:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:238:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:238:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:248:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:248:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:249:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:249:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:250:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:250:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:255:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:256:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:257:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:258:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:259:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:260:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:262:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: following ‘false’ branch (when ‘_expr1 == 0’)... systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:270:17: call_function: calling ‘context_done’ from ‘test_curl_concurrent’ # 34| # 35| static void context_done(Context *f) { # 36|-> f->event = sd_event_unref(f->event); # 37| f->body = mfree(f->body); # 38| } Error: GCC_ANALYZER_WARNING (CWE-121): [#def154] systemd-261-rc2/src/test/test-curl-util.c:37:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow systemd-261-rc2/src/test/test-curl-util.c:227:1: enter_function: entry to ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:229:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:231:47: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:232:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:234:43: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:236:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:236:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:237:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:237:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:238:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:238:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:248:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:248:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:249:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:249:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:250:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:250:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:255:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:256:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:257:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:258:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:259:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:260:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:262:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: following ‘false’ branch (when ‘_expr1 == 0’)... systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:270:17: call_function: calling ‘context_done’ from ‘test_curl_concurrent’ # 35| static void context_done(Context *f) { # 36| f->event = sd_event_unref(f->event); # 37|-> f->body = mfree(f->body); # 38| } # 39| Error: GCC_ANALYZER_WARNING (CWE-126): [#def155] systemd-261-rc2/src/test/test-curl-util.c:37:19: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read systemd-261-rc2/src/test/test-curl-util.c:227:1: enter_function: entry to ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:229:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:231:47: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:232:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:234:43: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:236:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:236:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:237:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:237:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:238:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:238:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:248:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:248:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:249:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:249:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:250:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:250:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:255:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:256:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:257:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:258:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:259:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:260:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:262:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: following ‘false’ branch (when ‘_expr1 == 0’)... systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:270:17: call_function: calling ‘context_done’ from ‘test_curl_concurrent’ # 35| static void context_done(Context *f) { # 36| f->event = sd_event_unref(f->event); # 37|-> f->body = mfree(f->body); # 38| } # 39| Error: GCC_ANALYZER_WARNING (CWE-126): [#def156] systemd-261-rc2/src/test/test-curl-util.c:267:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read systemd-261-rc2/src/test/test-curl-util.c:227:1: enter_function: entry to ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:229:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:231:47: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:232:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:234:43: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:236:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:236:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:237:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:237:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:238:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:238:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:248:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:248:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:249:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:249:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:250:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:250:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:255:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:256:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:257:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:258:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:259:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:260:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:262:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: following ‘false’ branch (when ‘_expr1 == 0’)... systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: danger: out-of-bounds read at bit 1344 but ‘reqs’ ends at bit 1152 # 265| # 266| FOREACH_ARRAY(r, reqs, ELEMENTSOF(reqs)) { # 267|-> ASSERT_TRUE(r->ctx.finished); # 268| ASSERT_CURL_OK(r->ctx.result); # 269| ASSERT_STREQ(r->ctx.body, r->expected); Error: GCC_ANALYZER_WARNING (CWE-126): [#def157] systemd-261-rc2/src/test/test-curl-util.c:268:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read systemd-261-rc2/src/test/test-curl-util.c:227:1: enter_function: entry to ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:229:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:231:47: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:232:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:234:43: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:236:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:236:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:237:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:237:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:238:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:238:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:248:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:248:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:249:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:249:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:250:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:250:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:255:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:256:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:257:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:258:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:259:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:260:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:262:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: following ‘false’ branch (when ‘_expr1 == 0’)... systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: danger: out-of-bounds read from byte 172 till byte 175 but ‘reqs’ ends at byte 144 # 266| FOREACH_ARRAY(r, reqs, ELEMENTSOF(reqs)) { # 267| ASSERT_TRUE(r->ctx.finished); # 268|-> ASSERT_CURL_OK(r->ctx.result); # 269| ASSERT_STREQ(r->ctx.body, r->expected); # 270| context_done(&r->ctx); Error: GCC_ANALYZER_WARNING (CWE-126): [#def158] systemd-261-rc2/src/test/test-curl-util.c:269:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read systemd-261-rc2/src/test/test-curl-util.c:227:1: enter_function: entry to ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:229:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:231:47: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:232:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:234:43: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:236:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:236:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:237:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:237:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:238:9: call_function: calling ‘make_tmp_url’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:238:9: return_function: returning to ‘test_curl_concurrent’ from ‘make_tmp_url’ systemd-261-rc2/src/test/test-curl-util.c:248:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:248:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:249:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:249:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:250:9: call_function: calling ‘build_easy’ from ‘test_curl_concurrent’ systemd-261-rc2/src/test/test-curl-util.c:250:9: return_function: returning to ‘test_curl_concurrent’ from ‘build_easy’ systemd-261-rc2/src/test/test-curl-util.c:255:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:256:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:257:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:258:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:259:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:260:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:262:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: following ‘false’ branch (when ‘_expr1 == 0’)... systemd-261-rc2/src/test/test-curl-util.c:264:9: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-curl-util.c:270:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:266:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:267:17: branch_true: following ‘true’ branch... systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_true: ...to here systemd-261-rc2/src/test/test-curl-util.c:268:17: branch_false: following ‘false’ branch (when ‘_code == 0’)... systemd-261-rc2/src/test/test-curl-util.c:269:17: branch_false: ...to here systemd-261-rc2/src/test/test-curl-util.c:269:17: danger: out-of-bounds read from byte 152 till byte 159 but ‘reqs’ ends at byte 144 # 267| ASSERT_TRUE(r->ctx.finished); # 268| ASSERT_CURL_OK(r->ctx.result); # 269|-> ASSERT_STREQ(r->ctx.body, r->expected); # 270| context_done(&r->ctx); # 271| } Error: COMPILER_WARNING: [#def159] [important] systemd-261-rc2/src/test/test-fdstore.c:40:9: error[-Wimplicit-function-declaration]: implicit declaration of function ‘assert’ # 38| int r; # 39| # 40|-> assert(fdname); # 41| assert(content); # 42| Error: CPPCHECK_WARNING (CWE-476): [#def160] systemd-261-rc2/src/test/test-iovec-wrapper.c:248: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: seed # 246| char *seed = strdup("zero"); # 247| ASSERT_NOT_NULL(seed); # 248|-> ASSERT_OK(iovw_put(&target, seed, strlen(seed))); # 249| # 250| ASSERT_OK(iovw_extend_iovw(&target, &source)); Error: CPPCHECK_WARNING (CWE-476): [#def161] systemd-261-rc2/src/test/test-iovec-wrapper.c:283: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: p # 281| char *p = strdup("consumed"); # 282| ASSERT_NOT_NULL(p); # 283|-> ASSERT_OK(iovw_consume(&iovw, p, strlen(p))); # 284| ASSERT_EQ(iovw.count, 1U); # 285| /* iovw_consume moves ownership in place, no copy */ Error: CPPCHECK_WARNING (CWE-401): [#def162] systemd-261-rc2/src/test/test-iovec-wrapper.c:290: error[leakNoVarFunctionCall]: Allocation with strdup, typeof doesn't release it. # 288| /* Zero-length: iovw_put returns 0 without adding anything. Even in that case, iovw_consume() frees # 289| * the payload. Confirm by strdup'ing something to verify that when running with sanitizer/valgrind. */ # 290|-> char *q = ASSERT_NOT_NULL(strdup("")); # 291| ASSERT_OK_ZERO(iovw_consume(&iovw, q, 0)); # 292| ASSERT_EQ(iovw.count, 1U); Error: CPPCHECK_WARNING (CWE-401): [#def163] systemd-261-rc2/src/test/test-iovec-wrapper.c:299: error[leakNoVarFunctionCall]: Allocation with strdup, typeof doesn't release it. # 297| ASSERT_EQ(iovw.count, 2U); # 298| ASSERT_TRUE(iovec_equal(&iovw.iovec[1], &(struct iovec) {})); # 299|-> q = ASSERT_NOT_NULL(strdup("")); # 300| ASSERT_OK(iovw_consume_full(&iovw, /* accept_zero= */ true, q, 0)); # 301| ASSERT_EQ(iovw.count, 3U); Error: CPPCHECK_WARNING (CWE-401): [#def164] systemd-261-rc2/src/test/test-iovec-wrapper.c:315: error[leakNoVarFunctionCall]: Allocation with strdup, typeof doesn't release it. # 313| # 314| struct iovec iov = { # 315|-> .iov_base = ASSERT_NOT_NULL(strdup("consumed")), # 316| .iov_len = strlen("consumed"), # 317| }; Error: CPPCHECK_WARNING (CWE-401): [#def165] systemd-261-rc2/src/test/test-iovec-wrapper.c:325: error[leakNoVarFunctionCall]: Allocation with strdup, typeof doesn't release it. # 323| # 324| iov = (struct iovec) { # 325|-> .iov_base = ASSERT_NOT_NULL(strdup("")), # 326| .iov_len = 0, # 327| }; Error: CPPCHECK_WARNING (CWE-401): [#def166] systemd-261-rc2/src/test/test-iovec-wrapper.c:340: error[leakNoVarFunctionCall]: Allocation with strdup, typeof doesn't release it. # 338| ASSERT_TRUE(iovec_equal(&iovw.iovec[1], &(struct iovec) {})); # 339| iov = (struct iovec) { # 340|-> .iov_base = ASSERT_NOT_NULL(strdup("")), # 341| .iov_len = 0, # 342| }; Error: CPPCHECK_WARNING (CWE-401): [#def167] systemd-261-rc2/src/test/test-iovec-wrapper.c:632: error[leakNoVarFunctionCall]: Allocation with calloc, typeof doesn't release it. # 630| /* with empty entries */ # 631| _cleanup_(iovw_done) struct iovec_wrapper with_empty = { # 632|-> .iovec = ASSERT_PTR(new0(struct iovec, 6)), # 633| .count = 6, # 634| }; Error: CPPCHECK_WARNING (CWE-401): [#def168] systemd-261-rc2/src/test/test-pressure.c:91: error[leakNoVarFunctionCall]: Allocation with strdup, typeof doesn't release it. # 89| int value = 7; # 90| # 91|-> _cleanup_free_ char *resource_upper = ASSERT_NOT_NULL(strdup(resource)); # 92| ascii_strupper(resource_upper); # 93| Error: GCC_ANALYZER_WARNING (CWE-476): [#def169] systemd-261-rc2/src/test/test-pressure.c:358:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(8192)’ systemd-261-rc2/src/test/test-pressure.c:256:1: enter_function: entry to ‘test_real_memory_pressure’ systemd-261-rc2/src/test/test-pressure.c:272:12: branch_false: following ‘false’ branch (when ‘r >= 0’)... systemd-261-rc2/src/test/test-pressure.c:275:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:275:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:277:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:277:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:278:9: call_function: inlined call to ‘random_u64’ from ‘test_real_memory_pressure’ systemd-261-rc2/src/test/test-pressure.c:278:9: branch_false: following ‘false’ branch (when ‘_result >= 0’)... systemd-261-rc2/src/test/test-pressure.c:279:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:279:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:280:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:280:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:281:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:281:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:282:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:282:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:283:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:283:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:284:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:284:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:286:13: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:287:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:290:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:290:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:292:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:292:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:294:35: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:294:35: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:295:13: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:296:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:299:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:299:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:301:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:301:9: branch_false: following ‘false’ branch (when ‘_result >= 0’)... systemd-261-rc2/src/test/test-pressure.c:303:39: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:305:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:306:12: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:306:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:311:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:311:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:312:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:312:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:314:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:314:9: branch_false: following ‘false’ branch (when ‘_result >= 0’)... systemd-261-rc2/src/test/test-pressure.c:315:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:315:9: branch_false: following ‘false’ branch (when ‘_result >= 0’)... systemd-261-rc2/src/test/test-pressure.c:317:38: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:322:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:325:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:325:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:326:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:326:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:327:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:328:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:329:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:330:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:332:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:333:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:334:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:336:18: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:337:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:339:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:340:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:343:13: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:345:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:346:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:346:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:347:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:347:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:348:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:348:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:349:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:349:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:350:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:350:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:352:9: branch_false: ...to here systemd-261-rc2/src/test/test-pressure.c:352:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/test/test-pressure.c:356:23: call_function: inlined call to ‘malloc_multiply’ from ‘test_real_memory_pressure’ systemd-261-rc2/src/test/test-pressure.c:357:25: branch_true: following ‘true’ branch (when ‘i != 1024’)... systemd-261-rc2/src/test/test-pressure.c:358:18: branch_true: ...to here systemd-261-rc2/src/test/test-pressure.c:358:17: danger: ‘malloc(8192) + (long unsigned int)i * 8’ could be NULL: unchecked value from [(89)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/88) # 356| Hashmap **h = new(Hashmap*, NN); # 357| for (int i = 0; i < NN; i++) # 358|-> h[i] = hashmap_new(NULL); # 359| for (int i = 0; i < NN; i++) # 360| hashmap_free(h[i]); Error: GCC_ANALYZER_WARNING (CWE-401): [#def170] systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: warning[-Wanalyzer-malloc-leak]: leak of ‘subsystem’ systemd-261-rc2/src/udev/udevadm-monitor.c:124:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:125:9: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:125:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:127:22: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_true: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:130:17: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:159:28: branch_false: following ‘false’ branch (when ‘slash’ is NULL)... systemd-261-rc2/src/udev/udevadm-monitor.c:166:45: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:166:45: acquire_memory: allocated here systemd-261-rc2/src/udev/udevadm-monitor.c:168:28: branch_false: following ‘false’ branch (when ‘subsystem’ is non-NULL)... systemd-261-rc2/src/udev/udevadm-monitor.c:171:29: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:172:28: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:172:28: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: danger: ‘subsystem’ leaks here; was allocated at [(12)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/11) # 127| OptionParser opts = { argc, argv, .namespace = "udevadm-monitor" }; # 128| # 129|-> FOREACH_OPTION_OR_RETURN(c, &opts) # 130| switch (c) { # 131| Error: GCC_ANALYZER_WARNING (CWE-401): [#def171] systemd-261-rc2/src/udev/udevadm-monitor.c:164:45: warning[-Wanalyzer-malloc-leak]: leak of ‘subsystem’ systemd-261-rc2/src/udev/udevadm-monitor.c:124:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:125:9: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:125:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:127:22: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_true: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:130:17: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:159:28: branch_false: following ‘false’ branch (when ‘slash’ is NULL)... systemd-261-rc2/src/udev/udevadm-monitor.c:166:45: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:166:45: acquire_memory: allocated here systemd-261-rc2/src/udev/udevadm-monitor.c:168:28: branch_false: following ‘false’ branch (when ‘subsystem’ is non-NULL)... systemd-261-rc2/src/udev/udevadm-monitor.c:171:29: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:172:28: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:172:28: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_true: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:130:17: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:159:28: branch_true: following ‘true’ branch (when ‘slash’ is non-NULL)... systemd-261-rc2/src/udev/udevadm-monitor.c:160:43: branch_true: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:161:36: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:164:63: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:164:45: danger: ‘subsystem’ leaks here; was allocated at [(12)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/11) # 162| return log_oom(); # 163| # 164|-> subsystem = strndup(opts.arg, slash - opts.arg); # 165| } else # 166| subsystem = strdup(opts.arg); Error: GCC_ANALYZER_WARNING (CWE-401): [#def172] systemd-261-rc2/src/udev/udevadm-monitor.c:166:45: warning[-Wanalyzer-malloc-leak]: leak of ‘subsystem’ systemd-261-rc2/src/udev/udevadm-monitor.c:124:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:125:9: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:125:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:127:22: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_true: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:130:17: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:159:28: branch_false: following ‘false’ branch (when ‘slash’ is NULL)... systemd-261-rc2/src/udev/udevadm-monitor.c:166:45: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:166:45: acquire_memory: allocated here systemd-261-rc2/src/udev/udevadm-monitor.c:168:28: branch_false: following ‘false’ branch (when ‘subsystem’ is non-NULL)... systemd-261-rc2/src/udev/udevadm-monitor.c:171:29: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:172:28: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:172:28: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_true: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:129:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/udev/udevadm-monitor.c:130:17: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:159:28: branch_false: following ‘false’ branch (when ‘slash’ is NULL)... systemd-261-rc2/src/udev/udevadm-monitor.c:166:45: branch_false: ...to here systemd-261-rc2/src/udev/udevadm-monitor.c:166:45: danger: ‘subsystem’ leaks here; was allocated at [(12)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/11) # 164| subsystem = strndup(opts.arg, slash - opts.arg); # 165| } else # 166|-> subsystem = strdup(opts.arg); # 167| # 168| if (!subsystem) Error: GCC_ANALYZER_WARNING (CWE-775): [#def173] systemd-261-rc2/src/varlinkctl/varlinkctl.c:129:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘add_fd’ systemd-261-rc2/src/varlinkctl/varlinkctl.c:124:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/varlinkctl/varlinkctl.c:125:9: branch_false: ...to here systemd-261-rc2/src/varlinkctl/varlinkctl.c:125:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/varlinkctl/varlinkctl.c:127:22: branch_false: ...to here systemd-261-rc2/src/varlinkctl/varlinkctl.c:129:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/varlinkctl/varlinkctl.c:129:9: branch_true: ...to here systemd-261-rc2/src/varlinkctl/varlinkctl.c:129:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/varlinkctl/varlinkctl.c:130:17: branch_false: ...to here systemd-261-rc2/src/varlinkctl/varlinkctl.c:221:28: branch_false: following ‘false’ branch... systemd-261-rc2/src/varlinkctl/varlinkctl.c:225:29: branch_false: ...to here systemd-261-rc2/src/varlinkctl/varlinkctl.c:225:28: branch_true: following ‘true’ branch... systemd-261-rc2/src/varlinkctl/varlinkctl.c:229:42: branch_true: ...to here systemd-261-rc2/src/varlinkctl/varlinkctl.c:229:42: acquire_resource: opened here systemd-261-rc2/src/varlinkctl/varlinkctl.c:230:36: branch_false: following ‘false’ branch... systemd-261-rc2/src/varlinkctl/varlinkctl.c:257:1: branch_false: ...to here systemd-261-rc2/src/varlinkctl/varlinkctl.c:129:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/varlinkctl/varlinkctl.c:129:9: branch_true: ...to here systemd-261-rc2/src/varlinkctl/varlinkctl.c:129:9: danger: ‘add_fd’ leaks here; was opened at [(13)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/12) # 127| OptionParser opts = { argc, argv }; # 128| # 129|-> FOREACH_OPTION_OR_RETURN(c, &opts) # 130| switch (c) { # 131| Error: GCC_ANALYZER_WARNING (CWE-416): [#def174] systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:717:13: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘userdata’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:816:12: enter_function: entry to ‘on_add_device_add_complete’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:823:53: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:825:9: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:825:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:827:12: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:827:12: branch_true: following ‘true’ branch (when ‘error < 0’)... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:828:24: branch_true: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:828:24: call_function: calling ‘drive_info_add_fail’ from ‘on_add_device_add_complete’ # 715| drive_info_unref(ref); # 716| # 717|-> if (ref->link) { # 718| (void) reply_qmp_error(ref->link, error_desc, error); # 719| ref->link = sd_varlink_unref(ref->link); Error: GCC_ANALYZER_WARNING (CWE-416): [#def175] systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1155:1: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘p’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1267:12: enter_function: entry to ‘on_replace_blockdev_reopen_complete’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1274:57: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1275:9: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1275:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1277:12: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1277:12: branch_false: following ‘false’ branch (when ‘error >= 0’)... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1280:20: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1298:12: branch_true: following ‘true’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1299:70: branch_true: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1299:70: call_function: calling ‘replace_ctx_ref’ from ‘on_replace_blockdev_reopen_complete’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1299:70: return_function: returning to ‘on_replace_blockdev_reopen_complete’ from ‘replace_ctx_ref’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1303:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1299:59: call_function: inlined call to ‘replace_ctx_unrefp’ from ‘on_replace_blockdev_reopen_complete’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1299:59: call_function: inlined call to ‘replace_ctx_unrefp’ from ‘on_replace_blockdev_reopen_complete’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1311:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1314:9: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1274:51: call_function: inlined call to ‘replace_ctx_unrefp’ from ‘on_replace_blockdev_reopen_complete’ # 1153| # 1154| DEFINE_PRIVATE_TRIVIAL_REF_FUNC(ReplaceCtx, replace_ctx); # 1155|-> DEFINE_PRIVATE_TRIVIAL_UNREF_FUNC(ReplaceCtx, replace_ctx, replace_ctx_free); # 1156| DEFINE_TRIVIAL_CLEANUP_FUNC(ReplaceCtx*, replace_ctx_unref); # 1157| Error: GCC_ANALYZER_WARNING (CWE-416): [#def176] systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1311:9: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘userdata’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1267:12: enter_function: entry to ‘on_replace_blockdev_reopen_complete’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1274:57: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1275:9: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1275:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1277:12: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1277:12: branch_false: following ‘false’ branch (when ‘error >= 0’)... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1280:20: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1298:12: branch_true: following ‘true’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1299:70: branch_true: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1299:70: call_function: calling ‘replace_ctx_ref’ from ‘on_replace_blockdev_reopen_complete’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1299:70: return_function: returning to ‘on_replace_blockdev_reopen_complete’ from ‘replace_ctx_ref’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1303:20: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1299:59: call_function: inlined call to ‘replace_ctx_unrefp’ from ‘on_replace_blockdev_reopen_complete’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1299:59: call_function: inlined call to ‘replace_ctx_unrefp’ from ‘on_replace_blockdev_reopen_complete’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1311:9: branch_true: following ‘true’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1311:9: branch_true: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1311:9: danger: use after ‘free’ of ‘userdata’; freed at [(28)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/27) # 1309| /* Couldn't even queue blockdev-del. The swap succeeded; reply success # 1310| * and leave the orphan to clean up at VM exit. */ # 1311|-> log_warning_errno(r, "Failed to queue blockdev-del for orphaned file node '%s': %m", # 1312| ctx->old_file_node_name); # 1313| Error: GCC_ANALYZER_WARNING (CWE-416): [#def177] systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1465:9: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘calloc(1, 64)’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1321:5: enter_function: entry to ‘vmspawn_qmp_replace_block_device’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1337:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1338:9: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1338:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1339:9: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1339:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1340:9: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1340:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1342:28: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1343:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1345:14: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1345:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1349:13: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1351:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1353:13: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1353:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1355:9: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1355:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1356:9: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1356:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1359:30: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1362:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1370:36: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1377:15: acquire_memory: allocated here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1378:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1380:9: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1381:22: call_function: calling ‘drive_info_ref’ from ‘vmspawn_qmp_replace_block_device’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1381:22: return_function: returning to ‘vmspawn_qmp_replace_block_device’ from ‘drive_info_ref’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1385:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1388:23: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1392:20: call_function: calling ‘replace_ctx_ref’ from ‘vmspawn_qmp_replace_block_device’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1392:20: return_function: returning to ‘vmspawn_qmp_replace_block_device’ from ‘replace_ctx_ref’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1393:13: call_function: calling ‘qmp_fdset_add’ from ‘vmspawn_qmp_replace_block_device’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1393:13: return_function: returning to ‘vmspawn_qmp_replace_block_device’ from ‘qmp_fdset_add’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1396:12: branch_true: following ‘true’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1397:17: branch_true: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1397:17: call_function: calling ‘replace_ctx_unref’ from ‘vmspawn_qmp_replace_block_device’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1397:17: return_function: returning to ‘vmspawn_qmp_replace_block_device’ from ‘replace_ctx_unref’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1465:9: danger: use after ‘free’ of ‘calloc(1, 64)’; freed at [(73)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/72) # 1463| /* Mark failed so any in-flight callbacks observe the failure and # 1464| * rollback their just-added state retroactively. */ # 1465|-> ctx->state |= REPLACE_CTX_FAILED; # 1466| drive->state &= ~BLOCK_DEVICE_STATE_REPLACE_PENDING; # 1467| drive->link = sd_varlink_unref(drive->link); Error: GCC_ANALYZER_WARNING (CWE-401): [#def178] systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1733:13: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(job_id)’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1705:5: enter_function: entry to ‘vmspawn_qmp_bridge_register_job’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1716:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1717:9: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1717:9: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1719:14: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1719:14: acquire_memory: allocated here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1720:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1723:15: call_function: inlined call to ‘malloc_multiply’ from ‘vmspawn_qmp_bridge_register_job’ systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1724:12: branch_false: following ‘false’ branch... systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1727:9: branch_false: ...to here systemd-261-rc2/src/vmspawn/vmspawn-qmp.c:1733:13: danger: ‘strdup(job_id)’ leaks here; was allocated at [(6)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/5) # 1731| }; # 1732| # 1733|-> r = hashmap_ensure_put(&b->pending_jobs, &pending_job_hash_ops, id, job); # 1734| if (r < 0) # 1735| return r; Error: CPPCHECK_WARNING (CWE-457): [#def179] systemd-261-rc2/src/vmspawn/vmspawn-util.c:236: error[uninitvar]: Uninitialized variable: e # 234| return -ENOMEM; # 235| # 236|-> r = sd_json_dispatch(e, table, flags, t); # 237| if (r < 0) # 238| return r;
| analyzer-version-clippy | 1.95.0 |
| analyzer-version-cppcheck | 2.20.0 |
| analyzer-version-gcc | 16.1.1 |
| analyzer-version-gcc-analyzer | 16.1.1 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.95.0 |
| diffbase-analyzer-version-cppcheck | 2.20.0 |
| diffbase-analyzer-version-gcc | 16.1.1 |
| diffbase-analyzer-version-gcc-analyzer | 16.1.1 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-20.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | systemd-259.5-1.fc44 |
| diffbase-store-results-to | /tmp/tmp7wtoocd4/systemd-259.5-1.fc44.tar.xz |
| diffbase-time-created | 2026-06-01 17:00:21 |
| diffbase-time-finished | 2026-06-01 17:14:28 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmp7wtoocd4/systemd-259.5-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp7wtoocd4/systemd-259.5-1.fc44.src.rpm' |
| diffbase-tool-version | csmock-3.8.5.20260529.133039.g6f3b5c6-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-20.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | systemd-261~rc2-1.fc45 |
| store-results-to | /tmp/tmp_1uo6rm6/systemd-261~rc2-1.fc45.tar.xz |
| time-created | 2026-06-01 17:15:26 |
| time-finished | 2026-06-01 17:30:30 |
| title | Newly introduced findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmp_1uo6rm6/systemd-261~rc2-1.fc45.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp_1uo6rm6/systemd-261~rc2-1.fc45.src.rpm' |
| tool-version | csmock-3.8.5.20260529.133039.g6f3b5c6-1.el9 |