Error: COMPILER_WARNING: [#def1] [important] systemd-259.5/src/basic/cgroup-util.c:88:29: error[error]: ‘FILEID_KERNFS’ undeclared (first use in this function) # 86| } # 87| # 88|-> cg_file_handle fh = CG_FILE_HANDLE_INIT; # 89| unaligned_write_ne64(fh.file_handle.f_handle, id); # 90| Error: COMPILER_WARNING: [#def2] [important] systemd-259.5/src/basic/cgroup-util.c:116:29: error[error]: ‘FILEID_KERNFS’ undeclared (first use in this function) # 114| # 115| int cg_get_cgroupid_at(int dfd, const char *path, uint64_t *ret) { # 116|-> cg_file_handle fh = CG_FILE_HANDLE_INIT; # 117| int mnt_id; # 118| Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] systemd-259.5/src/basic/chase.c:601:1: warning[-Wanalyzer-malloc-leak]: leak of ‘done’ systemd-259.5/src/basic/chase.c:1190:5: enter_function: entry to ‘chase_and_open_parent_at’ systemd-259.5/src/basic/chase.c:1193:9: branch_false: following ‘false’ branch... systemd-259.5/src/basic/chase.c:1195:35: branch_false: ...to here systemd-259.5/src/basic/chase.c:1195:13: call_function: calling ‘chaseat’ from ‘chase_and_open_parent_at’ # 599| # 600| return 0; # 601|-> } # 602| # 603| int chase(const char *path, const char *root, ChaseFlags flags, char **ret_path, int *ret_fd) { Error: CPPCHECK_WARNING (CWE-401): [#def4] systemd-259.5/src/basic/compress.c:882: error[memleak]: Memory leak: out_buff # 880| in_buff = malloc(LZ4_BUFSIZE); # 881| if (!in_buff) # 882|-> return -ENOMEM; # 883| # 884| n = offset = total_out = sym_LZ4F_compressBegin(ctx, out_buff, out_allocsize, &preferences); Error: CPPCHECK_WARNING (CWE-401): [#def5] systemd-259.5/src/basic/compress.c:886: error[memleak]: Memory leak: in_buff # 884| n = offset = total_out = sym_LZ4F_compressBegin(ctx, out_buff, out_allocsize, &preferences); # 885| if (sym_LZ4F_isError(n)) # 886|-> return -EINVAL; # 887| # 888| log_debug("Buffer size is %zu bytes, header size %zu bytes.", out_allocsize, n); Error: CPPCHECK_WARNING (CWE-401): [#def6] systemd-259.5/src/basic/compress.c:1055: error[memleak]: Memory leak: buf # 1053| src = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fdf, 0); # 1054| if (src == MAP_FAILED) # 1055|-> return -errno; # 1056| # 1057| while (total_in < (size_t) st.st_size) { Error: GCC_ANALYZER_WARNING (CWE-688): [#def7] systemd-259.5/src/basic/escape.h:40:16: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected systemd-259.5/src/bootctl/bootctl.c:373:12: enter_function: entry to ‘parse_argv’ systemd-259.5/src/bootctl/bootctl.c:441:9: branch_false: following ‘false’ branch... systemd-259.5/src/bootctl/bootctl.c:442:9: branch_false: ...to here systemd-259.5/src/bootctl/bootctl.c:442:9: branch_false: following ‘false’ branch... systemd-259.5/src/bootctl/bootctl.c:442:9: branch_false: ...to here systemd-259.5/src/bootctl/bootctl.c:444:16: branch_true: following ‘true’ branch (when ‘c >= 0’)... systemd-259.5/src/bootctl/bootctl.c:445:17: branch_true: ...to here systemd-259.5/src/bootctl/bootctl.c:574:29: call_function: inlined call to ‘isempty’ from ‘parse_argv’ systemd-259.5/src/bootctl/bootctl.c:577:43: call_function: inlined call to ‘cescape’ from ‘parse_argv’ # 38| char* cescape_length(const char *s, size_t n) _nonnull_if_nonzero_(1, 2); # 39| static inline char* cescape(const char *s) { # 40|-> return cescape_length(s, SIZE_MAX); # 41| } # 42| Error: GCC_ANALYZER_WARNING (CWE-688): [#def8] systemd-259.5/src/basic/escape.h:40:16: warning[-Wanalyzer-null-argument]: use of NULL ‘mounted_dir’ where non-null expected systemd-259.5/src/bootctl/bootctl.c:738:12: enter_function: entry to ‘run’ systemd-259.5/src/bootctl/bootctl.c:740:43: release_memory: ‘mounted_dir’ is NULL systemd-259.5/src/bootctl/bootctl.c:745:13: call_function: calling ‘parse_argv’ from ‘run’ # 38| char* cescape_length(const char *s, size_t n) _nonnull_if_nonzero_(1, 2); # 39| static inline char* cescape(const char *s) { # 40|-> return cescape_length(s, SIZE_MAX); # 41| } # 42| Error: GCC_ANALYZER_WARNING (CWE-401): [#def9] systemd-259.5/src/basic/hashmap.c:375:16: warning[-Wanalyzer-malloc-leak]: leak of ‘new_storage’ systemd-259.5/src/basic/hashmap.c:1283:5: enter_function: entry to ‘set_ensure_put’ systemd-259.5/src/basic/hashmap.c:1290:16: call_function: calling ‘set_put’ from ‘set_ensure_put’ # 373| # 374| static struct hashmap_base_entry* bucket_at(HashmapBase *h, unsigned idx) { # 375|-> return CAST_ALIGN_PTR( # 376| struct hashmap_base_entry, # 377| (uint8_t *) storage_ptr(h) + idx * hashmap_type_info[h->type].entry_size); Error: GCC_ANALYZER_WARNING (CWE-457): [#def10] systemd-259.5/src/basic/mountpoint-util.c:587:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘mount_id’ systemd-259.5/src/basic/mountpoint-util.c:559:5: enter_function: entry to ‘dev_is_devtmpfs’ systemd-259.5/src/basic/mountpoint-util.c:564:13: call_function: inlined call to ‘path_get_mnt_id’ from ‘dev_is_devtmpfs’ systemd-259.5/src/basic/mountpoint-util.c:564:13: call_function: inlined call to ‘path_get_mnt_id’ from ‘dev_is_devtmpfs’ systemd-259.5/src/basic/mountpoint-util.c:565:12: branch_false: following ‘false’ branch... systemd-259.5/src/basic/mountpoint-util.c:568:13: branch_false: ...to here systemd-259.5/src/basic/mountpoint-util.c:569:12: branch_false: following ‘false’ branch... systemd-259.5/src/basic/mountpoint-util.c:571:12: branch_false: ...to here systemd-259.5/src/basic/mountpoint-util.c:571:12: branch_false: following ‘false’ branch... systemd-259.5/src/basic/mountpoint-util.c:571:12: branch_false: ...to here systemd-259.5/src/basic/mountpoint-util.c:579:20: branch_false: following ‘false’ branch... systemd-259.5/src/basic/mountpoint-util.c:581:20: branch_false: ...to here systemd-259.5/src/basic/mountpoint-util.c:581:20: branch_false: following ‘false’ branch... systemd-259.5/src/basic/mountpoint-util.c:584:21: branch_false: ...to here systemd-259.5/src/basic/mountpoint-util.c:587:21: danger: use of uninitialized value ‘mount_id’ here # 585| continue; # 586| # 587|-> if (mid != mount_id) # 588| continue; # 589| Error: COMPILER_WARNING: [#def11] [important] systemd-259.5/src/basic/pidfd-util.c:245:52: error[error]: ‘FILEID_KERNFS’ undeclared (first use in this function) # 243| } fh = { # 244| .file_handle.handle_bytes = sizeof(uint64_t), # 245|-> .file_handle.handle_type = FILEID_KERNFS, # 246| }; # 247| int mnt_id; Error: COMPILER_WARNING: [#def12] [important] systemd-259.5/src/basic/socket-util.c:993:27: error[error]: ‘SCM_MAX_FD’ undeclared (first use in this function) # 991| # 992| /* The kernel will reject sending more than SCM_MAX_FD FDs at once */ # 993|-> if (n_fds_array > SCM_MAX_FD) # 994| return -E2BIG; # 995| Error: COMPILER_WARNING: [#def13] [important] systemd-259.5/src/basic/socket-util.c:1081:9: error[error]: ‘SCM_MAX_FD’ undeclared (first use in this function) # 1079| int flags) { # 1080| # 1081|-> CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(int) * SCM_MAX_FD)) control; # 1082| struct msghdr mh = { # 1083| .msg_control = &control, Error: GCC_ANALYZER_WARNING (CWE-401): [#def14] systemd-259.5/src/basic/strv.c:595:24: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(key)’ systemd-259.5/src/basic/strv.c:1121:12: enter_function: entry to ‘string_strv_hashmap_put_internal’ systemd-259.5/src/basic/strv.c:1125:9: branch_false: following ‘false’ branch... systemd-259.5/src/basic/strv.c:1126:9: branch_false: ...to here systemd-259.5/src/basic/strv.c:1126:9: branch_false: following ‘false’ branch... systemd-259.5/src/basic/strv.c:1127:9: branch_false: ...to here systemd-259.5/src/basic/strv.c:1127:9: branch_false: following ‘false’ branch... systemd-259.5/src/basic/strv.c:1129:13: call_function: inlined call to ‘hashmap_get’ from ‘string_strv_hashmap_put_internal’ systemd-259.5/src/basic/strv.c:1130:12: branch_false: following ‘false’ branch... systemd-259.5/src/basic/strv.c:1142:44: branch_false: ...to here systemd-259.5/src/basic/strv.c:1145:21: acquire_memory: allocated here systemd-259.5/src/basic/strv.c:1146:20: branch_false: following ‘false’ branch... systemd-259.5/src/basic/strv.c:1149:21: call_function: inlined call to ‘strv_extend’ from ‘string_strv_hashmap_put_internal’ systemd-259.5/src/basic/strv.c:1149:21: call_function: inlined call to ‘strv_extend’ from ‘string_strv_hashmap_put_internal’ systemd-259.5/src/basic/strv.c:1150:20: branch_false: following ‘false’ branch... systemd-259.5/src/basic/strv.c:1153:21: branch_false: ...to here systemd-259.5/src/basic/strv.c:595:24: danger: ‘strdup(key)’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10) # 593| size_t size = n ? *n : SIZE_MAX; # 594| if (size == SIZE_MAX) # 595|-> size = strv_length(*l); # 596| # 597| /* Check for overflow */ Error: GCC_ANALYZER_WARNING (CWE-476): [#def15] systemd-259.5/src/basic/terminal-util.c:2691:34: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘name’ systemd-259.5/src/basic/terminal-util.c:2703:5: enter_function: entry to ‘query_term_for_tty’ systemd-259.5/src/basic/terminal-util.c:2704:30: release_memory: ‘dcs_term’ is NULL systemd-259.5/src/basic/terminal-util.c:2707:9: branch_false: following ‘false’ branch... systemd-259.5/src/basic/terminal-util.c:2708:9: branch_false: ...to here systemd-259.5/src/basic/terminal-util.c:2708:9: branch_false: following ‘false’ branch... systemd-259.5/src/basic/terminal-util.c:2710:13: branch_false: ...to here systemd-259.5/src/basic/terminal-util.c:2710:13: call_function: calling ‘tty_is_vc_resolve’ from ‘query_term_for_tty’ systemd-259.5/src/basic/terminal-util.c:2710:13: return_function: returning to ‘query_term_for_tty’ from ‘tty_is_vc_resolve’ systemd-259.5/src/basic/terminal-util.c:2710:12: branch_false: following ‘false’ branch... systemd-259.5/src/basic/terminal-util.c:2716:38: branch_false: ...to here systemd-259.5/src/basic/terminal-util.c:2716:38: call_function: calling ‘open_terminal’ from ‘query_term_for_tty’ systemd-259.5/src/basic/terminal-util.c:2716:38: return_function: returning to ‘query_term_for_tty’ from ‘open_terminal’ systemd-259.5/src/basic/terminal-util.c:2717:12: branch_false: following ‘false’ branch... systemd-259.5/src/basic/terminal-util.c:2720:13: branch_false: ...to here systemd-259.5/src/basic/terminal-util.c:2720:13: call_function: calling ‘terminal_get_terminfo_by_dcs’ from ‘query_term_for_tty’ systemd-259.5/src/basic/terminal-util.c:2720:13: return_function: returning to ‘query_term_for_tty’ from ‘terminal_get_terminfo_by_dcs’ systemd-259.5/src/basic/terminal-util.c:2721:12: branch_false: following ‘false’ branch... systemd-259.5/src/basic/terminal-util.c:2724:13: branch_false: ...to here systemd-259.5/src/basic/terminal-util.c:2724:13: release_memory: ‘dcs_term’ is NULL systemd-259.5/src/basic/terminal-util.c:2724:13: call_function: calling ‘have_terminfo_file’ from ‘query_term_for_tty’ # 2689| assert(filename_is_valid(name)); # 2690| # 2691|-> _cleanup_free_ char *p = path_join("/usr/share/terminfo", CHAR_TO_STR(name[0]), name); # 2692| if (!p) # 2693| return log_oom_debug(); Error: GCC_ANALYZER_WARNING (CWE-457): [#def16] systemd-259.5/src/basic/user-util.c:528:16: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘gid’ systemd-259.5/src/basic/user-util.c:520:5: enter_function: entry to ‘in_group’ systemd-259.5/src/basic/user-util.c:524:13: call_function: calling ‘get_group_creds’ from ‘in_group’ systemd-259.5/src/basic/user-util.c:524:13: return_function: returning to ‘in_group’ from ‘get_group_creds’ systemd-259.5/src/basic/user-util.c:525:12: branch_false: following ‘false’ branch... systemd-259.5/src/basic/user-util.c:528:16: branch_false: ...to here systemd-259.5/src/basic/user-util.c:528:16: danger: use of uninitialized value ‘gid’ here # 526| return r; # 527| # 528|-> return in_gid(gid); # 529| } # 530| Error: GCC_ANALYZER_WARNING (CWE-457): [#def17] systemd-259.5/src/basic/user-util.c:1079:16: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘uid’ systemd-259.5/src/basic/user-util.c:1069:5: enter_function: entry to ‘is_this_me’ systemd-259.5/src/basic/user-util.c:1075:13: call_function: calling ‘get_user_creds’ from ‘is_this_me’ systemd-259.5/src/basic/user-util.c:1075:13: return_function: returning to ‘is_this_me’ from ‘get_user_creds’ systemd-259.5/src/basic/user-util.c:1076:12: branch_false: following ‘false’ branch... systemd-259.5/src/basic/user-util.c:1079:23: branch_false: ...to here systemd-259.5/src/basic/user-util.c:1079:16: danger: use of uninitialized value ‘uid’ here # 1077| return r; # 1078| # 1079|-> return uid == getuid(); # 1080| } # 1081| Error: GCC_ANALYZER_WARNING (CWE-401): [#def18] systemd-259.5/src/bootctl/bootctl-status.c:665:77: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(fn)’ systemd-259.5/src/bootctl/bootctl-status.c:774:12: enter_function: entry to ‘unlink_entry’ systemd-259.5/src/bootctl/bootctl-status.c:779:9: branch_false: following ‘false’ branch... systemd-259.5/src/bootctl/bootctl-status.c:781:13: branch_false: ...to here systemd-259.5/src/bootctl/bootctl-status.c:781:13: call_function: calling ‘count_known_files’ from ‘unlink_entry’ # 663| if (!t) # 664| return -ENOMEM; # 665|-> r = hashmap_ensure_put(known_files, &path_hash_ops_free, t, INT_TO_PTR(n)); # 666| if (r < 0) # 667| return r; Error: CPPCHECK_WARNING (CWE-457): [#def19] systemd-259.5/src/coredump/coredumpctl.c:829: error[uninitvar]: Uninitialized variable: module_name # 827| # 828| /* We only print the build-id for the 'main' ELF module */ # 829|-> if (!path_equal_filename(module_name, exe)) # 830| continue; # 831| Error: GCC_ANALYZER_WARNING (CWE-401): [#def20] systemd-259.5/src/coredump/coredumpctl.c:850:1: warning[-Wanalyzer-malloc-leak]: leak of ‘mid’ systemd-259.5/src/coredump/coredumpctl.c:866:12: enter_function: entry to ‘print_entry’ systemd-259.5/src/coredump/coredumpctl.c:875:17: branch_false: following ‘false’ branch... systemd-259.5/src/coredump/coredumpctl.c:878:24: branch_false: ...to here systemd-259.5/src/coredump/coredumpctl.c:878:24: call_function: calling ‘print_info’ from ‘print_entry’ # 848| # 849| return 0; # 850|-> } # 851| # 852| static int focus(sd_journal *j) { Error: GCC_ANALYZER_WARNING (CWE-476): [#def21] systemd-259.5/src/home/pam_systemd_home.c:1013:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ur’ /usr/include/security/pam_modules.h:40:5: enter_function: entry to ‘pam_sm_acct_mgmt’ systemd-259.5/src/home/pam_systemd_home.c:974:51: release_memory: ‘ur’ is NULL systemd-259.5/src/home/pam_systemd_home.c:981:12: branch_false: following ‘false’ branch... systemd-259.5/src/home/pam_systemd_home.c:984:9: branch_false: ...to here systemd-259.5/src/home/pam_systemd_home.c:989:13: call_function: calling ‘parse_argv’ from ‘pam_sm_acct_mgmt’ systemd-259.5/src/home/pam_systemd_home.c:989:13: return_function: returning to ‘pam_sm_acct_mgmt’ from ‘parse_argv’ systemd-259.5/src/home/pam_systemd_home.c:997:13: call_function: calling ‘fallback_shell_can_work’ from ‘pam_sm_acct_mgmt’ systemd-259.5/src/home/pam_systemd_home.c:997:13: return_function: returning to ‘pam_sm_acct_mgmt’ from ‘fallback_shell_can_work’ systemd-259.5/src/home/pam_systemd_home.c:998:12: branch_false: following ‘false’ branch... systemd-259.5/src/home/pam_systemd_home.c:1001:13: branch_false: ...to here systemd-259.5/src/home/pam_systemd_home.c:1001:13: call_function: calling ‘acquire_home’ from ‘pam_sm_acct_mgmt’ systemd-259.5/src/home/pam_systemd_home.c:1001:13: return_function: returning to ‘pam_sm_acct_mgmt’ from ‘acquire_home’ systemd-259.5/src/home/pam_systemd_home.c:1002:12: branch_false: following ‘false’ branch... systemd-259.5/src/home/pam_systemd_home.c:1005:13: branch_false: ...to here systemd-259.5/src/home/pam_systemd_home.c:1005:13: call_function: calling ‘acquire_user_record’ from ‘pam_sm_acct_mgmt’ systemd-259.5/src/home/pam_systemd_home.c:1005:13: return_function: returning to ‘pam_sm_acct_mgmt’ from ‘acquire_user_record’ systemd-259.5/src/home/pam_systemd_home.c:1006:12: branch_false: following ‘false’ branch... systemd-259.5/src/home/pam_systemd_home.c:1009:13: branch_false: ...to here systemd-259.5/src/home/pam_systemd_home.c:1009:13: release_memory: ‘ur’ is NULL systemd-259.5/src/home/pam_systemd_home.c:1013:17: danger: dereference of NULL ‘ur’ # 1011| # 1012| case -ESTALE: # 1013|-> pam_syslog(handle, LOG_WARNING, "User record for '%s' is newer than current system time, assuming incorrect system clock, allowing access.", ur->user_name); # 1014| break; # 1015| Error: COMPILER_WARNING: [#def22] systemd-259.5/src/libc/xattr.c:8:95: warning[warning]: ‘struct xattr_args’ declared inside parameter list will not be visible outside of this definition or declaration # 6| # 7| #if !HAVE_SETXATTRAT # 8|-> int missing_setxattrat(int fd, const char *path, int at_flags, const char *name, const struct xattr_args *args, size_t size) { # 9| return syscall(__NR_setxattrat, fd, path, at_flags, name, args, size); # 10| } Error: GCC_ANALYZER_WARNING (CWE-457): [#def23] systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:255:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*client.ifindex’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:48:5: enter_function: entry to ‘LLVMFuzzerTestOneInput’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:58:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:60:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:62:13: call_function: calling ‘sd_dhcp_client_new’ from ‘LLVMFuzzerTestOneInput’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:62:13: return_function: returning to ‘LLVMFuzzerTestOneInput’ from ‘sd_dhcp_client_new’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:63:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:64:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:64:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:66:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:66:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:68:13: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:68:13: call_function: calling ‘sd_dhcp_client_attach_event’ from ‘LLVMFuzzerTestOneInput’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:68:13: return_function: returning to ‘LLVMFuzzerTestOneInput’ from ‘sd_dhcp_client_attach_event’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:69:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:71:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:71:9: call_function: calling ‘sd_dhcp_client_set_ifindex’ from ‘LLVMFuzzerTestOneInput’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:71:9: return_function: returning to ‘LLVMFuzzerTestOneInput’ from ‘sd_dhcp_client_set_ifindex’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:71:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:72:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:72:9: call_function: calling ‘sd_dhcp_client_set_mac’ from ‘LLVMFuzzerTestOneInput’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:72:9: return_function: returning to ‘LLVMFuzzerTestOneInput’ from ‘sd_dhcp_client_set_mac’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:72:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:74:15: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:74:15: call_function: calling ‘sd_dhcp_client_start’ from ‘LLVMFuzzerTestOneInput’ # 253| assert_return(client, -EINVAL); # 254| # 255|-> r = get_ifname(client->ifindex, &client->ifname); # 256| if (r < 0) # 257| return r; Error: GCC_ANALYZER_WARNING (CWE-416): [#def24] systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:1426:9: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘client’ systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2388:5: enter_function: entry to ‘sd_dhcp_client_send_decline’ systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2393:14: call_function: inlined call to ‘sd_dhcp_client_is_running’ from ‘sd_dhcp_client_send_decline’ systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2393:12: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2396:13: call_function: calling ‘client_message_init’ from ‘sd_dhcp_client_send_decline’ systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2396:13: return_function: returning to ‘sd_dhcp_client_send_decline’ from ‘client_message_init’ systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2397:12: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2400:32: branch_false: ...to here systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2405:12: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2408:13: branch_false: ...to here systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2413:12: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2416:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2420:13: call_function: calling ‘client_restart’ from ‘sd_dhcp_client_send_decline’ # 1424| # 1425| assert(client); # 1426|-> assert(client->event); # 1427| # 1428| (void) event_source_disable(client->timeout_ipv6_only_mode); Error: GCC_ANALYZER_WARNING (CWE-457): [#def25] systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:1426:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*client.event’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:48:5: enter_function: entry to ‘LLVMFuzzerTestOneInput’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:58:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:60:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:62:13: call_function: calling ‘sd_dhcp_client_new’ from ‘LLVMFuzzerTestOneInput’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:62:13: return_function: returning to ‘LLVMFuzzerTestOneInput’ from ‘sd_dhcp_client_new’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:63:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:64:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:64:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:66:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:66:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:68:13: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:68:13: call_function: calling ‘sd_dhcp_client_attach_event’ from ‘LLVMFuzzerTestOneInput’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:68:13: return_function: returning to ‘LLVMFuzzerTestOneInput’ from ‘sd_dhcp_client_attach_event’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:69:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:71:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:71:9: call_function: calling ‘sd_dhcp_client_set_ifindex’ from ‘LLVMFuzzerTestOneInput’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:71:9: return_function: returning to ‘LLVMFuzzerTestOneInput’ from ‘sd_dhcp_client_set_ifindex’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:71:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:72:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:72:9: call_function: calling ‘sd_dhcp_client_set_mac’ from ‘LLVMFuzzerTestOneInput’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:72:9: return_function: returning to ‘LLVMFuzzerTestOneInput’ from ‘sd_dhcp_client_set_mac’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:72:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:74:15: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:74:15: call_function: calling ‘sd_dhcp_client_start’ from ‘LLVMFuzzerTestOneInput’ # 1424| # 1425| assert(client); # 1426|-> assert(client->event); # 1427| # 1428| (void) event_source_disable(client->timeout_ipv6_only_mode); Error: GCC_ANALYZER_WARNING (CWE-416): [#def26] systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2056:31: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘client’ systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2388:5: enter_function: entry to ‘sd_dhcp_client_send_decline’ systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2393:14: call_function: inlined call to ‘sd_dhcp_client_is_running’ from ‘sd_dhcp_client_send_decline’ systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2393:12: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2396:13: call_function: calling ‘client_message_init’ from ‘sd_dhcp_client_send_decline’ systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2396:13: return_function: returning to ‘sd_dhcp_client_send_decline’ from ‘client_message_init’ systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2397:12: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2400:32: branch_false: ...to here systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2405:12: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2408:13: branch_false: ...to here systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2413:12: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2416:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2420:13: call_function: calling ‘client_restart’ from ‘sd_dhcp_client_send_decline’ # 2054| log_dhcp_client(client, "REBOOT in %s", FORMAT_TIMESPAN(client->start_delay, USEC_PER_SEC)); # 2055| # 2056|-> client->start_delay = CLAMP(client->start_delay * 2, # 2057| RESTART_AFTER_NAK_MIN_USEC, RESTART_AFTER_NAK_MAX_USEC); # 2058| return 0; Error: GCC_ANALYZER_WARNING (CWE-457): [#def27] systemd-259.5/src/libsystemd-network/sd-dhcp-client.c:2533:1: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*p.n_ref’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:48:5: enter_function: entry to ‘LLVMFuzzerTestOneInput’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:58:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:60:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:62:13: call_function: calling ‘sd_dhcp_client_new’ from ‘LLVMFuzzerTestOneInput’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:62:13: return_function: returning to ‘LLVMFuzzerTestOneInput’ from ‘sd_dhcp_client_new’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:63:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:64:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:64:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:66:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:66:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:68:13: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:68:13: call_function: calling ‘sd_dhcp_client_attach_event’ from ‘LLVMFuzzerTestOneInput’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:68:13: return_function: returning to ‘LLVMFuzzerTestOneInput’ from ‘sd_dhcp_client_attach_event’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:69:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:71:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:71:9: call_function: calling ‘sd_dhcp_client_set_ifindex’ from ‘LLVMFuzzerTestOneInput’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:71:9: return_function: returning to ‘LLVMFuzzerTestOneInput’ from ‘sd_dhcp_client_set_ifindex’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:71:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:72:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:72:9: call_function: calling ‘sd_dhcp_client_set_mac’ from ‘LLVMFuzzerTestOneInput’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:72:9: return_function: returning to ‘LLVMFuzzerTestOneInput’ from ‘sd_dhcp_client_set_mac’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:72:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:74:15: branch_false: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:74:15: call_function: calling ‘sd_dhcp_client_start’ from ‘LLVMFuzzerTestOneInput’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:74:15: return_function: returning to ‘LLVMFuzzerTestOneInput’ from ‘sd_dhcp_client_start’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:79:13: call_function: calling ‘client_handle_offer_or_rapid_ack’ from ‘LLVMFuzzerTestOneInput’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:79:13: return_function: returning to ‘LLVMFuzzerTestOneInput’ from ‘client_handle_offer_or_rapid_ack’ systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:79:12: branch_true: following ‘true’ branch... systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:80:17: branch_true: ...to here systemd-259.5/src/libsystemd-network/fuzz-dhcp-client.c:92:9: call_function: calling ‘sd_dhcp_client_stop’ from ‘LLVMFuzzerTestOneInput’ # 2531| } # 2532| # 2533|-> DEFINE_TRIVIAL_REF_UNREF_FUNC(sd_dhcp_client, sd_dhcp_client, dhcp_client_free); # 2534| # 2535| int sd_dhcp_client_new(sd_dhcp_client **ret, int anonymize) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def28] systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:125:1: warning[-Wanalyzer-malloc-leak]: leak of ‘lease’ systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:68:5: enter_function: entry to ‘dhcp_server_set_lease’ systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:72:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:73:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:73:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:74:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:74:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:75:9: branch_false: ...to here systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:75:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:78:64: branch_false: ...to here systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:79:12: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:97:17: call_function: inlined call to ‘malloc_multiply’ from ‘dhcp_server_set_lease’ systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:98:12: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:104:30: branch_false: ...to here systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:113:12: branch_true: following ‘true’ branch... systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:114:35: branch_true: ...to here systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:115:20: branch_true: following ‘true’ branch... systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:69:70: call_function: inlined call to ‘sd_dhcp_server_lease_unrefp’ from ‘dhcp_server_set_lease’ systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:69:70: call_function: inlined call to ‘sd_dhcp_server_lease_unrefp’ from ‘dhcp_server_set_lease’ systemd-259.5/src/libsystemd-network/sd-dhcp-server-lease.c:125:1: danger: ‘lease’ leaks here; was allocated at [(13)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/12) # 123| TAKE_PTR(lease); # 124| return 0; # 125|-> } # 126| # 127| int dhcp_server_cleanup_expired_leases(sd_dhcp_server *server) { Error: GCC_ANALYZER_WARNING (CWE-457): [#def29] systemd-259.5/src/libsystemd/sd-json/json-util.c:129:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘n’ systemd-259.5/src/libsystemd/sd-json/json-util.c:120:5: enter_function: entry to ‘json_dispatch_user_group_name’ systemd-259.5/src/libsystemd/sd-json/json-util.c:121:20: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd/sd-json/json-util.c:122:21: branch_false: ...to here systemd-259.5/src/libsystemd/sd-json/json-util.c:125:13: call_function: calling ‘json_dispatch_const_user_group_name’ from ‘json_dispatch_user_group_name’ systemd-259.5/src/libsystemd/sd-json/json-util.c:125:13: return_function: returning to ‘json_dispatch_user_group_name’ from ‘json_dispatch_const_user_group_name’ systemd-259.5/src/libsystemd/sd-json/json-util.c:126:12: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd/sd-json/json-util.c:129:13: branch_false: ...to here systemd-259.5/src/libsystemd/sd-json/json-util.c:129:13: danger: use of uninitialized value ‘n’ here # 127| return r; # 128| # 129|-> r = free_and_strdup(s, n); # 130| if (r < 0) # 131| return json_log(variant, flags, r, "Failed to allocate string: %m"); Error: GCC_ANALYZER_WARNING (CWE-457): [#def30] systemd-259.5/src/libsystemd/sd-json/json-util.c:237:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘path’ systemd-259.5/src/libsystemd/sd-json/json-util.c:226:5: enter_function: entry to ‘json_dispatch_path’ systemd-259.5/src/libsystemd/sd-json/json-util.c:227:20: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd/sd-json/json-util.c:228:21: branch_false: ...to here systemd-259.5/src/libsystemd/sd-json/json-util.c:231:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd/sd-json/json-util.c:233:13: branch_false: ...to here systemd-259.5/src/libsystemd/sd-json/json-util.c:233:13: call_function: calling ‘json_dispatch_const_path’ from ‘json_dispatch_path’ systemd-259.5/src/libsystemd/sd-json/json-util.c:233:13: return_function: returning to ‘json_dispatch_path’ from ‘json_dispatch_const_path’ systemd-259.5/src/libsystemd/sd-json/json-util.c:234:12: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd/sd-json/json-util.c:237:13: branch_false: ...to here systemd-259.5/src/libsystemd/sd-json/json-util.c:237:13: danger: use of uninitialized value ‘path’ here # 235| return r; # 236| # 237|-> if (free_and_strdup(p, path) < 0) # 238| return json_log_oom(variant, flags); # 239| Error: GCC_ANALYZER_WARNING (CWE-457): [#def31] systemd-259.5/src/libsystemd/sd-json/json-util.c:265:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘a’ systemd-259.5/src/libsystemd/sd-json/json-util.c:243:5: enter_function: entry to ‘json_dispatch_strv_path’ systemd-259.5/src/libsystemd/sd-json/json-util.c:245:21: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd/sd-json/json-util.c:248:9: branch_false: ...to here systemd-259.5/src/libsystemd/sd-json/json-util.c:248:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd/sd-json/json-util.c:250:13: branch_false: ...to here systemd-259.5/src/libsystemd/sd-json/json-util.c:250:12: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd/sd-json/json-util.c:255:14: branch_false: ...to here systemd-259.5/src/libsystemd/sd-json/json-util.c:255:12: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd/sd-json/json-util.c:255:12: branch_false: ...to here systemd-259.5/src/libsystemd/sd-json/json-util.c:259:9: branch_true: following ‘true’ branch... systemd-259.5/src/libsystemd/sd-json/json-util.c:261:21: call_function: calling ‘json_dispatch_const_path’ from ‘json_dispatch_strv_path’ systemd-259.5/src/libsystemd/sd-json/json-util.c:261:21: return_function: returning to ‘json_dispatch_strv_path’ from ‘json_dispatch_const_path’ systemd-259.5/src/libsystemd/sd-json/json-util.c:262:20: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd/sd-json/json-util.c:265:21: branch_false: ...to here systemd-259.5/src/libsystemd/sd-json/json-util.c:265:21: danger: use of uninitialized value ‘a’ here # 263| return r; # 264| # 265|-> r = strv_extend(&n, a); # 266| if (r < 0) # 267| return json_log_oom(variant, flags); Error: GCC_ANALYZER_WARNING (CWE-457): [#def32] systemd-259.5/src/libsystemd/sd-json/json-util.c:303:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘filename’ systemd-259.5/src/libsystemd/sd-json/json-util.c:292:5: enter_function: entry to ‘json_dispatch_filename’ systemd-259.5/src/libsystemd/sd-json/json-util.c:293:20: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd/sd-json/json-util.c:294:21: branch_false: ...to here systemd-259.5/src/libsystemd/sd-json/json-util.c:297:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd/sd-json/json-util.c:299:13: branch_false: ...to here systemd-259.5/src/libsystemd/sd-json/json-util.c:299:13: call_function: calling ‘json_dispatch_const_filename’ from ‘json_dispatch_filename’ systemd-259.5/src/libsystemd/sd-json/json-util.c:299:13: return_function: returning to ‘json_dispatch_filename’ from ‘json_dispatch_const_filename’ systemd-259.5/src/libsystemd/sd-json/json-util.c:300:12: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd/sd-json/json-util.c:303:13: branch_false: ...to here systemd-259.5/src/libsystemd/sd-json/json-util.c:303:13: danger: use of uninitialized value ‘filename’ here # 301| return r; # 302| # 303|-> if (free_and_strdup(n, filename) < 0) # 304| return json_log_oom(variant, flags); # 305| Error: GCC_ANALYZER_WARNING (CWE-457): [#def33] systemd-259.5/src/libsystemd/sd-json/json-util.c:341:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘version’ systemd-259.5/src/libsystemd/sd-json/json-util.c:330:5: enter_function: entry to ‘json_dispatch_version’ systemd-259.5/src/libsystemd/sd-json/json-util.c:331:20: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd/sd-json/json-util.c:332:21: branch_false: ...to here systemd-259.5/src/libsystemd/sd-json/json-util.c:335:9: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd/sd-json/json-util.c:337:13: branch_false: ...to here systemd-259.5/src/libsystemd/sd-json/json-util.c:337:13: call_function: calling ‘json_dispatch_const_version’ from ‘json_dispatch_version’ systemd-259.5/src/libsystemd/sd-json/json-util.c:337:13: return_function: returning to ‘json_dispatch_version’ from ‘json_dispatch_const_version’ systemd-259.5/src/libsystemd/sd-json/json-util.c:338:12: branch_false: following ‘false’ branch... systemd-259.5/src/libsystemd/sd-json/json-util.c:341:13: branch_false: ...to here systemd-259.5/src/libsystemd/sd-json/json-util.c:341:13: danger: use of uninitialized value ‘version’ here # 339| return r; # 340| # 341|-> if (free_and_strdup(n, version) < 0) # 342| return json_log_oom(variant, flags); # 343| Error: GCC_ANALYZER_WARNING (CWE-457): [#def34] systemd-259.5/src/login/logind-varlink.c:324:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘peer_session’ systemd-259.5/src/login/logind-varlink.c:297:12: enter_function: entry to ‘vl_method_release_session’ systemd-259.5/src/login/logind-varlink.c:298:22: branch_false: following ‘false’ branch... systemd-259.5/src/login/logind-varlink.c:303:11: branch_false: ...to here systemd-259.5/src/login/logind-varlink.c:311:12: branch_false: following ‘false’ branch... systemd-259.5/src/login/logind-varlink.c:314:18: branch_false: ...to here systemd-259.5/src/login/logind-varlink.c:315:13: call_function: calling ‘manager_varlink_get_session_by_name’ from ‘vl_method_release_session’ systemd-259.5/src/login/logind-varlink.c:315:13: return_function: returning to ‘vl_method_release_session’ from ‘manager_varlink_get_session_by_name’ systemd-259.5/src/login/logind-varlink.c:316:12: branch_false: following ‘false’ branch... systemd-259.5/src/login/logind-varlink.c:319:18: branch_false: ...to here systemd-259.5/src/login/logind-varlink.c:320:13: call_function: calling ‘manager_varlink_get_session_by_peer’ from ‘vl_method_release_session’ systemd-259.5/src/login/logind-varlink.c:320:13: return_function: returning to ‘vl_method_release_session’ from ‘manager_varlink_get_session_by_peer’ systemd-259.5/src/login/logind-varlink.c:321:12: branch_false: following ‘false’ branch... systemd-259.5/src/login/logind-varlink.c:324:13: branch_false: ...to here systemd-259.5/src/login/logind-varlink.c:324:13: danger: use of uninitialized value ‘peer_session’ here # 322| return r; # 323| # 324|-> if (session != peer_session) # 325| return sd_varlink_error(link, SD_VARLINK_ERROR_PERMISSION_DENIED, /* parameters= */ NULL); # 326| Error: GCC_ANALYZER_WARNING (CWE-457): [#def35] systemd-259.5/src/machine/machine-varlink.c:565:28: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘machine’ systemd-259.5/src/machine/machine-varlink.c:503:5: enter_function: entry to ‘vl_method_open’ systemd-259.5/src/machine/machine-varlink.c:515:28: branch_false: following ‘false’ branch... systemd-259.5/src/machine/machine-varlink.c:517:71: branch_false: ...to here systemd-259.5/src/machine/machine-varlink.c:528:9: branch_false: following ‘false’ branch... systemd-259.5/src/machine/machine-varlink.c:529:9: branch_false: ...to here systemd-259.5/src/machine/machine-varlink.c:529:9: branch_false: following ‘false’ branch... systemd-259.5/src/machine/machine-varlink.c:531:13: branch_false: ...to here systemd-259.5/src/machine/machine-varlink.c:532:12: branch_false: following ‘false’ branch... systemd-259.5/src/machine/machine-varlink.c:535:13: branch_false: ...to here systemd-259.5/src/machine/machine-varlink.c:535:12: branch_false: following ‘false’ branch... systemd-259.5/src/machine/machine-varlink.c:551:13: branch_false: ...to here systemd-259.5/src/machine/machine-varlink.c:551:13: call_function: calling ‘lookup_machine_by_name_or_pidref’ from ‘vl_method_open’ systemd-259.5/src/machine/machine-varlink.c:551:13: return_function: returning to ‘vl_method_open’ from ‘lookup_machine_by_name_or_pidref’ systemd-259.5/src/machine/machine-varlink.c:552:12: branch_false: following ‘false’ branch... systemd-259.5/src/machine/machine-varlink.c:554:12: branch_false: ...to here systemd-259.5/src/machine/machine-varlink.c:554:12: branch_false: following ‘false’ branch... systemd-259.5/src/machine/machine-varlink.c:557:13: branch_false: ...to here systemd-259.5/src/machine/machine-varlink.c:557:12: branch_true: following ‘true’ branch... systemd-259.5/src/machine/machine-varlink.c:565:28: branch_true: ...to here systemd-259.5/src/machine/machine-varlink.c:565:28: danger: use of uninitialized value ‘machine’ here # 563| * and the caller's do not match, authorization will be required. It's only the case where the # 564| * caller owns the machine that will be shortcut and needs to be checked here. */ # 565|-> if (machine->uid != 0 && machine->class != MACHINE_HOST) { # 566| r = pidref_in_same_namespace(&PIDREF_MAKE_FROM_PID(1), &machine->leader, NAMESPACE_USER); # 567| if (r < 0) Error: GCC_ANALYZER_WARNING (CWE-457): [#def36] systemd-259.5/src/nsresourced/userns-registry.c:113:29: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*cg’ systemd-259.5/src/nsresourced/userns-registry.c:87:12: enter_function: entry to ‘dispatch_cgroups_array’ systemd-259.5/src/nsresourced/userns-registry.c:88:35: branch_false: following ‘false’ branch... systemd-259.5/src/nsresourced/userns-registry.c:92:13: branch_false: ...to here systemd-259.5/src/nsresourced/userns-registry.c:92:12: branch_false: following ‘false’ branch... systemd-259.5/src/nsresourced/userns-registry.c:98:14: branch_false: ...to here systemd-259.5/src/nsresourced/userns-registry.c:98:12: branch_false: following ‘false’ branch... systemd-259.5/src/nsresourced/userns-registry.c:101:19: branch_false: ...to here systemd-259.5/src/nsresourced/userns-registry.c:101:19: call_function: calling ‘malloc_multiply’ from ‘dispatch_cgroups_array’ systemd-259.5/src/nsresourced/userns-registry.c:101:19: return_function: returning to ‘dispatch_cgroups_array’ from ‘malloc_multiply’ systemd-259.5/src/nsresourced/userns-registry.c:102:12: branch_false: following ‘false’ branch... systemd-259.5/src/nsresourced/userns-registry.c:102:12: branch_false: ...to here systemd-259.5/src/nsresourced/userns-registry.c:106:9: branch_true: following ‘true’ branch... systemd-259.5/src/nsresourced/userns-registry.c:109:20: branch_false: following ‘false’ branch... systemd-259.5/src/nsresourced/userns-registry.c:112:17: branch_false: ...to here systemd-259.5/src/nsresourced/userns-registry.c:112:17: branch_false: following ‘false’ branch (when ‘n_cgroups == 0’)... systemd-259.5/src/nsresourced/userns-registry.c:112:17: branch_false: ...to here systemd-259.5/src/nsresourced/userns-registry.c:112:17: branch_true: following ‘true’ branch... systemd-259.5/src/nsresourced/userns-registry.c:113:29: branch_true: ...to here systemd-259.5/src/nsresourced/userns-registry.c:113:29: danger: use of uninitialized value ‘*cg’ here # 111| # 112| FOREACH_ARRAY(cg, cgroups, n_cgroups) # 113|-> if (*cg == sd_json_variant_unsigned(e)) { # 114| found = true; # 115| break; Error: GCC_ANALYZER_WARNING (CWE-1335): [#def37] systemd-259.5/src/pcrextend/pcrextend.c:247:45: warning[-Wanalyzer-shift-count-overflow]: shift by count (‘4294967295’) >= precision of type (‘32’) systemd-259.5/src/pcrextend/pcrextend.c:553:1: enter_function: entry to ‘main’ systemd-259.5/src/pcrextend/pcrextend.c:553:1: call_function: calling ‘run’ from ‘main’ # 245| return 0; # 246| # 247|-> r = tpm2_get_good_pcr_banks_strv(c, UINT32_C(1) << target_pcr_nr, &l); # 248| if (r < 0) # 249| return log_error_errno(r, "Could not verify pcr banks: %m"); Error: GCC_ANALYZER_WARNING (CWE-476): [#def38] systemd-259.5/src/portable/portable.c:683:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘os_release’ systemd-259.5/src/portable/portable.c:1632:5: enter_function: entry to ‘portable_attach’ systemd-259.5/src/portable/portable.c:1646:63: release_memory: ‘os_release’ is NULL systemd-259.5/src/portable/portable.c:1654:9: branch_false: following ‘false’ branch... systemd-259.5/src/portable/portable.c:1662:62: branch_false: ...to here systemd-259.5/src/portable/portable.c:1656:13: call_function: calling ‘extract_image_and_extensions’ from ‘portable_attach’ # 681| _cleanup_free_ char *prefixes = NULL; # 682| # 683|-> r = parse_env_file_fd(os_release->fd, os_release->name, # 684| "ID", &id, # 685| "ID_LIKE", &id_like, Error: GCC_ANALYZER_WARNING (CWE-121): [#def39] systemd-259.5/src/portable/portable.c:1798:39: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow systemd-259.5/src/portable/portable.c:1756:13: enter_function: entry to ‘marker_matches_images’ systemd-259.5/src/portable/portable.c:1760:9: branch_false: following ‘false’ branch... systemd-259.5/src/portable/portable.c:1761:9: branch_false: ...to here systemd-259.5/src/portable/portable.c:1761:9: branch_false: following ‘false’ branch... systemd-259.5/src/portable/portable.c:1771:31: branch_false: ...to here systemd-259.5/src/portable/portable.c:1772:12: branch_false: following ‘false’ branch... systemd-259.5/src/portable/portable.c:1775:13: branch_false: ...to here systemd-259.5/src/portable/portable.c:1776:12: branch_false: following ‘false’ branch... systemd-259.5/src/portable/portable.c:1776:12: branch_false: ...to here systemd-259.5/src/portable/portable.c:1786:28: branch_false: following ‘false’ branch... systemd-259.5/src/portable/portable.c:1788:28: branch_false: ...to here systemd-259.5/src/portable/portable.c:1788:28: branch_false: following ‘false’ branch... systemd-259.5/src/portable/portable.c:1791:29: branch_false: ...to here systemd-259.5/src/portable/portable.c:1792:28: branch_false: following ‘false’ branch... systemd-259.5/src/portable/portable.c:1798:39: branch_false: ...to here systemd-259.5/src/portable/portable.c:1798:39: branch_true: following ‘true’ branch... systemd-259.5/src/portable/portable.c:1798:39: danger: out-of-bounds write from byte 84 till byte 87 but ‘<U2000>’ ends at byte 80 # 1796| /* toplevel_fd= */ AT_FDCWD, # 1797| *image_name_or_path, # 1798|-> pick_filter_image_any, # 1799| ELEMENTSOF(pick_filter_image_any), # 1800| PICK_ARCHITECTURE|PICK_TRIES|PICK_RESOLVE, Error: CPPCHECK_WARNING (CWE-457): [#def40] systemd-259.5/src/resolve/resolvectl.c:1648: error[uninitvar]: Uninitialized variable: &pos1 # 1646| # 1647| if (ifname) # 1648|-> printf("%s%nLink %i (%s)%n%s:", ansi_highlight(), &pos1, ifindex, ifname, &pos2, ansi_normal()); # 1649| else if (delegate_id) # 1650| printf("%s%nDelegate %s%n%s:", ansi_highlight(), &pos1, delegate_id, &pos2, ansi_normal()); Error: CPPCHECK_WARNING (CWE-457): [#def41] systemd-259.5/src/resolve/resolvectl.c:1648: error[uninitvar]: Uninitialized variable: &pos2 # 1646| # 1647| if (ifname) # 1648|-> printf("%s%nLink %i (%s)%n%s:", ansi_highlight(), &pos1, ifindex, ifname, &pos2, ansi_normal()); # 1649| else if (delegate_id) # 1650| printf("%s%nDelegate %s%n%s:", ansi_highlight(), &pos1, delegate_id, &pos2, ansi_normal()); Error: CPPCHECK_WARNING (CWE-476): [#def42] systemd-259.5/src/resolve/resolvectl.c:4579: error[ctunullpointer]: Null pointer dereference: args # 4577| if (single_arg) # 4578| *p++ = (char *) single_arg; # 4579|-> FOREACH_ARRAY(arg, args, num_args) # 4580| *p++ = *arg; # 4581| Error: CPPCHECK_WARNING (CWE-401): [#def43] systemd-259.5/src/resolve/resolved-dnssd.c:353: error[memleak]: Memory leak: i # 351| *ret_item = TAKE_PTR(i); # 352| # 353|-> return 0; # 354| } # 355| Error: CPPCHECK_WARNING (CWE-401): [#def44] systemd-259.5/src/resolve/resolved-dnssd.c:378: error[memleak]: Memory leak: i # 376| *ret_item = TAKE_PTR(i); # 377| # 378|-> return 0; # 379| } # 380| Error: GCC_ANALYZER_WARNING (CWE-688): [#def45] systemd-259.5/src/resolve/resolved-dnstls.c:337:17: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected systemd-259.5/src/resolve/resolved-dnstls.c:319:9: enter_function: entry to ‘dnstls_stream_writev’ systemd-259.5/src/resolve/resolved-dnstls.c:323:9: branch_false: following ‘false’ branch... systemd-259.5/src/resolve/resolved-dnstls.c:324:9: branch_false: ...to here systemd-259.5/src/resolve/resolved-dnstls.c:324:9: branch_false: following ‘false’ branch... systemd-259.5/src/resolve/resolved-dnstls.c:325:9: branch_false: ...to here systemd-259.5/src/resolve/resolved-dnstls.c:325:9: branch_false: following ‘false’ branch... systemd-259.5/src/resolve/resolved-dnstls.c:326:9: branch_false: ...to here systemd-259.5/src/resolve/resolved-dnstls.c:326:9: branch_false: following ‘false’ branch... systemd-259.5/src/resolve/resolved-dnstls.c:327:9: branch_false: ...to here systemd-259.5/src/resolve/resolved-dnstls.c:327:9: branch_false: following ‘false’ branch... systemd-259.5/src/resolve/resolved-dnstls.c:329:12: branch_false: ...to here systemd-259.5/src/resolve/resolved-dnstls.c:329:12: branch_false: following ‘false’ branch (when ‘iovcnt != 1’)... systemd-259.5/src/resolve/resolved-dnstls.c:334:17: branch_false: ...to here systemd-259.5/src/resolve/resolved-dnstls.c:335:15: call_function: calling ‘malloc_multiply’ from ‘dnstls_stream_writev’ systemd-259.5/src/resolve/resolved-dnstls.c:335:15: return_function: returning to ‘dnstls_stream_writev’ from ‘malloc_multiply’ systemd-259.5/src/resolve/resolved-dnstls.c:336:37: branch_true: following ‘true’ branch (when ‘i < iovcnt’)... systemd-259.5/src/resolve/resolved-dnstls.c:337:55: branch_true: ...to here systemd-259.5/src/resolve/resolved-dnstls.c:337:24: release_memory: using NULL here systemd-259.5/src/resolve/resolved-dnstls.c:337:17: danger: argument 1 (‘malloc_multiply(iovec_total_size(iov, iovcnt), 1) + pos’) NULL where non-null expected # 335| buf = new(char, count); # 336| for (size_t i = 0, pos = 0; i < iovcnt; pos += iov[i].iov_len, i++) # 337|-> memcpy(buf + pos, iov[i].iov_base, iov[i].iov_len); # 338| # 339| return dnstls_stream_write(stream, buf, count); Error: GCC_ANALYZER_WARNING (CWE-688): [#def46] systemd-259.5/src/resolve/resolved-dnstls.c:337:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘malloc_multiply(iovec_total_size(iov, iovcnt), 1)’ where non-null expected systemd-259.5/src/resolve/resolved-dnstls.c:319:9: enter_function: entry to ‘dnstls_stream_writev’ systemd-259.5/src/resolve/resolved-dnstls.c:323:9: branch_false: following ‘false’ branch... systemd-259.5/src/resolve/resolved-dnstls.c:324:9: branch_false: ...to here systemd-259.5/src/resolve/resolved-dnstls.c:324:9: branch_false: following ‘false’ branch... systemd-259.5/src/resolve/resolved-dnstls.c:325:9: branch_false: ...to here systemd-259.5/src/resolve/resolved-dnstls.c:325:9: branch_false: following ‘false’ branch... systemd-259.5/src/resolve/resolved-dnstls.c:326:9: branch_false: ...to here systemd-259.5/src/resolve/resolved-dnstls.c:326:9: branch_false: following ‘false’ branch... systemd-259.5/src/resolve/resolved-dnstls.c:327:9: branch_false: ...to here systemd-259.5/src/resolve/resolved-dnstls.c:327:9: branch_false: following ‘false’ branch... systemd-259.5/src/resolve/resolved-dnstls.c:329:12: branch_false: ...to here systemd-259.5/src/resolve/resolved-dnstls.c:329:12: branch_false: following ‘false’ branch (when ‘iovcnt != 1’)... systemd-259.5/src/resolve/resolved-dnstls.c:334:17: branch_false: ...to here systemd-259.5/src/resolve/resolved-dnstls.c:335:15: call_function: calling ‘malloc_multiply’ from ‘dnstls_stream_writev’ systemd-259.5/src/resolve/resolved-dnstls.c:335:15: return_function: returning to ‘dnstls_stream_writev’ from ‘malloc_multiply’ systemd-259.5/src/resolve/resolved-dnstls.c:336:37: branch_true: following ‘true’ branch (when ‘i < iovcnt’)... systemd-259.5/src/resolve/resolved-dnstls.c:337:55: branch_true: ...to here systemd-259.5/src/resolve/resolved-dnstls.c:337:17: danger: argument 1 (‘malloc_multiply(iovec_total_size(iov, iovcnt), 1) + pos’) from [(16)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/15) could be NULL where non-null expected # 335| buf = new(char, count); # 336| for (size_t i = 0, pos = 0; i < iovcnt; pos += iov[i].iov_len, i++) # 337|-> memcpy(buf + pos, iov[i].iov_base, iov[i].iov_len); # 338| # 339| return dnstls_stream_write(stream, buf, count); Error: GCC_ANALYZER_WARNING (CWE-476): [#def47] systemd-259.5/src/sbsign/sbsign.c:597:34: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘si’ systemd-259.5/src/sbsign/sbsign.c:441:12: enter_function: entry to ‘verb_sign’ systemd-259.5/src/sbsign/sbsign.c:449:12: branch_false: following ‘false’ branch (when ‘argc > 1’)... systemd-259.5/src/sbsign/sbsign.c:452:13: branch_false: ...to here systemd-259.5/src/sbsign/sbsign.c:452:12: branch_false: following ‘false’ branch... systemd-259.5/src/sbsign/sbsign.c:456:13: branch_false: ...to here systemd-259.5/src/sbsign/sbsign.c:460:12: branch_false: following ‘false’ branch... systemd-259.5/src/sbsign/sbsign.c:463:13: branch_false: ...to here systemd-259.5/src/sbsign/sbsign.c:474:12: branch_false: following ‘false’ branch... systemd-259.5/src/sbsign/sbsign.c:477:13: branch_false: ...to here systemd-259.5/src/sbsign/sbsign.c:477:12: branch_true: following ‘true’ branch... systemd-259.5/src/sbsign/sbsign.c:478:21: branch_true: ...to here systemd-259.5/src/sbsign/sbsign.c:498:20: branch_false: following ‘false’ branch... systemd-259.5/src/sbsign/sbsign.c:738:1: branch_false: ...to here systemd-259.5/src/sbsign/sbsign.c:502:12: branch_true: following ‘true’ branch... systemd-259.5/src/sbsign/sbsign.c:503:38: branch_true: ...to here systemd-259.5/src/sbsign/sbsign.c:507:20: branch_false: following ‘false’ branch... systemd-259.5/src/sbsign/sbsign.c:510:32: branch_false: ...to here systemd-259.5/src/sbsign/sbsign.c:511:20: branch_false: following ‘false’ branch... systemd-259.5/src/sbsign/sbsign.c:503:38: call_function: inlined call to ‘freep’ from ‘verb_sign’ systemd-259.5/src/sbsign/sbsign.c:516:12: branch_true: following ‘true’ branch... systemd-259.5/src/sbsign/sbsign.c:517:38: branch_true: ...to here systemd-259.5/src/sbsign/sbsign.c:521:20: branch_false: following ‘false’ branch... systemd-259.5/src/sbsign/sbsign.c:524:47: branch_false: ...to here systemd-259.5/src/sbsign/sbsign.c:528:12: branch_false: following ‘false’ branch... systemd-259.5/src/sbsign/sbsign.c:531:21: branch_false: ...to here systemd-259.5/src/sbsign/sbsign.c:532:12: branch_false: following ‘false’ branch... systemd-259.5/src/sbsign/sbsign.c:535:13: branch_false: ...to here systemd-259.5/src/sbsign/sbsign.c:536:12: branch_false: following ‘false’ branch... systemd-259.5/src/sbsign/sbsign.c:539:43: branch_false: ...to here systemd-259.5/src/sbsign/sbsign.c:541:12: branch_false: following ‘false’ branch... systemd-259.5/src/sbsign/sbsign.c:544:13: branch_false: ...to here systemd-259.5/src/sbsign/sbsign.c:551:12: branch_false: following ‘false’ branch... systemd-259.5/src/sbsign/sbsign.c:554:33: branch_false: ...to here systemd-259.5/src/sbsign/sbsign.c:556:13: call_function: calling ‘spc_indirect_data_content_new’ from ‘verb_sign’ systemd-259.5/src/sbsign/sbsign.c:556:13: return_function: returning to ‘verb_sign’ from ‘spc_indirect_data_content_new’ systemd-259.5/src/sbsign/sbsign.c:557:12: branch_false: following ‘false’ branch... systemd-259.5/src/sbsign/sbsign.c:560:39: branch_false: ...to here systemd-259.5/src/sbsign/sbsign.c:561:28: release_memory: ‘si’ is NULL systemd-259.5/src/sbsign/sbsign.c:562:13: call_function: calling ‘pkcs7_new_with_attributes’ from ‘verb_sign’ systemd-259.5/src/sbsign/sbsign.c:562:13: return_function: returning to ‘verb_sign’ from ‘pkcs7_new_with_attributes’ systemd-259.5/src/sbsign/sbsign.c:563:12: branch_false: following ‘false’ branch... systemd-259.5/src/sbsign/sbsign.c:566:9: branch_false: ...to here systemd-259.5/src/sbsign/sbsign.c:568:12: branch_false: following ‘false’ branch... systemd-259.5/src/sbsign/sbsign.c:596:13: call_function: inlined call to ‘iovec_is_set’ from ‘verb_sign’ systemd-259.5/src/sbsign/sbsign.c:597:36: release_memory: ‘si’ is NULL systemd-259.5/src/sbsign/sbsign.c:597:34: danger: dereference of NULL ‘si’ # 595| # 596| if (iovec_is_set(&signed_attributes_signature)) # 597|-> ASN1_STRING_set0(si->enc_digest, TAKE_PTR(signed_attributes_signature.iov_base), signed_attributes_signature.iov_len); # 598| else { # 599| _cleanup_(BIO_free_allp) BIO *bio = NULL; Error: GCC_ANALYZER_WARNING (CWE-688): [#def48] systemd-259.5/src/shared/bootspec.c:347:22: warning[-Wanalyzer-null-argument]: use of NULL ‘esp_where’ where non-null expected systemd-259.5/src/shared/bootspec.c:1535:5: enter_function: entry to ‘boot_config_load_auto’ systemd-259.5/src/shared/bootspec.c:1540:30: release_memory: ‘esp_where’ is NULL systemd-259.5/src/shared/bootspec.c:1540:49: release_memory: ‘esp_where’ is NULL systemd-259.5/src/shared/bootspec.c:1544:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/bootspec.c:1553:13: branch_false: ...to here systemd-259.5/src/shared/bootspec.c:1553:12: branch_true: following ‘true’ branch... systemd-259.5/src/shared/bootspec.c:1554:21: branch_true: ...to here systemd-259.5/src/shared/bootspec.c:1554:20: branch_true: following ‘true’ branch... systemd-259.5/src/shared/bootspec.c:1555:32: branch_true: ...to here systemd-259.5/src/shared/bootspec.c:1555:32: call_function: calling ‘boot_config_load’ from ‘boot_config_load_auto’ # 345| return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid loader entry file suffix: %s", fname); # 346| # 347|-> tmp.id_old = strndup(tmp.id, c - tmp.id); /* Without .conf suffix */ # 348| if (!tmp.id_old) # 349| return log_oom(); Error: GCC_ANALYZER_WARNING (CWE-401): [#def49] systemd-259.5/src/shared/bootspec.c:1159:21: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(path_extend_internal(0, full, &*de.d_name, 18446744073709551615))’ systemd-259.5/src/shared/bootspec.c:1535:5: enter_function: entry to ‘boot_config_load_auto’ systemd-259.5/src/shared/bootspec.c:1544:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/bootspec.c:1553:13: branch_false: ...to here systemd-259.5/src/shared/bootspec.c:1553:12: branch_true: following ‘true’ branch... systemd-259.5/src/shared/bootspec.c:1554:21: branch_true: ...to here systemd-259.5/src/shared/bootspec.c:1554:20: branch_true: following ‘true’ branch... systemd-259.5/src/shared/bootspec.c:1555:32: branch_true: ...to here systemd-259.5/src/shared/bootspec.c:1555:32: call_function: calling ‘boot_config_load’ from ‘boot_config_load_auto’ # 1157| return log_oom(); # 1158| # 1159|-> r = insert_boot_entry_addon(&addons, location, cmdline); # 1160| if (r < 0) # 1161| return r; Error: GCC_ANALYZER_WARNING (CWE-401): [#def50] systemd-259.5/src/shared/bootspec.c:1617:17: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(*__unique_prefix_i36)’ systemd-259.5/src/shared/bootspec.c:1577:5: enter_function: entry to ‘boot_config_augment_from_loader’ systemd-259.5/src/shared/bootspec.c:1595:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/bootspec.c:1595:9: branch_false: ...to here systemd-259.5/src/shared/bootspec.c:1600:9: branch_true: following ‘true’ branch... systemd-259.5/src/shared/bootspec.c:1604:28: call_function: calling ‘boot_config_find_entry’ from ‘boot_config_augment_from_loader’ systemd-259.5/src/shared/bootspec.c:1604:28: return_function: returning to ‘boot_config_augment_from_loader’ from ‘boot_config_find_entry’ systemd-259.5/src/shared/bootspec.c:1605:20: branch_false: following ‘false’ branch... systemd-259.5/src/shared/bootspec.c:1610:20: branch_false: ...to here systemd-259.5/src/shared/bootspec.c:1613:21: acquire_memory: allocated here systemd-259.5/src/shared/bootspec.c:1614:20: branch_false: following ‘false’ branch... systemd-259.5/src/shared/bootspec.c:1614:20: branch_false: ...to here systemd-259.5/src/shared/bootspec.c:1617:17: branch_true: following ‘true’ branch... systemd-259.5/src/shared/bootspec.c:1620:36: branch_false: following ‘false’ branch... systemd-259.5/src/shared/bootspec.c:1625:21: branch_false: ...to here systemd-259.5/src/shared/bootspec.c:1626:20: branch_false: following ‘false’ branch... systemd-259.5/src/shared/bootspec.c:1629:22: branch_false: ...to here systemd-259.5/src/shared/bootspec.c:1629:20: branch_false: following ‘false’ branch... systemd-259.5/src/shared/bootspec.c:1632:17: branch_false: ...to here systemd-259.5/src/shared/bootspec.c:1617:17: danger: ‘strdup(*__unique_prefix_i36)’ leaks here; was allocated at [(15)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/14) # 1615| return log_oom(); # 1616| # 1617|-> STRV_FOREACH_PAIR(a, b, title_table) # 1618| if (streq(*a, *i)) { # 1619| t = strdup(*b); Error: GCC_ANALYZER_WARNING (CWE-476): [#def51] systemd-259.5/src/shared/discover-image.c:1130:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ systemd-259.5/src/shared/discover-image.c:937:5: enter_function: entry to ‘image_discover’ systemd-259.5/src/shared/discover-image.c:948:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/discover-image.c:949:9: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:949:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/discover-image.c:950:9: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:950:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/discover-image.c:951:9: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:951:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/discover-image.c:953:36: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:954:13: call_function: calling ‘pick_image_search_path’ from ‘image_discover’ systemd-259.5/src/shared/discover-image.c:954:13: return_function: returning to ‘image_discover’ from ‘pick_image_search_path’ systemd-259.5/src/shared/discover-image.c:955:12: branch_false: following ‘false’ branch... systemd-259.5/src/shared/discover-image.c:958:9: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:1118:12: branch_true: following ‘true’ branch... systemd-259.5/src/shared/discover-image.c:1118:73: branch_true: ...to here systemd-259.5/src/shared/discover-image.c:1118:13: branch_false: following ‘false’ branch... systemd-259.5/src/shared/discover-image.c:1119:48: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:1119:48: release_memory: ‘image’ is NULL systemd-259.5/src/shared/discover-image.c:1121:21: call_function: calling ‘image_make’ from ‘image_discover’ systemd-259.5/src/shared/discover-image.c:1121:21: return_function: returning to ‘image_discover’ from ‘image_make’ systemd-259.5/src/shared/discover-image.c:1127:20: branch_false: following ‘false’ branch... systemd-259.5/src/shared/discover-image.c:1130:22: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:1130:22: release_memory: ‘image’ is NULL systemd-259.5/src/shared/discover-image.c:1130:17: danger: dereference of NULL ‘image’ # 1128| return r; # 1129| # 1130|-> image->discoverable = true; # 1131| # 1132| r = hashmap_ensure_put(images, &image_hash_ops, image->name, image); Error: GCC_ANALYZER_WARNING (CWE-401): [#def52] systemd-259.5/src/shared/discover-image.c:1140:1: warning[-Wanalyzer-malloc-leak]: leak of ‘suffix’ systemd-259.5/src/shared/discover-image.c:937:5: enter_function: entry to ‘image_discover’ systemd-259.5/src/shared/discover-image.c:948:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/discover-image.c:949:9: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:949:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/discover-image.c:950:9: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:950:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/discover-image.c:951:9: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:951:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/discover-image.c:953:36: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:954:13: call_function: calling ‘pick_image_search_path’ from ‘image_discover’ systemd-259.5/src/shared/discover-image.c:954:13: return_function: returning to ‘image_discover’ from ‘pick_image_search_path’ systemd-259.5/src/shared/discover-image.c:955:12: branch_false: following ‘false’ branch... systemd-259.5/src/shared/discover-image.c:958:9: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:958:9: branch_true: following ‘true’ branch... systemd-259.5/src/shared/discover-image.c:965:20: branch_false: following ‘false’ branch... systemd-259.5/src/shared/discover-image.c:968:17: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:968:17: branch_false: following ‘false’ branch (when ‘de’ is non-NULL)... systemd-259.5/src/shared/discover-image.c:969:46: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:977:28: branch_false: following ‘false’ branch... systemd-259.5/src/shared/discover-image.c:984:37: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:985:28: branch_false: following ‘false’ branch... systemd-259.5/src/shared/discover-image.c:988:29: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:988:28: branch_false: following ‘false’ branch... systemd-259.5/src/shared/discover-image.c:999:35: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:999:35: branch_true: following ‘true’ branch... systemd-259.5/src/shared/discover-image.c:1002:37: branch_true: ...to here systemd-259.5/src/shared/discover-image.c:1003:36: branch_true: following ‘true’ branch... systemd-259.5/src/shared/discover-image.c:1004:62: branch_true: ...to here systemd-259.5/src/shared/discover-image.c:1007:44: branch_false: following ‘false’ branch... systemd-259.5/src/shared/discover-image.c:1013:57: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:1010:45: call_function: calling ‘extract_image_basename’ from ‘image_discover’ systemd-259.5/src/shared/discover-image.c:1010:45: return_function: returning to ‘image_discover’ from ‘extract_image_basename’ systemd-259.5/src/shared/discover-image.c:1016:44: branch_false: following ‘false’ branch... systemd-259.5/src/shared/discover-image.c:1021:67: branch_false: ...to here systemd-259.5/src/shared/discover-image.c:1022:44: branch_true: following ‘true’ branch... systemd-259.5/src/shared/discover-image.c:1021:62: call_function: inlined call to ‘freep’ from ‘image_discover’ systemd-259.5/src/shared/discover-image.c:1140:1: danger: ‘suffix’ leaks here; was allocated at [(62)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/61) # 1138| # 1139| return 0; # 1140|-> } # 1141| # 1142| static int unprivileged_remove(Image *i) { Error: CPPCHECK_WARNING (CWE-401): [#def53] systemd-259.5/src/shared/format-table.c:450: error[memleak]: Memory leak: d # 448| d->strv = strv_copy(data); # 449| if (!d->strv) # 450|-> return NULL; # 451| } else # 452| memcpy_safe(d->data, data, data_size); Error: GCC_ANALYZER_WARNING (CWE-476): [#def54] systemd-259.5/src/shared/libfido2-util.c:1164:81: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ret_has_always_uv’ systemd-259.5/src/shared/libfido2-util.c:1269:5: enter_function: entry to ‘fido2_find_device_auto’ systemd-259.5/src/shared/libfido2-util.c:1279:12: branch_false: following ‘false’ branch... systemd-259.5/src/shared/libfido2-util.c:1282:14: branch_false: ...to here systemd-259.5/src/shared/libfido2-util.c:1283:12: branch_false: following ‘false’ branch... systemd-259.5/src/shared/libfido2-util.c:1286:13: branch_false: ...to here systemd-259.5/src/shared/libfido2-util.c:1287:12: branch_false: following ‘false’ branch... systemd-259.5/src/shared/libfido2-util.c:1287:13: branch_false: ...to here systemd-259.5/src/shared/libfido2-util.c:1287:13: branch_true: following ‘true’ branch... systemd-259.5/src/shared/libfido2-util.c:1287:56: branch_true: ...to here systemd-259.5/src/shared/libfido2-util.c:1287:39: branch_false: following ‘false’ branch... systemd-259.5/src/shared/libfido2-util.c:1296:12: branch_false: ...to here systemd-259.5/src/shared/libfido2-util.c:1296:12: branch_false: following ‘false’ branch... systemd-259.5/src/shared/libfido2-util.c:1301:17: branch_false: ...to here systemd-259.5/src/shared/libfido2-util.c:1302:12: branch_false: following ‘false’ branch... systemd-259.5/src/shared/libfido2-util.c:1308:13: branch_false: ...to here systemd-259.5/src/shared/libfido2-util.c:1308:13: call_function: calling ‘check_device_is_fido2_with_hmac_secret’ from ‘fido2_find_device_auto’ # 1162| r = verify_features(d, path, LOG_DEBUG, ret_has_rk, ret_has_client_pin, ret_has_up, ret_has_uv, ret_has_always_uv); # 1163| if (r == -ENODEV) { /* Not a FIDO2 device, or not implementing 'hmac-secret' */ # 1164|-> *ret_has_rk = *ret_has_client_pin = *ret_has_up = *ret_has_uv = *ret_has_always_uv = false; # 1165| return false; # 1166| } Error: GCC_ANALYZER_WARNING (CWE-457): [#def55] systemd-259.5/src/shared/openssl-util.c:164:36: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘digest_size’ systemd-259.5/src/shared/openssl-util.c:125:5: enter_function: entry to ‘openssl_digest_many’ systemd-259.5/src/shared/openssl-util.c:134:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:135:9: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:135:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:136:9: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:136:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:140:46: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:144:12: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:148:55: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:149:12: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:152:14: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:152:12: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:152:12: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:160:13: call_function: calling ‘openssl_digest_size’ from ‘openssl_digest_many’ systemd-259.5/src/shared/openssl-util.c:160:13: return_function: returning to ‘openssl_digest_many’ from ‘openssl_digest_size’ systemd-259.5/src/shared/openssl-util.c:161:12: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:164:36: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:164:36: danger: use of uninitialized value ‘digest_size’ here # 162| return r; # 163| # 164|-> _cleanup_free_ void *buf = malloc(digest_size); # 165| if (!buf) # 166| return log_oom_debug(); Error: GCC_ANALYZER_WARNING (CWE-457): [#def56] systemd-259.5/src/shared/openssl-util.c:1231:15: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘hash_size’ systemd-259.5/src/shared/openssl-util.c:1212:5: enter_function: entry to ‘string_hashsum’ systemd-259.5/src/shared/openssl-util.c:1223:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:1224:9: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:1224:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:1225:9: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:1225:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:1227:13: call_function: inlined call to ‘openssl_digest’ from ‘string_hashsum’ systemd-259.5/src/shared/openssl-util.c:1227:13: call_function: inlined call to ‘openssl_digest’ from ‘string_hashsum’ systemd-259.5/src/shared/openssl-util.c:1228:12: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:1231:15: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:1231:15: danger: use of uninitialized value ‘hash_size’ here # 1229| return r; # 1230| # 1231|-> enc = hexmem(hash, hash_size); # 1232| if (!enc) # 1233| return -ENOMEM; Error: GCC_ANALYZER_WARNING (CWE-457): [#def57] systemd-259.5/src/shared/openssl-util.c:1361:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘saved_key_size’ systemd-259.5/src/shared/openssl-util.c:1328:12: enter_function: entry to ‘rsa_pkey_generate_volume_keys’ systemd-259.5/src/shared/openssl-util.c:1340:13: call_function: calling ‘rsa_pkey_to_suitable_key_size’ from ‘rsa_pkey_generate_volume_keys’ systemd-259.5/src/shared/openssl-util.c:1340:13: return_function: returning to ‘rsa_pkey_generate_volume_keys’ from ‘rsa_pkey_to_suitable_key_size’ systemd-259.5/src/shared/openssl-util.c:1341:12: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:1344:9: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:1347:12: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:1350:13: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:1351:12: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:1354:13: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:1354:13: call_function: calling ‘rsa_encrypt_bytes’ from ‘rsa_pkey_generate_volume_keys’ systemd-259.5/src/shared/openssl-util.c:1354:13: return_function: returning to ‘rsa_pkey_generate_volume_keys’ from ‘rsa_encrypt_bytes’ systemd-259.5/src/shared/openssl-util.c:1355:12: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:1358:9: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:1361:9: danger: use of uninitialized value ‘saved_key_size’ here # 1359| *ret_decrypted_key_size = decrypted_key_size; # 1360| *ret_saved_key = TAKE_PTR(saved_key); # 1361|-> *ret_saved_key_size = saved_key_size; # 1362| return 0; # 1363| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def58] systemd-259.5/src/shared/openssl-util.c:1735:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ui’ systemd-259.5/src/shared/openssl-util.c:1706:5: enter_function: entry to ‘openssl_load_private_key’ systemd-259.5/src/shared/openssl-util.c:1716:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:1717:9: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:1717:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:1718:9: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:1718:9: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:1720:12: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:1720:12: branch_false: following ‘false’ branch (when ‘private_key_source_type != 0’)... systemd-259.5/src/shared/openssl-util.c:1728:80: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:1728:80: release_memory: ‘ui’ is NULL systemd-259.5/src/shared/openssl-util.c:1729:21: call_function: calling ‘openssl_ask_password_ui_new’ from ‘openssl_load_private_key’ systemd-259.5/src/shared/openssl-util.c:1729:21: return_function: returning to ‘openssl_load_private_key’ from ‘openssl_ask_password_ui_new’ systemd-259.5/src/shared/openssl-util.c:1730:20: branch_false: following ‘false’ branch... systemd-259.5/src/shared/openssl-util.c:1735:31: branch_false: ...to here systemd-259.5/src/shared/openssl-util.c:1735:31: release_memory: ‘ui’ is NULL systemd-259.5/src/shared/openssl-util.c:1735:17: danger: dereference of NULL ‘ui’ # 1733| UI_METHOD *ui_method = NULL; # 1734| #ifndef OPENSSL_NO_UI_CONSOLE # 1735|-> ui_method = ui->method; # 1736| #endif # 1737| Error: GCC_ANALYZER_WARNING (CWE-401): [#def59] systemd-259.5/src/socket-proxy/socket-proxyd.c:479:13: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(88)’ systemd-259.5/src/socket-proxy/socket-proxyd.c:442:12: enter_function: entry to ‘context_add_connection’ systemd-259.5/src/socket-proxy/socket-proxyd.c:445:9: branch_false: following ‘false’ branch... systemd-259.5/src/socket-proxy/socket-proxyd.c:447:35: branch_false: ...to here systemd-259.5/src/socket-proxy/socket-proxyd.c:448:12: branch_false: following ‘false’ branch... systemd-259.5/src/socket-proxy/socket-proxyd.c:455:13: branch_false: ...to here systemd-259.5/src/socket-proxy/socket-proxyd.c:461:12: branch_false: following ‘false’ branch... systemd-259.5/src/socket-proxy/socket-proxyd.c:464:13: branch_false: ...to here systemd-259.5/src/socket-proxy/socket-proxyd.c:468:53: call_function: inlined call to ‘malloc_multiply’ from ‘context_add_connection’ systemd-259.5/src/socket-proxy/socket-proxyd.c:469:12: branch_false: following ‘false’ branch... systemd-259.5/src/socket-proxy/socket-proxyd.c:472:9: branch_false: ...to here systemd-259.5/src/socket-proxy/socket-proxyd.c:480:12: branch_false: following ‘false’ branch... systemd-259.5/src/socket-proxy/socket-proxyd.c:483:9: branch_false: ...to here systemd-259.5/src/socket-proxy/socket-proxyd.c:485:13: call_function: calling ‘resolve_remote’ from ‘context_add_connection’ systemd-259.5/src/socket-proxy/socket-proxyd.c:485:13: return_function: returning to ‘context_add_connection’ from ‘resolve_remote’ systemd-259.5/src/socket-proxy/socket-proxyd.c:479:13: danger: ‘malloc(88)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8) # 477| }; # 478| # 479|-> r = set_ensure_put(&context->connections, &connection_hash_ops, c); # 480| if (r < 0) # 481| return log_oom(); Error: GCC_ANALYZER_WARNING (CWE-775): [#def60] systemd-259.5/src/test/test-fd-util.c:154:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup(fcntl(0, 0, 3))’ systemd-259.5/src/test/test-fd-util.c:145:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-fd-util.c:146:9: branch_false: ...to here systemd-259.5/src/test/test-fd-util.c:146:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-fd-util.c:148:18: branch_false: ...to here systemd-259.5/src/test/test-fd-util.c:149:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-fd-util.c:151:18: branch_false: ...to here systemd-259.5/src/test/test-fd-util.c:152:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-fd-util.c:154:9: branch_false: ...to here systemd-259.5/src/test/test-fd-util.c:154:9: acquire_resource: opened here systemd-259.5/src/test/test-fd-util.c:154:9: danger: ‘dup(fcntl(0, 0, 3))’ leaks here; was opened at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8) # 152| assert_se(new_fd >= 3); # 153| # 154|-> assert_se(dup(original_stdin) == 0); # 155| assert_se(close_nointr(original_stdin) != EBADF); # 156| assert_se(close_nointr(new_fd) != EBADF); Error: GCC_ANALYZER_WARNING (CWE-401): [#def61] systemd-259.5/src/test/test-json.c:448:1: warning[-Wanalyzer-malloc-leak]: leak of ‘__unique_prefix__expr_22’ systemd-259.5/src/test/test-json.c:297:1: enter_function: entry to ‘test_build’ systemd-259.5/src/test/test-json.c:301:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:302:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:302:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:303:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:303:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:305:13: branch_false: ...to here systemd-259.5/src/test/test-json.c:307:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:308:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:308:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:310:13: branch_false: ...to here systemd-259.5/src/test/test-json.c:311:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:312:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:312:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:314:13: branch_false: ...to here systemd-259.5/src/test/test-json.c:317:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:323:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:323:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:329:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:329:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:331:13: branch_false: ...to here systemd-259.5/src/test/test-json.c:335:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:346:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:346:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:347:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:348:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:349:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:349:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:351:13: branch_false: ...to here systemd-259.5/src/test/test-json.c:354:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:356:13: branch_false: ...to here systemd-259.5/src/test/test-json.c:357:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:358:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:359:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:360:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:360:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:361:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:363:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:365:13: branch_false: ...to here systemd-259.5/src/test/test-json.c:368:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:374:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:374:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:382:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:382:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:384:60: branch_false: ...to here systemd-259.5/src/test/test-json.c:385:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:388:26: branch_false: ...to here systemd-259.5/src/test/test-json.c:391:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:393:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:393:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:394:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:394:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:395:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:395:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:396:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:396:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:397:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:397:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:398:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:398:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:399:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:399:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:400:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:400:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:402:60: branch_false: ...to here systemd-259.5/src/test/test-json.c:403:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:406:30: branch_false: ...to here systemd-259.5/src/test/test-json.c:407:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:409:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:409:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:410:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:410:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:412:60: branch_false: ...to here systemd-259.5/src/test/test-json.c:413:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:414:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:414:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:415:13: branch_false: ...to here systemd-259.5/src/test/test-json.c:417:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:419:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:419:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:420:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:420:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:422:33: branch_false: ...to here systemd-259.5/src/test/test-json.c:423:9: acquire_memory: allocated here systemd-259.5/src/test/test-json.c:423:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:424:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:425:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:428:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:429:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:429:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:431:60: branch_false: ...to here systemd-259.5/src/test/test-json.c:432:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:434:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:434:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:436:48: branch_false: ...to here systemd-259.5/src/test/test-json.c:437:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:438:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:439:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:442:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:444:60: branch_false: ...to here systemd-259.5/src/test/test-json.c:445:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:447:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:447:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:444:60: call_function: inlined call to ‘sd_json_variant_unrefp’ from ‘test_build’ systemd-259.5/src/test/test-json.c:436:48: call_function: calling ‘ordered_set_freep’ from ‘test_build’ systemd-259.5/src/test/test-json.c:436:48: return_function: returning to ‘test_build’ from ‘ordered_set_freep’ systemd-259.5/src/test/test-json.c:422:33: call_function: calling ‘set_freep’ from ‘test_build’ systemd-259.5/src/test/test-json.c:422:33: return_function: returning to ‘test_build’ from ‘set_freep’ systemd-259.5/src/test/test-json.c:412:60: call_function: inlined call to ‘sd_json_variant_unrefp’ from ‘test_build’ systemd-259.5/src/test/test-json.c:406:42: call_function: inlined call to ‘freep’ from ‘test_build’ systemd-259.5/src/test/test-json.c:448:1: danger: ‘__unique_prefix__expr_22’ leaks here; was allocated at [(84)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/83) # 446| # 447| assert_se(sd_json_variant_equal(ossv, ossv2)); # 448|-> } # 449| # 450| TEST(json_buildo) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def62] systemd-259.5/src/test/test-json.c:448:1: warning[-Wanalyzer-malloc-leak]: leak of ‘__unique_prefix__expr_23’ systemd-259.5/src/test/test-json.c:297:1: enter_function: entry to ‘test_build’ systemd-259.5/src/test/test-json.c:301:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:302:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:302:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:303:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:303:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:305:13: branch_false: ...to here systemd-259.5/src/test/test-json.c:307:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:308:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:308:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:310:13: branch_false: ...to here systemd-259.5/src/test/test-json.c:311:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:312:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:312:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:314:13: branch_false: ...to here systemd-259.5/src/test/test-json.c:317:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:323:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:323:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:329:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:329:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:331:13: branch_false: ...to here systemd-259.5/src/test/test-json.c:335:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:346:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:346:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:347:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:348:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:349:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:349:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:351:13: branch_false: ...to here systemd-259.5/src/test/test-json.c:354:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:356:13: branch_false: ...to here systemd-259.5/src/test/test-json.c:357:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:358:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:359:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:360:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:360:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:361:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:363:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:365:13: branch_false: ...to here systemd-259.5/src/test/test-json.c:368:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:374:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:374:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:382:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:382:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:384:60: branch_false: ...to here systemd-259.5/src/test/test-json.c:385:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:388:26: branch_false: ...to here systemd-259.5/src/test/test-json.c:391:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:393:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:393:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:394:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:394:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:395:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:395:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:396:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:396:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:397:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:397:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:398:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:398:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:399:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:399:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:400:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:400:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:402:60: branch_false: ...to here systemd-259.5/src/test/test-json.c:403:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:406:30: branch_false: ...to here systemd-259.5/src/test/test-json.c:407:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:409:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:409:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:410:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:410:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:412:60: branch_false: ...to here systemd-259.5/src/test/test-json.c:413:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:414:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:414:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:415:13: branch_false: ...to here systemd-259.5/src/test/test-json.c:417:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:419:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:419:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:420:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:420:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:422:33: branch_false: ...to here systemd-259.5/src/test/test-json.c:423:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:424:9: acquire_memory: allocated here systemd-259.5/src/test/test-json.c:424:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:425:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:428:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:429:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:429:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:431:60: branch_false: ...to here systemd-259.5/src/test/test-json.c:432:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:434:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:434:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:436:48: branch_false: ...to here systemd-259.5/src/test/test-json.c:437:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:438:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:439:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:442:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:444:60: branch_false: ...to here systemd-259.5/src/test/test-json.c:445:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:447:9: branch_false: ...to here systemd-259.5/src/test/test-json.c:447:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-json.c:444:60: call_function: inlined call to ‘sd_json_variant_unrefp’ from ‘test_build’ systemd-259.5/src/test/test-json.c:436:48: call_function: calling ‘ordered_set_freep’ from ‘test_build’ systemd-259.5/src/test/test-json.c:436:48: return_function: returning to ‘test_build’ from ‘ordered_set_freep’ systemd-259.5/src/test/test-json.c:422:33: call_function: calling ‘set_freep’ from ‘test_build’ systemd-259.5/src/test/test-json.c:422:33: return_function: returning to ‘test_build’ from ‘set_freep’ systemd-259.5/src/test/test-json.c:412:60: call_function: inlined call to ‘sd_json_variant_unrefp’ from ‘test_build’ systemd-259.5/src/test/test-json.c:406:42: call_function: inlined call to ‘freep’ from ‘test_build’ systemd-259.5/src/test/test-json.c:448:1: danger: ‘__unique_prefix__expr_23’ leaks here; was allocated at [(86)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/85) # 446| # 447| assert_se(sd_json_variant_equal(ossv, ossv2)); # 448|-> } # 449| # 450| TEST(json_buildo) { Error: GCC_ANALYZER_WARNING (CWE-476): [#def63] systemd-259.5/src/test/test-mempress.c:287:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(8192)’ systemd-259.5/src/test/test-mempress.c:190:1: enter_function: entry to ‘test_real_pressure’ systemd-259.5/src/test/test-mempress.c:204:12: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:207:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:207:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:209:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:209:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:210:9: call_function: inlined call to ‘random_u64’ from ‘test_real_pressure’ systemd-259.5/src/test/test-mempress.c:210:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:211:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:211:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:212:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:212:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:213:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:213:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:214:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:214:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:215:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:215:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:216:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:216:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:218:13: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:219:12: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:222:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:222:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:224:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:224:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:226:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:226:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:228:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:228:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:230:13: call_function: inlined call to ‘safe_fork’ from ‘test_real_pressure’ systemd-259.5/src/test/test-mempress.c:231:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:232:12: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:232:12: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:237:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:237:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:238:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:238:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:239:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:239:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:241:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:241:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:242:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:242:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:244:38: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:249:12: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:252:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:252:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:253:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:253:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:254:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:254:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:255:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:255:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:256:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:256:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:257:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:257:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:258:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:258:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:259:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:259:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:260:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:260:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:263:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:263:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:265:18: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:266:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:268:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:269:12: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:272:13: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:274:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:275:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:275:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:276:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:276:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:277:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:277:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:278:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:278:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:279:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:279:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:281:9: branch_false: ...to here systemd-259.5/src/test/test-mempress.c:281:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-mempress.c:285:23: call_function: inlined call to ‘malloc_multiply’ from ‘test_real_pressure’ systemd-259.5/src/test/test-mempress.c:286:25: branch_true: following ‘true’ branch (when ‘i != 1024’)... systemd-259.5/src/test/test-mempress.c:287:18: branch_true: ...to here systemd-259.5/src/test/test-mempress.c:287:17: danger: ‘malloc(8192) + (long unsigned int)i * 8’ could be NULL: unchecked value from [(90)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/89) # 285| Hashmap **h = new(Hashmap*, NN); # 286| for (int i = 0; i < NN; i++) # 287|-> h[i] = hashmap_new(NULL); # 288| for (int i = 0; i < NN; i++) # 289| hashmap_free(h[i]); Error: GCC_ANALYZER_WARNING (CWE-476): [#def64] systemd-259.5/src/test/test-path-util.c:706:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘absolute_dirs’ systemd-259.5/src/test/test-path-util.c:693:36: release_memory: ‘search_dirs’ is NULL systemd-259.5/src/test/test-path-util.c:694:36: release_memory: ‘search_dirs’ is NULL systemd-259.5/src/test/test-path-util.c:696:9: branch_false: following ‘false’ branch (when ‘_result’ is non-NULL)... systemd-259.5/src/test/test-path-util.c:698:23: branch_false: ...to here systemd-259.5/src/test/test-path-util.c:699:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-path-util.c:699:9: branch_false: ...to here systemd-259.5/src/test/test-path-util.c:700:9: branch_false: following ‘false’ branch... systemd-259.5/src/test/test-path-util.c:706:9: branch_false: ...to here systemd-259.5/src/test/test-path-util.c:706:9: release_memory: ‘absolute_dirs’ is NULL systemd-259.5/src/test/test-path-util.c:706:9: danger: dereference of NULL ‘absolute_dirs’ # 704| } # 705| # 706|-> assert_se(mkdir(absolute_dirs[0], 0700) == 0); # 707| assert_se(mkdir(absolute_dirs[1], 0700) == 0); # 708| assert_se(symlink("dir2", absolute_dirs[2]) == 0); Error: GCC_ANALYZER_WARNING (CWE-401): [#def65] systemd-259.5/src/udev/udevadm-monitor.c:149:48: warning[-Wanalyzer-malloc-leak]: leak of ‘subsystem’ systemd-259.5/src/udev/udevadm-monitor.c:190:5: enter_function: entry to ‘monitor_main’ systemd-259.5/src/udev/udevadm-monitor.c:195:13: call_function: calling ‘parse_argv’ from ‘monitor_main’ # 147| devtype = strdup(slash + 1); # 148| if (!devtype) # 149|-> return log_oom(); # 150| # 151| subsystem = strndup(optarg, slash - optarg); Error: GCC_ANALYZER_WARNING (CWE-401): [#def66] systemd-259.5/src/udev/udevadm-monitor.c:151:45: warning[-Wanalyzer-malloc-leak]: leak of ‘subsystem’ systemd-259.5/src/udev/udevadm-monitor.c:190:5: enter_function: entry to ‘monitor_main’ systemd-259.5/src/udev/udevadm-monitor.c:195:13: call_function: calling ‘parse_argv’ from ‘monitor_main’ # 149| return log_oom(); # 150| # 151|-> subsystem = strndup(optarg, slash - optarg); # 152| } else # 153| subsystem = strdup(optarg); Error: GCC_ANALYZER_WARNING (CWE-401): [#def67] systemd-259.5/src/udev/udevadm-monitor.c:153:45: warning[-Wanalyzer-malloc-leak]: leak of ‘subsystem’ systemd-259.5/src/udev/udevadm-monitor.c:190:5: enter_function: entry to ‘monitor_main’ systemd-259.5/src/udev/udevadm-monitor.c:195:13: call_function: calling ‘parse_argv’ from ‘monitor_main’ # 151| subsystem = strndup(optarg, slash - optarg); # 152| } else # 153|-> subsystem = strdup(optarg); # 154| # 155| if (!subsystem) Error: GCC_ANALYZER_WARNING (CWE-401): [#def68] systemd-259.5/src/udev/udevadm-monitor.c:169:40: warning[-Wanalyzer-malloc-leak]: leak of ‘subsystem’ systemd-259.5/src/udev/udevadm-monitor.c:190:5: enter_function: entry to ‘monitor_main’ systemd-259.5/src/udev/udevadm-monitor.c:195:13: call_function: calling ‘parse_argv’ from ‘monitor_main’ # 167| r = set_put_strdup(&arg_tag_filter, optarg); # 168| if (r < 0) # 169|-> return log_oom(); # 170| break; # 171| Error: GCC_ANALYZER_WARNING (CWE-401): [#def69] systemd-259.5/src/udev/udevadm-monitor.c:188:1: warning[-Wanalyzer-malloc-leak]: leak of ‘subsystem’ systemd-259.5/src/udev/udevadm-monitor.c:190:5: enter_function: entry to ‘monitor_main’ systemd-259.5/src/udev/udevadm-monitor.c:195:13: call_function: calling ‘parse_argv’ from ‘monitor_main’ # 186| # 187| return 1; # 188|-> } # 189| # 190| int monitor_main(int argc, char *argv[], void *userdata) { Error: GCC_ANALYZER_WARNING (CWE-775): [#def70] systemd-259.5/src/varlinkctl/varlinkctl.c:270:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘add_fd’ systemd-259.5/src/varlinkctl/varlinkctl.c:149:9: branch_false: following ‘false’ branch... systemd-259.5/src/varlinkctl/varlinkctl.c:150:9: branch_false: ...to here systemd-259.5/src/varlinkctl/varlinkctl.c:150:9: branch_false: following ‘false’ branch... systemd-259.5/src/varlinkctl/varlinkctl.c:150:9: branch_false: ...to here systemd-259.5/src/varlinkctl/varlinkctl.c:152:16: branch_true: following ‘true’ branch (when ‘c >= 0’)... systemd-259.5/src/varlinkctl/varlinkctl.c:154:17: branch_true: ...to here systemd-259.5/src/varlinkctl/varlinkctl.c:229:28: branch_false: following ‘false’ branch... systemd-259.5/src/varlinkctl/varlinkctl.c:233:29: branch_false: ...to here systemd-259.5/src/varlinkctl/varlinkctl.c:233:28: branch_true: following ‘true’ branch... systemd-259.5/src/varlinkctl/varlinkctl.c:237:42: branch_true: ...to here systemd-259.5/src/varlinkctl/varlinkctl.c:237:42: acquire_resource: opened here systemd-259.5/src/varlinkctl/varlinkctl.c:238:36: branch_false: following ‘false’ branch... systemd-259.5/src/varlinkctl/varlinkctl.c:270:1: branch_false: ...to here systemd-259.5/src/varlinkctl/varlinkctl.c:270:1: danger: ‘add_fd’ leaks here; was opened at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10) # 268| # 269| return 1; # 270|-> } # 271| # 272| static int varlink_connect_auto(sd_varlink **ret, const char *where) { Error: CPPCHECK_WARNING (CWE-457): [#def71] systemd-259.5/src/vmspawn/vmspawn-util.c:186: error[uninitvar]: Uninitialized variable: e # 184| _cleanup_free_ char *arch = NULL; # 185| # 186|-> r = sd_json_dispatch(e, table, flags, &arch); # 187| if (r < 0) # 188| return r;
| analyzer-version-clippy | 1.95.0 |
| analyzer-version-cppcheck | 2.20.0 |
| analyzer-version-gcc | 16.1.1 |
| analyzer-version-gcc-analyzer | 16.1.1 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.95.0 |
| diffbase-analyzer-version-cppcheck | 2.20.0 |
| diffbase-analyzer-version-gcc | 16.1.1 |
| diffbase-analyzer-version-gcc-analyzer | 16.1.1 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-20.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | systemd-261~rc2-1.fc45 |
| diffbase-store-results-to | /tmp/tmp_1uo6rm6/systemd-261~rc2-1.fc45.tar.xz |
| diffbase-time-created | 2026-06-01 17:15:26 |
| diffbase-time-finished | 2026-06-01 17:30:30 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmp_1uo6rm6/systemd-261~rc2-1.fc45.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp_1uo6rm6/systemd-261~rc2-1.fc45.src.rpm' |
| diffbase-tool-version | csmock-3.8.5.20260529.133039.g6f3b5c6-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-20.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | systemd-259.5-1.fc44 |
| store-results-to | /tmp/tmp7wtoocd4/systemd-259.5-1.fc44.tar.xz |
| time-created | 2026-06-01 17:00:21 |
| time-finished | 2026-06-01 17:14:28 |
| title | Fixed findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmp7wtoocd4/systemd-259.5-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp7wtoocd4/systemd-259.5-1.fc44.src.rpm' |
| tool-version | csmock-3.8.5.20260529.133039.g6f3b5c6-1.el9 |