Task #164 - shadow-utils-4.15.1-2.fc41/scan-results.err
back to task #164download
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:27:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.gr_name)’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
# 25| #define XCALLOC(n, type) ((type *) xcalloc(n, sizeof(type)))
# 26| #define MALLOC(n, type) ((type *) mallocarray(n, sizeof(type)))
# 27|-> #define XMALLOC(n, type) ((type *) xmallocarray(n, sizeof(type)))
# 28|
# 29| #define REALLOC(ptr, n, type) \
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:27:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.gr_passwd)’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
# 25| #define XCALLOC(n, type) ((type *) xcalloc(n, sizeof(type)))
# 26| #define MALLOC(n, type) ((type *) mallocarray(n, sizeof(type)))
# 27|-> #define XMALLOC(n, type) ((type *) xmallocarray(n, sizeof(type)))
# 28|
# 29| #define REALLOC(ptr, n, type) \
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:27:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.pw_dir)’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
# 25| #define XCALLOC(n, type) ((type *) xcalloc(n, sizeof(type)))
# 26| #define MALLOC(n, type) ((type *) mallocarray(n, sizeof(type)))
# 27|-> #define XMALLOC(n, type) ((type *) xmallocarray(n, sizeof(type)))
# 28|
# 29| #define REALLOC(ptr, n, type) \
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:27:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.pw_gecos)’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
# 25| #define XCALLOC(n, type) ((type *) xcalloc(n, sizeof(type)))
# 26| #define MALLOC(n, type) ((type *) mallocarray(n, sizeof(type)))
# 27|-> #define XMALLOC(n, type) ((type *) xmallocarray(n, sizeof(type)))
# 28|
# 29| #define REALLOC(ptr, n, type) \
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:27:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.pw_name)’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
# 25| #define XCALLOC(n, type) ((type *) xcalloc(n, sizeof(type)))
# 26| #define MALLOC(n, type) ((type *) mallocarray(n, sizeof(type)))
# 27|-> #define XMALLOC(n, type) ((type *) xmallocarray(n, sizeof(type)))
# 28|
# 29| #define REALLOC(ptr, n, type) \
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:27:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.pw_passwd)’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
# 25| #define XCALLOC(n, type) ((type *) xcalloc(n, sizeof(type)))
# 26| #define MALLOC(n, type) ((type *) mallocarray(n, sizeof(type)))
# 27|-> #define XMALLOC(n, type) ((type *) xmallocarray(n, sizeof(type)))
# 28|
# 29| #define REALLOC(ptr, n, type) \
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:27:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.pw_shell)’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
# 25| #define XCALLOC(n, type) ((type *) xcalloc(n, sizeof(type)))
# 26| #define MALLOC(n, type) ((type *) mallocarray(n, sizeof(type)))
# 27|-> #define XMALLOC(n, type) ((type *) xmallocarray(n, sizeof(type)))
# 28|
# 29| #define REALLOC(ptr, n, type) \
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:27:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.sg_name)’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
# 25| #define XCALLOC(n, type) ((type *) xcalloc(n, sizeof(type)))
# 26| #define MALLOC(n, type) ((type *) mallocarray(n, sizeof(type)))
# 27|-> #define XMALLOC(n, type) ((type *) xmallocarray(n, sizeof(type)))
# 28|
# 29| #define REALLOC(ptr, n, type) \
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:27:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.sg_passwd)’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
# 25| #define XCALLOC(n, type) ((type *) xcalloc(n, sizeof(type)))
# 26| #define MALLOC(n, type) ((type *) mallocarray(n, sizeof(type)))
# 27|-> #define XMALLOC(n, type) ((type *) xmallocarray(n, sizeof(type)))
# 28|
# 29| #define REALLOC(ptr, n, type) \
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:27:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.sp_pwdp)’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
# 25| #define XCALLOC(n, type) ((type *) xcalloc(n, sizeof(type)))
# 26| #define MALLOC(n, type) ((type *) mallocarray(n, sizeof(type)))
# 27|-> #define XMALLOC(n, type) ((type *) xmallocarray(n, sizeof(type)))
# 28|
# 29| #define REALLOC(ptr, n, type) \
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:27:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*sp.sp_namp)’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
# 25| #define XCALLOC(n, type) ((type *) xcalloc(n, sizeof(type)))
# 26| #define MALLOC(n, type) ((type *) mallocarray(n, sizeof(type)))
# 27|-> #define XMALLOC(n, type) ((type *) xmallocarray(n, sizeof(type)))
# 28|
# 29| #define REALLOC(ptr, n, type) \
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:27:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(group)’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
# 25| #define XCALLOC(n, type) ((type *) xcalloc(n, sizeof(type)))
# 26| #define MALLOC(n, type) ((type *) mallocarray(n, sizeof(type)))
# 27|-> #define XMALLOC(n, type) ((type *) xmallocarray(n, sizeof(type)))
# 28|
# 29| #define REALLOC(ptr, n, type) \
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:27:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(new)’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
# 25| #define XCALLOC(n, type) ((type *) xcalloc(n, sizeof(type)))
# 26| #define MALLOC(n, type) ((type *) mallocarray(n, sizeof(type)))
# 27|-> #define XMALLOC(n, type) ((type *) xmallocarray(n, sizeof(type)))
# 28|
# 29| #define REALLOC(ptr, n, type) \
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:27:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(old)’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
# 25| #define XCALLOC(n, type) ((type *) xcalloc(n, sizeof(type)))
# 26| #define MALLOC(n, type) ((type *) mallocarray(n, sizeof(type)))
# 27|-> #define XMALLOC(n, type) ((type *) xmallocarray(n, sizeof(type)))
# 28|
# 29| #define REALLOC(ptr, n, type) \
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:27:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(pwent.pw_name)’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
# 25| #define XCALLOC(n, type) ((type *) xcalloc(n, sizeof(type)))
# 26| #define MALLOC(n, type) ((type *) mallocarray(n, sizeof(type)))
# 27|-> #define XMALLOC(n, type) ((type *) xmallocarray(n, sizeof(type)))
# 28|
# 29| #define REALLOC(ptr, n, type) \
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:27:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(string)’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
# 25| #define XCALLOC(n, type) ((type *) xcalloc(n, sizeof(type)))
# 26| #define MALLOC(n, type) ((type *) mallocarray(n, sizeof(type)))
# 27|-> #define XMALLOC(n, type) ((type *) xmallocarray(n, sizeof(type)))
# 28|
# 29| #define REALLOC(ptr, n, type) \
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.c:24: included_from: Included from here.
shadow-4.15.1/lib/alloc.h: scope_hint: In function ‘reallocarrayf’
shadow-4.15.1/lib/alloc.h:103:15: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarrayf(p, nmemb, size)’
# 101|
# 102| /* realloc(p, 0) is equivalent to free(p); avoid double free. */
# 103|-> if (q == NULL && nmemb != 0 && size != 0)
# 104| free(p);
# 105| return q;
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/sgetgrent.c:18: included_from: Included from here.
shadow-4.15.1/lib/alloc.h: scope_hint: In function ‘reallocarrayf’
shadow-4.15.1/lib/alloc.h:103:15: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarrayf(p_, i + 100, 8)’
shadow-4.15.1/lib/sgetgrent.c:49:35: note: in expansion of macro ‘REALLOCF’
shadow-4.15.1/lib/sgetgrent.c:49:35: note: in expansion of macro ‘REALLOCF’
# 101|
# 102| /* realloc(p, 0) is equivalent to free(p); avoid double free. */
# 103|-> if (q == NULL && nmemb != 0 && size != 0)
# 104| free(p);
# 105| return q;
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.c:24: included_from: Included from here.
shadow-4.15.1/lib/alloc.h: scope_hint: In function ‘reallocarrayf’
shadow-4.15.1/lib/alloc.h:103:15: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarrayf.localalias(p, nmemb, size)’
# 101|
# 102| /* realloc(p, 0) is equivalent to free(p); avoid double free. */
# 103|-> if (q == NULL && nmemb != 0 && size != 0)
# 104| free(p);
# 105| return q;
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h: scope_hint: In function ‘xreallocarray’
shadow-4.15.1/lib/alloc.h:103:15: warning[-Wanalyzer-malloc-leak]: leak of ‘xreallocarray(0, 1, size)’
shadow-4.15.1/lib/alloc.c: scope_hint: In function ‘xreallocarray’
# 101|
# 102| /* realloc(p, 0) is equivalent to free(p); avoid double free. */
# 103|-> if (q == NULL && nmemb != 0 && size != 0)
# 104| free(p);
# 105| return q;
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:103:15: warning[-Wanalyzer-malloc-leak]: leak of ‘xreallocarray(0, nmemb, size)’
# 101|
# 102| /* realloc(p, 0) is equivalent to free(p); avoid double free. */
# 103|-> if (q == NULL && nmemb != 0 && size != 0)
# 104| free(p);
# 105| return q;
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:103:15: warning[-Wanalyzer-malloc-leak]: leak of ‘xreallocarray(0, strlen(str) + 1, 1)’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.c: scope_hint: In function ‘xreallocarray’
# 101|
# 102| /* realloc(p, 0) is equivalent to free(p); avoid double free. */
# 103|-> if (q == NULL && nmemb != 0 && size != 0)
# 104| free(p);
# 105| return q;
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup("/")’
shadow-4.15.1/lib/defines.h:16: included_from: Included from here.
shadow-4.15.1/lib/alloc.h:21: included_from: Included from here.
shadow-4.15.1/lib/setupenv.c:205:30: note: in expansion of macro ‘_’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup("/bin/sh")’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(&crypt_passwd)’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>)’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.pw_name)’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*list)’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*sp.sp_pwdp)’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(ccp)’
shadow-4.15.1/src/useradd.c:385:26: note: in expansion of macro ‘MATCH’
shadow-4.15.1/src/useradd.c:392:26: note: in expansion of macro ‘MATCH’
shadow-4.15.1/src/useradd.c:399:26: note: in expansion of macro ‘MATCH’
shadow-4.15.1/src/useradd.c:415:26: note: in expansion of macro ‘MATCH’
shadow-4.15.1/src/useradd.c:422:26: note: in expansion of macro ‘MATCH’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(comma)’
shadow-4.15.1/lib/alloc.h:14: included_from: Included from here.
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(cp)’
shadow-4.15.1/src/useradd.c:385:26: note: in expansion of macro ‘MATCH’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(getdef_str("MOTD_FILE"))’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(getlogin())’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(member)’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(new)’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(old)’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(optarg)’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/src/login.c:28: included_from: Included from here.
shadow-4.15.1/lib/alloc.h: scope_hint: In function ‘xstrdup’
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(ptr_user)’
shadow-4.15.1/lib/must_be.h:13: included_from: Included from here.
shadow-4.15.1/lib/sizeof.h:15: included_from: Included from here.
shadow-4.15.1/lib/memzero.h:18: included_from: Included from here.
shadow-4.15.1/src/login.c:34: included_from: Included from here.
shadow-4.15.1/src/login.c:426:9: note: in expansion of macro ‘PAM_FAIL_CHECK’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(pwent.pw_passwd)’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(shellname)’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(string)’
shadow-4.15.1/lib/must_be.h:13: included_from: Included from here.
shadow-4.15.1/lib/sizeof.h:15: included_from: Included from here.
shadow-4.15.1/lib/string/sprintf.h:19: included_from: Included from here.
shadow-4.15.1/lib/env.c:23: included_from: Included from here.
shadow-4.15.1/lib/env.c:180:32: note: in expansion of macro ‘SNPRINTF’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(tty)’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(users)’
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: GCC_ANALYZER_WARNING (CWE-688):
shadow-4.15.1/lib/env.c:19: included_from: Included from here.
shadow-4.15.1/lib/alloc.h: scope_hint: In function ‘xstrdup’
shadow-4.15.1/lib/alloc.h:112:16: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(0, strlen(str) + 1, 1)’ where non-null expected
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h: scope_hint: In function ‘xstrdup’
<built-in>: note: argument 1 of ‘__builtin_strcpy’ must be non-null
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: CLANG_WARNING:
shadow-4.15.1/src/gpasswd.c:24: included_from: Included from here.
shadow-4.15.1/lib/alloc.h:112:24: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 110| xstrdup(const char *str)
# 111| {
# 112|-> return strcpy(XMALLOC(strlen(str) + 1, char), str);
# 113| }
# 114|
Error: COMPILER_WARNING (CWE-252):
shadow-4.15.1/lib/audit_help.c: scope_hint: In function ‘audit_logger’
shadow-4.15.1/lib/audit_help.c:66:17: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
# 66 | audit_log_acct_message (audit_fd, type, NULL, op, name, id,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 67 | NULL, NULL, NULL, result);
# | ~~~~~~~~~~~~~~~~~~~~~~~~~
# 64| return;
# 65| } else {
# 66|-> audit_log_acct_message (audit_fd, type, NULL, op, name, id,
# 67| NULL, NULL, NULL, result);
# 68| }
Error: COMPILER_WARNING (CWE-252):
shadow-4.15.1/lib/audit_help.c: scope_hint: In function ‘audit_logger_with_group’
shadow-4.15.1/lib/audit_help.c:100:9: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
# 100 | audit_log_acct_message (audit_fd, type, NULL, buf, name, id,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 101 | NULL, NULL, NULL, (int) result);
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 98| snprintf(buf, sizeof(buf), "%s grp=\"%s\"", op, grp);
# 99| }
# 100|-> audit_log_acct_message (audit_fd, type, NULL, buf, name, id,
# 101| NULL, NULL, NULL, (int) result);
# 102| }
Error: COMPILER_WARNING (CWE-252):
shadow-4.15.1/lib/audit_help.c: scope_hint: In function ‘audit_logger_message’
shadow-4.15.1/lib/audit_help.c:109:17: warning[-Wunused-result]: ignoring return value of ‘audit_log_user_message’ declared with attribute ‘warn_unused_result’
# 109 | audit_log_user_message (audit_fd,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 110 | AUDIT_USYS_CONFIG,
# | ~~~~~~~~~~~~~~~~~~
# 111 | message,
# | ~~~~~~~~
# 112 | NULL, /* hostname */
# | ~~~~~~~~~~~~~~~~~~~~
# 113 | NULL, /* addr */
# | ~~~~~~~~~~~~~~~~
# 114 | NULL, /* tty */
# | ~~~~~~~~~~~~~~~
# 115 | result);
# | ~~~~~~~
# 107| return;
# 108| } else {
# 109|-> audit_log_user_message (audit_fd,
# 110| AUDIT_USYS_CONFIG,
# 111| message,
Error: GCC_ANALYZER_WARNING (CWE-476):
shadow-4.15.1/lib/commonio.c: scope_hint: In function ‘commonio_sort_wrt’
shadow-4.15.1/lib/commonio.c:858:28: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘*shadow.head’
# 856| }
# 857|
# 858|-> shadow->head->prev = NULL;
# 859| shadow->changed = true;
# 860|
Error: GCC_ANALYZER_WARNING (CWE-476):
shadow-4.15.1/lib/copydir.c: scope_hint: In function ‘check_link’
shadow-4.15.1/lib/copydir.c:230:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, 1, 40)’
shadow-4.15.1/lib/alloc.h:15: included_from: Included from here.
shadow-4.15.1/lib/copydir.c:21: included_from: Included from here.
shadow-4.15.1/lib/copydir.c:15: included_from: Included from here.
shadow-4.15.1/lib/must_be.h:13: included_from: Included from here.
shadow-4.15.1/lib/sizeof.h:15: included_from: Included from here.
shadow-4.15.1/lib/string/sprintf.h:19: included_from: Included from here.
shadow-4.15.1/lib/copydir.c:39: included_from: Included from here.
shadow-4.15.1/lib/copydir.c:229:14: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/copydir.c: scope_hint: In function ‘check_link’
# 228|
# 229| lp = XMALLOC(1, struct link_name);
# 230|-> lp->ln_dev = sb->st_dev;
# 231| lp->ln_ino = sb->st_ino;
# 232| lp->ln_count = sb->st_nlink;
Error: GCC_ANALYZER_WARNING (CWE-122):
shadow-4.15.1/lib/find_new_gid.c: scope_hint: In function ‘check_gid.part.0’
shadow-4.15.1/lib/find_new_gid.c:125:43: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
shadow-4.15.1/lib/alloc.h:14: included_from: Included from here.
shadow-4.15.1/lib/find_new_gid.c:15: included_from: Included from here.
# └──────────────────────┘
# ^
# 123| * using the gr_next() loop
# 124| */
# 125|-> if (used_gids != NULL && used_gids[gid]) {
# 126| return EEXIST;
# 127| }
Error: CLANG_WARNING:
shadow-4.15.1/lib/find_new_gid.c:268:27: warning[unix.Malloc]: Use of memory allocated with size zero
# 266| && grp->gr_gid <= gid_max) {
# 267|
# 268|-> used_gids[grp->gr_gid] = true;
# 269| }
# 270| }
Error: GCC_ANALYZER_WARNING (CWE-122):
shadow-4.15.1/lib/find_new_uid.c: scope_hint: In function ‘check_uid.part.0’
shadow-4.15.1/lib/find_new_uid.c:125:43: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
shadow-4.15.1/lib/alloc.h:14: included_from: Included from here.
shadow-4.15.1/lib/find_new_uid.c:15: included_from: Included from here.
# └──────────────────────┘
# ^
# 123| * using the pw_next() loop
# 124| */
# 125|-> if (used_uids != NULL && used_uids[uid]) {
# 126| return EEXIST;
# 127| }
Error: CLANG_WARNING:
shadow-4.15.1/lib/find_new_uid.c:268:27: warning[unix.Malloc]: Use of memory allocated with size zero
# 266| && pwd->pw_uid <= uid_max) {
# 267|
# 268|-> used_uids[pwd->pw_uid] = true;
# 269| }
# 270| }
Error: GCC_ANALYZER_WARNING (CWE-457):
shadow-4.15.1/lib/getdate.c: scope_hint: In function ‘gd_parse’
shadow-4.15.1/lib/getdate.c:671:7: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyss’
shadow-4.15.1/lib/getdate.c:656:9: note: in expansion of macro ‘YYCOPY’
shadow-4.15.1/lib/getdate.c:1220:9: note: in expansion of macro ‘YYSTACK_RELOCATE’
shadow-4.15.1/lib/getdate.c:656:9: note: in expansion of macro ‘YYCOPY’
shadow-4.15.1/lib/getdate.c:1220:9: note: in expansion of macro ‘YYSTACK_RELOCATE’
shadow-4.15.1/lib/getdate.c:656:9: note: in expansion of macro ‘YYCOPY’
shadow-4.15.1/lib/getdate.c:1220:9: note: in expansion of macro ‘YYSTACK_RELOCATE’
# 669| # if defined __GNUC__ && 1 < __GNUC__
# 670| # define YYCOPY(Dst, Src, Count) \
# 671|-> __builtin_memcpy (Dst, Src, YY_CAST (YYSIZE_T, (Count)) * sizeof (*(Src)))
# 672| # else
# 673| # define YYCOPY(Dst, Src, Count) \
Error: GCC_ANALYZER_WARNING (CWE-457):
shadow-4.15.1/lib/getdate.c:1347:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*(unsigned int *)<unknown>’
# 1345| unconditionally makes the parser a bit smaller, and it avoids a
# 1346| GCC warning that YYVAL may be used uninitialized. */
# 1347|-> yyval = yyvsp[1-yylen];
# 1348|
# 1349|
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/getdef.c: scope_hint: In function ‘putdef_str’
shadow-4.15.1/lib/getdef.c:394:18: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
# 392|
# 393| free (d->value);
# 394|-> d->value = cp;
# 395| return 0;
# 396| }
Error: COMPILER_WARNING (CWE-477):
shadow-4.15.1/lib/getdef.c: scope_hint: In function ‘def_load’
shadow-4.15.1/lib/getdef.c:484:9: warning[-Wdeprecated-declarations]: ‘econf_readDirs’ is deprecated: Use the econf_readConfig/econf_readConfigWithCallback instead
shadow-4.15.1/lib/getdef.c:22: included_from: Included from here.
/usr/include/libeconf.h:483:1: note: declared here
# 482| def_loaded = true;
# 483|
# 484|-> error = econf_readDirs (&defs_file, vendordir, sysconfdir, "login", "defs", " \t", "#");
# 485| if (error) {
# 486| if (error == ECONF_NOFILE)
Error: GCC_ANALYZER_WARNING (CWE-476):
shadow-4.15.1/lib/list.c: scope_hint: In function ‘add_list’
shadow-4.15.1/lib/list.c:59:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)(i + 2), 8)’
shadow-4.15.1/lib/list.c:50:15: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/list.c: scope_hint: In function ‘add_list’
# 57|
# 58| for (i = 0; list[i] != NULL; i++) {
# 59|-> tmp[i] = list[i];
# 60| }
# 61|
Error: GCC_ANALYZER_WARNING (CWE-476):
shadow-4.15.1/lib/list.c:62:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)(i + 2), 8)’
shadow-4.15.1/lib/list.c:50:15: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/list.c: scope_hint: In function ‘add_list’
# 60| }
# 61|
# 62|-> tmp[i] = xstrdup (member);
# 63| tmp[i+1] = NULL;
# 64|
Error: GCC_ANALYZER_WARNING (CWE-476):
shadow-4.15.1/lib/list.c: scope_hint: In function ‘del_list’
shadow-4.15.1/lib/list.c:115:32: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)(j + 1), 8)’
shadow-4.15.1/lib/alloc.h:27:50: note: in definition of macro ‘XMALLOC’
shadow-4.15.1/lib/list.c:105:15: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/list.c: scope_hint: In function ‘del_list’
# 113| for (i = j = 0; list[i] != NULL; i++) {
# 114| if (strcmp (list[i], member) != 0) {
# 115|-> tmp[j] = list[i];
# 116| j++;
# 117| }
Error: GCC_ANALYZER_WARNING (CWE-476):
shadow-4.15.1/lib/list.c:120:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)(j + 1), 8)’
shadow-4.15.1/lib/alloc.h:27:50: note: in definition of macro ‘XMALLOC’
shadow-4.15.1/lib/list.c:105:15: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/list.c: scope_hint: In function ‘del_list’
# 118| }
# 119|
# 120|-> tmp[j] = NULL;
# 121|
# 122| return tmp;
Error: GCC_ANALYZER_WARNING (CWE-476):
shadow-4.15.1/lib/list.c: scope_hint: In function ‘dup_list’
shadow-4.15.1/lib/list.c:145:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)(i + 1), 8)’
shadow-4.15.1/lib/list.c:141:15: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/list.c: scope_hint: In function ‘dup_list’
# 143| i = 0;
# 144| while (NULL != *list) {
# 145|-> tmp[i] = xstrdup (*list);
# 146| i++;
# 147| list++;
Error: GCC_ANALYZER_WARNING (CWE-476):
shadow-4.15.1/lib/list.c:150:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)(i + 1), 8)’
shadow-4.15.1/lib/list.c:141:15: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/list.c: scope_hint: In function ‘dup_list’
# 148| }
# 149|
# 150|-> tmp[i] = NULL;
# 151| return tmp;
# 152| }
Error: GCC_ANALYZER_WARNING (CWE-476):
shadow-4.15.1/lib/list.c: scope_hint: In function ‘comma_to_list’
shadow-4.15.1/lib/list.c:225:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)i, 8)’
shadow-4.15.1/lib/list.c:218:17: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/list.c: scope_hint: In function ‘comma_to_list’
# 223|
# 224| if ('\0' == *members) {
# 225|-> *array = NULL;
# 226| free (members);
# 227| return array;
Error: GCC_ANALYZER_WARNING (CWE-476):
shadow-4.15.1/lib/list.c:236:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)i, 8)’
shadow-4.15.1/lib/list.c:218:17: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/list.c: scope_hint: In function ‘comma_to_list’
# 234|
# 235| for (cp = members, i = 0;; i++) {
# 236|-> array[i] = cp;
# 237| cp2 = strchr (cp, ',');
# 238| if (NULL != cp2) {
Error: COMPILER_WARNING:
shadow-4.15.1/lib/sizeof.h:15: included_from: Included from here.
shadow-4.15.1/lib/utmp.c:26: included_from: Included from here.
shadow-4.15.1/lib/must_be.h:53:17: warning: anonymous struct declared inside parameter list will not be visible outside of this definition or declaration
# 53 | struct { \
# | ^~~~~~
shadow-4.15.1/lib/must_be.h:96:31: note: in expansion of macro ‘must_be’
# 96 | #define must_be_array(a) must_be(is_array(a))
# | ^~~~~~~
shadow-4.15.1/lib/sizeof.h:20:43: note: in expansion of macro ‘must_be_array’
# 20 | #define SIZEOF_ARRAY(a) (sizeof(a) + must_be_array(a))
# | ^~~~~~~~~~~~~
shadow-4.15.1/lib/sizeof.h:21:31: note: in expansion of macro ‘SIZEOF_ARRAY’
# 21 | #define NITEMS(a) (SIZEOF_ARRAY((a)) / sizeof((a)[0]))
# | ^~~~~~~~~~~~
shadow-4.15.1/lib/utmp.c:34:23: note: in expansion of macro ‘NITEMS’
# 34 | #define UTX_LINESIZE NITEMS(memberof(struct utmpx, ut_line))
# | ^~~~~~
shadow-4.15.1/lib/utmp.c:41:26: note: in expansion of macro ‘UTX_LINESIZE’
# 41 | is_my_tty(const char tty[UTX_LINESIZE])
# | ^~~~~~~~~~~~
# 51| ( \
# 52| 0 * (int) sizeof( \
# 53|-> struct { \
# 54| static_assert(e, ""); \
# 55| int ISO_C_forbids_a_struct_with_no_members_; \
Error: GCC_ANALYZER_WARNING (CWE-688):
shadow-4.15.1/lib/obscure.c: scope_hint: In function ‘password_check.part.0’
shadow-4.15.1/lib/obscure.c:103:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(0, strlen(str_lower(xstrdup(old))) * 2 + 1, 1)’ where non-null expected
shadow-4.15.1/lib/obscure.c:102:19: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/obscure.c: scope_hint: In function ‘password_check.part.0’
<built-in>: note: argument 1 of ‘__builtin_strcpy’ must be non-null
# 101| oldmono = str_lower (xstrdup (old));
# 102| wrapped = XMALLOC(strlen(oldmono) * 2 + 1, char);
# 103|-> strcpy (wrapped, oldmono);
# 104| strcat (wrapped, oldmono);
# 105|
Error: COMPILER_WARNING (CWE-563):
shadow-4.15.1/lib/prefix_flag.c:40:14: warning[-Wunused-variable]: ‘def_conf_file’ defined but not used
# 40 | static char *def_conf_file = NULL;
# | ^~~~~~~~~~~~~
# 38| static char *suid_db_file = NULL;
# 39| static char *sgid_db_file = NULL;
# 40|-> static char *def_conf_file = NULL;
# 41| static FILE* fp_pwent = NULL;
# 42| static FILE* fp_grent = NULL;
Error: CLANG_WARNING:
shadow-4.15.1/lib/readpassphrase.c:71:2: warning[deadcode.DeadStores]: Value stored to 'nr' is never read
# 69| for (i = 0; i < _NSIG; i++)
# 70| signo[i] = 0;
# 71|-> nr = -1;
# 72| save_errno = 0;
# 73| need_restart = 0;
Error: CLANG_WARNING:
shadow-4.15.1/lib/readpassphrase.c:72:2: warning[deadcode.DeadStores]: Value stored to 'save_errno' is never read
# 70| signo[i] = 0;
# 71| nr = -1;
# 72|-> save_errno = 0;
# 73| need_restart = 0;
# 74| /*
Error: GCC_ANALYZER_WARNING (CWE-775):
shadow-4.15.1/lib/readpassphrase.c: scope_hint: In function ‘readpassphrase’
shadow-4.15.1/lib/readpassphrase.c:93:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 2)’
# 91| * generate SIGTTOU, so do it *before* installing the signal handlers.
# 92| */
# 93|-> if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
# 94| memcpy(&term, &oterm, sizeof(term));
# 95| if (!(flags & RPP_ECHO_ON))
Error: COMPILER_WARNING (CWE-252):
shadow-4.15.1/lib/readpassphrase.c: scope_hint: In function ‘readpassphrase’
shadow-4.15.1/lib/readpassphrase.c:128:23: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 128 | (void)write(output, prompt, strlen(prompt));
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 126|
# 127| if (!(flags & RPP_STDIN))
# 128|-> (void)write(output, prompt, strlen(prompt));
# 129| end = buf + bufsiz - 1;
# 130| p = buf;
Error: COMPILER_WARNING (CWE-252):
shadow-4.15.1/lib/readpassphrase.c:147:23: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 147 | (void)write(output, "\n", 1);
# | ^~~~~~~~~~~~~~~~~~~~~~
# 145| save_errno = errno;
# 146| if (!(term.c_lflag & ECHO))
# 147|-> (void)write(output, "\n", 1);
# 148|
# 149| /* Restore old terminal settings and signals. */
Error: CLANG_WARNING:
shadow-4.15.1/lib/salt.c:376:3: warning[deadcode.DeadStores]: Value stored to 'salt_len' is never read
# 374| if (0 == strcmp (method, "MD5")) {
# 375| MAGNUM(result, '1');
# 376|-> salt_len = MD5_CRYPT_SALT_SIZE;
# 377| rounds = 0;
# 378| #ifdef USE_BCRYPT
Error: CLANG_WARNING:
shadow-4.15.1/lib/salt.c:381:3: warning[deadcode.DeadStores]: Value stored to 'salt_len' is never read
# 379| } else if (0 == strcmp (method, "BCRYPT")) {
# 380| BCRYPTMAGNUM(result);
# 381|-> salt_len = BCRYPT_SALT_SIZE;
# 382| rounds = BCRYPT_get_salt_rounds (arg);
# 383| BCRYPT_salt_rounds_to_buf (result, rounds);
Error: CLANG_WARNING:
shadow-4.15.1/lib/salt.c:388:3: warning[deadcode.DeadStores]: Value stored to 'salt_len' is never read
# 386| } else if (0 == strcmp (method, "YESCRYPT")) {
# 387| MAGNUM(result, 'y');
# 388|-> salt_len = YESCRYPT_SALT_SIZE;
# 389| rounds = YESCRYPT_get_salt_cost (arg);
# 390| YESCRYPT_salt_cost_to_buf (result, rounds);
Error: CLANG_WARNING:
shadow-4.15.1/lib/salt.c:395:3: warning[deadcode.DeadStores]: Value stored to 'salt_len' is never read
# 393| } else if (0 == strcmp (method, "SHA256")) {
# 394| MAGNUM(result, '5');
# 395|-> salt_len = SHA_CRYPT_SALT_SIZE;
# 396| rounds = SHA_get_salt_rounds (arg);
# 397| SHA_salt_rounds_to_buf (result, rounds);
Error: CLANG_WARNING:
shadow-4.15.1/lib/salt.c:400:3: warning[deadcode.DeadStores]: Value stored to 'salt_len' is never read
# 398| } else if (0 == strcmp (method, "SHA512")) {
# 399| MAGNUM(result, '6');
# 400|-> salt_len = SHA_CRYPT_SALT_SIZE;
# 401| rounds = SHA_get_salt_rounds (arg);
# 402| SHA_salt_rounds_to_buf (result, rounds);
Error: CLANG_WARNING:
shadow-4.15.1/lib/salt.c:409:3: warning[deadcode.DeadStores]: Value stored to 'salt_len' is never read
# 407| "Defaulting to DES.\n"),
# 408| method);
# 409|-> salt_len = MAX_SALT_SIZE;
# 410| rounds = 0;
# 411| bzero(result, GENSALT_SETTING_SIZE);
Error: COMPILER_WARNING (CWE-563):
shadow-4.15.1/lib/commonio.c:28: included_from: Included from here.
shadow-4.15.1/lib/commonio.c: scope_hint: In function ‘dec_lock_count’
shadow-4.15.1/lib/sssd.h:13:35: warning[-Wunused-value]: statement with no effect
# 13 | #define sssd_flush_cache(service) (0)
# | ^
shadow-4.15.1/lib/commonio.c:458:33: note: in expansion of macro ‘sssd_flush_cache’
# 458 | sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
# | ^~~~~~~~~~~~~~~~
# 11| extern int sssd_flush_cache (int dbflags);
# 12| #else
# 13|-> #define sssd_flush_cache(service) (0)
# 14| #endif
# 15|
Error: COMPILER_WARNING:
shadow-4.15.1/lib/log.c:22: included_from: Included from here.
shadow-4.15.1/lib/log.c: scope_hint: In function ‘dolastlog’
shadow-4.15.1/lib/string/strncpy.h:18:28: warning[-Wstringop-truncation]: ‘strncpy’ specified bound 256 equals destination size
# 18 | #define STRNCPY(dst, src) strncpy(dst, src, NITEMS(dst))
# | ^~~~~~~
# 16|
# 17|
# 18|-> #define STRNCPY(dst, src) strncpy(dst, src, NITEMS(dst))
# 19|
# 20|
Error: GCC_ANALYZER_WARNING (CWE-688):
shadow-4.15.1/lib/utmp.c:29: included_from: Included from here.
shadow-4.15.1/lib/string/zustr2stp.h: scope_hint: In function ‘zustr2stp’
shadow-4.15.1/lib/string/zustr2stp.h:75:23: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘dst’ where non-null expected
shadow-4.15.1/lib/string/zustr2stp.h:13: included_from: Included from here.
shadow-4.15.1/lib/utmp.c:25: included_from: Included from here.
shadow-4.15.1/lib/utmp.c:264:28: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/utmp.c: scope_hint: In function ‘zustr2stp’
shadow-4.15.1/lib/utmp.c:265:17: note: in expansion of macro ‘ZUSTR2STP’
shadow-4.15.1/lib/defines.h:30: included_from: Included from here.
shadow-4.15.1/lib/utmp.c:12: included_from: Included from here.
/usr/include/string.h:400:14: note: argument 1 of ‘mempcpy’ must be non-null
# 73| zustr2stp(char *restrict dst, const char *restrict src, size_t sz)
# 74| {
# 75|-> return stpcpy(mempcpy(dst, src, strnlen(src, sz)), "");
# 76| }
# 77|
Error: GCC_ANALYZER_WARNING (CWE-775):
shadow-4.15.1/lib/sulog.c: scope_hint: In function ‘sulog’
shadow-4.15.1/lib/sulog.c:59:27: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(getdef_str("SULOG_FILE"), "a+")’
shadow-4.15.1/lib/prototypes.h:35: included_from: Included from here.
shadow-4.15.1/lib/sulog.c:18: included_from: Included from here.
shadow-4.15.1/lib/sulog.c:35:17: note: in expansion of macro ‘SYSLOG’
# 57| fp = fopen (sulog_file, "a+");
# 58| (void) umask (oldmask);
# 59|-> if ((oldgid != 0) && (setgid (oldgid) != 0)) {
# 60| perror ("setgid");
# 61| SYSLOG ((LOG_ERR,
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/sulog.c:59:27: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(getdef_str("SULOG_FILE"), "a+")’
shadow-4.15.1/lib/sulog.c:35:17: note: in expansion of macro ‘SYSLOG’
# 57| fp = fopen (sulog_file, "a+");
# 58| (void) umask (oldmask);
# 59|-> if ((oldgid != 0) && (setgid (oldgid) != 0)) {
# 60| perror ("setgid");
# 61| SYSLOG ((LOG_ERR,
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/lib/utmp.c: scope_hint: In function ‘get_session_host’
shadow-4.15.1/lib/utmp.c:155:27: warning[-Wanalyzer-malloc-leak]: leak of ‘get_current_utmp()’
shadow-4.15.1/lib/utmp.c:168:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/utmp.c: scope_hint: In function ‘get_session_host’
# 153| /* First, try to find a valid utmp entry for this process. */
# 154| while ((ut = getutxent()) != NULL) {
# 155|-> if ( (ut->ut_pid == getpid ())
# 156| && ('\0' != ut->ut_id[0])
# 157| && ( (LOGIN_PROCESS == ut->ut_type)
Error: GCC_ANALYZER_WARNING (CWE-688):
shadow-4.15.1/lib/utmp.c: scope_hint: In function ‘get_current_utmp’
shadow-4.15.1/lib/utmp.c:169:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(0, 1, 384)’ where non-null expected
shadow-4.15.1/lib/utmp.c:168:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/utmp.c: scope_hint: In function ‘get_current_utmp’
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 167| if (NULL != ut) {
# 168| ret = XMALLOC(1, struct utmpx);
# 169|-> memcpy (ret, ut, sizeof (*ret));
# 170| }
# 171|
Error: GCC_ANALYZER_WARNING (CWE-688):
shadow-4.15.1/lib/utmp.c: scope_hint: In function ‘prepare_utmp’
shadow-4.15.1/lib/utmp.c:260:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(0, strlen(host) + 1, 1)’ where non-null expected
shadow-4.15.1/lib/alloc.h:27:50: note: in definition of macro ‘XMALLOC’
shadow-4.15.1/lib/utmp.c:259:28: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/utmp.c: scope_hint: In function ‘prepare_utmp’
<built-in>: note: argument 1 of ‘__builtin_strcpy’ must be non-null
# 258| && ('\0' != host[0])) {
# 259| hostname = XMALLOC(strlen(host) + 1, char);
# 260|-> strcpy (hostname, host);
# 261| #if defined(HAVE_STRUCT_UTMPX_UT_HOST)
# 262| } else if ( (NULL != ut)
Error: GCC_ANALYZER_WARNING (CWE-476):
shadow-4.15.1/lib/utmp.c:277:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xcalloc(1, 384)’
shadow-4.15.1/lib/utmp.c:274:17: note: in expansion of macro ‘XCALLOC’
# 275|
# 276|
# 277|-> utent->ut_type = USER_PROCESS;
# 278| utent->ut_pid = getpid ();
# 279| STRNCPY(utent->ut_line, line);
Error: GCC_ANALYZER_WARNING (CWE-688):
shadow-4.15.1/lib/xgetpwnam.c:40: included_from: Included from here.
shadow-4.15.1/lib/xgetXXbyYY.c: scope_hint: In function ‘xgetpwnam’
shadow-4.15.1/lib/xgetpwnam.c:34:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(buffer, length, 1)’ where non-null expected
shadow-4.15.1/lib/xgetXXbyYY.c:43:25: note: in definition of macro ‘APPEND_R1’
shadow-4.15.1/lib/xgetXXbyYY.c:41:24: note: in expansion of macro ‘APPEND_R’
shadow-4.15.1/lib/xgetXXbyYY.c:41:34: note: in expansion of macro ‘FUNCTION_NAME’
shadow-4.15.1/lib/xgetXXbyYY.c:64:26: note: in expansion of macro ‘REENTRANT_NAME’
shadow-4.15.1/lib/xgetXXbyYY.c:34: included_from: Included from here.
shadow-4.15.1/lib/xgetXXbyYY.c:63:26: note: in expansion of macro ‘XREALLOC’
shadow-4.15.1/lib/xgetXXbyYY.c:43:25: note: in definition of macro ‘APPEND_R1’
shadow-4.15.1/lib/xgetXXbyYY.c:41:24: note: in expansion of macro ‘APPEND_R’
shadow-4.15.1/lib/xgetXXbyYY.c:41:34: note: in expansion of macro ‘FUNCTION_NAME’
shadow-4.15.1/lib/xgetXXbyYY.c:64:26: note: in expansion of macro ‘REENTRANT_NAME’
shadow-4.15.1/lib/pwio.h:16: included_from: Included from here.
shadow-4.15.1/lib/xgetpwnam.c:31: included_from: Included from here.
/usr/include/pwd.h:153:12: note: argument 3 of ‘getpwnam_r’ must be non-null
# 32|
# 33| #define LOOKUP_TYPE struct passwd
# 34|-> #define FUNCTION_NAME getpwnam
# 35| #define ARG_TYPE const char *
# 36| #define ARG_NAME name
Error: GCC_ANALYZER_WARNING (CWE-688):
shadow-4.15.1/lib/xgetpwuid.c:40: included_from: Included from here.
shadow-4.15.1/lib/xgetXXbyYY.c: scope_hint: In function ‘xgetpwuid’
shadow-4.15.1/lib/xgetpwuid.c:34:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(buffer, length, 1)’ where non-null expected
shadow-4.15.1/lib/xgetXXbyYY.c:43:25: note: in definition of macro ‘APPEND_R1’
shadow-4.15.1/lib/xgetXXbyYY.c:41:24: note: in expansion of macro ‘APPEND_R’
shadow-4.15.1/lib/xgetXXbyYY.c:41:34: note: in expansion of macro ‘FUNCTION_NAME’
shadow-4.15.1/lib/xgetXXbyYY.c:64:26: note: in expansion of macro ‘REENTRANT_NAME’
shadow-4.15.1/lib/xgetXXbyYY.c:34: included_from: Included from here.
shadow-4.15.1/lib/xgetXXbyYY.c:63:26: note: in expansion of macro ‘XREALLOC’
shadow-4.15.1/lib/xgetXXbyYY.c:43:25: note: in definition of macro ‘APPEND_R1’
shadow-4.15.1/lib/xgetXXbyYY.c:41:24: note: in expansion of macro ‘APPEND_R’
shadow-4.15.1/lib/xgetXXbyYY.c:41:34: note: in expansion of macro ‘FUNCTION_NAME’
shadow-4.15.1/lib/xgetXXbyYY.c:64:26: note: in expansion of macro ‘REENTRANT_NAME’
shadow-4.15.1/lib/pwio.h:16: included_from: Included from here.
shadow-4.15.1/lib/xgetpwuid.c:31: included_from: Included from here.
/usr/include/pwd.h:146:12: note: argument 3 of ‘getpwuid_r’ must be non-null
# 32|
# 33| #define LOOKUP_TYPE struct passwd
# 34|-> #define FUNCTION_NAME getpwuid
# 35| #define ARG_TYPE uid_t
# 36| #define ARG_NAME uid
Error: CLANG_WARNING:
shadow-4.15.1/libsubid/api.c:32:6: warning[unix.Malloc]: Potential leak of memory pointed to by 'progname'
# 30| }
# 31|
# 32|-> if (logfd) {
# 33| log_set_logfd(logfd);
# 34| return true;
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/libsubid/api.c: scope_hint: In function ‘subid_init’
shadow-4.15.1/libsubid/api.c:33:17: warning[-Wanalyzer-malloc-leak]: leak of ‘progname’
# 31|
# 32| if (logfd) {
# 33|-> log_set_logfd(logfd);
# 34| return true;
# 35| }
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/libsubid/api.c:38:17: warning[-Wanalyzer-malloc-leak]: leak of ‘progname’
# 36| shadow_logfd = fopen("/dev/null", "w");
# 37| if (!shadow_logfd) {
# 38|-> log_set_logfd(stderr);
# 39| return false;
# 40| }
Error: CLANG_WARNING:
shadow-4.15.1/src/chgpasswd.c:203:39: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 201| #endif /* USE_SHA_CRYPT */
# 202| #if defined(USE_BCRYPT)
# 203|-> if (( (0 == strcmp (crypt_method, "BCRYPT"))
# 204| && (-1 == getlong(optarg, &bcrypt_rounds)))) {
# 205| bad_s = 1;
Error: CLANG_WARNING:
shadow-4.15.1/src/chgpasswd.c:209:39: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 207| #endif /* USE_BCRYPT */
# 208| #if defined(USE_YESCRYPT)
# 209|-> if (( (0 == strcmp (crypt_method, "YESCRYPT"))
# 210| && (-1 == getlong(optarg, &yescrypt_cost)))) {
# 211| bad_s = 1;
Error: CLANG_WARNING:
shadow-4.15.1/src/chgpasswd.c:608:5: warning[core.CallAndMessage]: 6th function call argument is an uninitialized value
# 606| {
# 607| if (gr_update (&newgr) == 0) {
# 608|-> fprintf (stderr,
# 609| _("%s: line %d: failed to prepare the new %s entry '%s'\n"),
# 610| Prog, line, gr_dbname (), newgr.gr_name);
Error: CLANG_WARNING:
shadow-4.15.1/src/chpasswd.c:662:5: warning[core.CallAndMessage]: 6th function call argument is an uninitialized value
# 660| || (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
# 661| if (pw_update (&newpw) == 0) {
# 662|-> fprintf (stderr,
# 663| _("%s: line %d: failed to prepare the new %s entry '%s'\n"),
# 664| Prog, line, pw_dbname (), newpw.pw_name);
Error: CPPCHECK_WARNING (CWE-908):
shadow-4.15.1/src/faillog.c:676: error[useClosedFile]: Used file that is not opened.
# 674| _("%s: Failed to write %s: %s\n"),
# 675| Prog, FAILLOG_FILE, strerror (errno));
# 676|-> (void) fclose (fail);
# 677| errors = true;
# 678| }
Error: COMPILER_WARNING (CWE-252):
shadow-4.15.1/src/gpasswd.c: scope_hint: In function ‘catch_signals’
shadow-4.15.1/src/gpasswd.c:160:24: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 160 | (void) write (STDOUT_FILENO, "\n", 1);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 158|
# 159| if (0 != killed) {
# 160|-> (void) write (STDOUT_FILENO, "\n", 1);
# 161| _exit (killed);
# 162| }
Error: CLANG_WARNING:
shadow-4.15.1/src/gpasswd.c:705:3: warning[core.CallAndMessage]: 5th function call argument is an uninitialized value
# 703| #ifdef SHADOWGRP
# 704| if (is_shadowgrp && (sgr_update (sg) == 0)) {
# 705|-> fprintf (stderr,
# 706| _("%s: failed to prepare the new %s entry '%s'\n"),
# 707| Prog, sgr_dbname (), sg->sg_name);
Error: GCC_ANALYZER_WARNING (CWE-476):
shadow-4.15.1/src/gpasswd.c: scope_hint: In function ‘get_group’
shadow-4.15.1/src/gpasswd.c:793:47: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, 2, 8)’
shadow-4.15.1/src/gpasswd.c:785:38: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/src/gpasswd.c: scope_hint: In function ‘get_group’
# 791| #endif
# 792| {
# 793|-> sg->sg_adm[0] = NULL;
# 794| }
# 795|
Error: CLANG_WARNING:
shadow-4.15.1/src/gpasswd.c:1135:3: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 1133| #ifdef SHADOWGRP
# 1134| if (is_shadowgrp) {
# 1135|-> free(sgent.sg_adm);
# 1136| free(sgent.sg_mem);
# 1137| }
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/src/groupmems.c: scope_hint: In function ‘process_flags’
shadow-4.15.1/src/groupmems.c:391:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h: scope_hint: In function ‘process_flags’
# 389| case 'a':
# 390| adduser = xstrdup (optarg);
# 391|-> ++exclusive;
# 392| break;
# 393| case 'd':
Error: CLANG_WARNING:
shadow-4.15.1/src/groupmod.c:616:3: warning[deadcode.DeadStores]: Value stored to 'sgr' is never read
# 614| gr = stpecpy(gr, gr_end, ", new password");
# 615| #ifdef SHADOWGRP
# 616|-> sgr = stpecpy(sgr, sgr_end, ", new password");
# 617| #endif
# 618| }
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/src/groups.c: scope_hint: In function ‘main’
shadow-4.15.1/src/groups.c:103:12: warning[-Wanalyzer-malloc-leak]: leak of ‘xreallocarray(0, (long unsigned int)sys_ngroups, 4)’
shadow-4.15.1/src/groups.c:18: included_from: Included from here.
shadow-4.15.1/src/groups.c:94:18: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/src/groups.c: scope_hint: In function ‘main’
# 101| log_set_logfd(stderr);
# 102|
# 103|-> if (argc == 1) {
# 104|
# 105| /*
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/src/id.c: scope_hint: In function ‘main’
shadow-4.15.1/src/id.c:77:20: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarray(0, (long unsigned int)sys_ngroups, 4)’
shadow-4.15.1/src/id.c:27: included_from: Included from here.
shadow-4.15.1/src/id.c:69:18: note: in expansion of macro ‘MALLOC’
shadow-4.15.1/src/id.c: scope_hint: In function ‘main’
# 75|
# 76| if (argc > 1) {
# 77|-> if ((argc > 2) || (strcmp (argv[1], "-a") != 0)) {
# 78| usage ();
# 79| } else {
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/src/id.c:77:36: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarray(0, (long unsigned int)sys_ngroups, 4)’
shadow-4.15.1/src/id.c:69:18: note: in expansion of macro ‘MALLOC’
shadow-4.15.1/src/id.c: scope_hint: In function ‘main’
# 75|
# 76| if (argc > 1) {
# 77|-> if ((argc > 2) || (strcmp (argv[1], "-a") != 0)) {
# 78| usage ();
# 79| } else {
Error: COMPILER_WARNING (CWE-563):
shadow-4.15.1/src/login.c: scope_hint: In function ‘main’
shadow-4.15.1/src/login.c:481:24: warning[-Wunused-but-set-variable]: variable ‘subroot’ set but not used
# 481 | bool subroot = false;
# | ^~~~~~~
# 479| {
# 480| int err;
# 481|-> bool subroot = false;
# 482| char **envp = environ;
# 483| char *host = NULL;
Error: CLANG_WARNING:
shadow-4.15.1/src/login.c:711:13: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 709| }
# 710|
# 711|-> retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
# 712| PAM_FAIL_CHECK;
# 713|
Error: CLANG_WARNING:
shadow-4.15.1/src/login.c:718:14: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 716| get_pam_user (&pam_user);
# 717| if ((NULL != pam_user) && ('\0' == pam_user[0])) {
# 718|-> retcode = pam_set_item (pamh, PAM_USER, NULL);
# 719| PAM_FAIL_CHECK;
# 720| }
Error: CLANG_WARNING:
shadow-4.15.1/src/login.c:738:5: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 736| if (delay > 0) {
# 737| retcode = pam_fail_delay(pamh, 1000000*delay);
# 738|-> PAM_FAIL_CHECK;
# 739| }
# 740| #endif
Error: CLANG_WARNING:
shadow-4.15.1/src/login.c:742:14: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 740| #endif
# 741|
# 742|-> retcode = pam_authenticate (pamh, 0);
# 743|
# 744| get_pam_user (&pam_user);
Error: CLANG_WARNING:
shadow-4.15.1/src/login.c:754:5: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 752| _("Maximum number of tries exceeded (%u)\n"),
# 753| failcount);
# 754|-> PAM_END;
# 755| exit(0);
# 756| } else if (retcode == PAM_ABORT) {
Error: CLANG_WARNING:
shadow-4.15.1/src/login.c:760:5: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 758| (void) fputs (_("login: abort requested by PAM\n"), stderr);
# 759| SYSLOG ((LOG_ERR,"PAM_ABORT returned from pam_authenticate()"));
# 760|-> PAM_END;
# 761| exit(99);
# 762| } else if (retcode != PAM_SUCCESS) {
Error: COMPILER_WARNING (CWE-252):
shadow-4.15.1/src/login.c:775:25: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
# 775 | audit_log_acct_message (audit_fd,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 776 | AUDIT_USER_LOGIN,
# | ~~~~~~~~~~~~~~~~~
# 777 | NULL, /* Prog. name */
# | ~~~~~~~~~~~~~~~~~~~~~~~~~
# 778 | "login",
# | ~~~~~~~~
# 779 | failent_user,
# | ~~~~~~~~~~~~~
# 780 | AUDIT_NO_ID,
# | ~~~~~~~~~~~~
# 781 | hostname,
# | ~~~~~~~~~
# 782 | NULL, /* addr */
# | ~~~~~~~~~~~~~~~~~~~
# 783 | tty,
# | ~~~~
# 784 | 0); /* result */
# | ~~
# 773| #ifdef WITH_AUDIT
# 774| audit_fd = audit_open ();
# 775|-> audit_log_acct_message (audit_fd,
# 776| AUDIT_USER_LOGIN,
# 777| NULL, /* Prog. name */
Error: CLANG_WARNING:
shadow-4.15.1/src/login.c:798:5: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 796| _("Maximum number of tries exceeded (%u)\n"),
# 797| failcount);
# 798|-> PAM_END;
# 799| exit(0);
# 800| }
Error: CLANG_WARNING:
shadow-4.15.1/src/login.c:807:14: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 805| * line, prompt again for the username.
# 806| */
# 807|-> retcode = pam_set_item (pamh, PAM_USER, NULL);
# 808| PAM_FAIL_CHECK;
# 809| }
Error: CLANG_WARNING:
shadow-4.15.1/src/login.c:816:12: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 814|
# 815| /* Check the account validity */
# 816|-> retcode = pam_acct_mgmt (pamh, 0);
# 817| if (retcode == PAM_NEW_AUTHTOK_REQD) {
# 818| retcode = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
Error: CLANG_WARNING:
shadow-4.15.1/src/login.c:1078:3: warning[deadcode.DeadStores]: Value stored to 'subroot' is never read
# 1076| pwd->pw_shell++; /* skip the '*' */
# 1077| subsystem (pwd); /* figure out what to execute */
# 1078|-> subroot = true; /* say I was here again */
# 1079| endpwent (); /* close all of the file which were */
# 1080| endgrent (); /* open in the original rooted file */
Error: COMPILER_WARNING (CWE-252):
shadow-4.15.1/src/login.c:1090:9: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
# 1090 | audit_log_acct_message (audit_fd,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1091 | AUDIT_USER_LOGIN,
# | ~~~~~~~~~~~~~~~~~
# 1092 | NULL, /* Prog. name */
# | ~~~~~~~~~~~~~~~~~~~~~~~~~
# 1093 | "login",
# | ~~~~~~~~
# 1094 | username,
# | ~~~~~~~~~
# 1095 | AUDIT_NO_ID,
# | ~~~~~~~~~~~~
# 1096 | hostname,
# | ~~~~~~~~~
# 1097 | NULL, /* addr */
# | ~~~~~~~~~~~~~~~~~~~
# 1098 | tty,
# | ~~~~
# 1099 | 1); /* result */
# | ~~
# 1088| #ifdef WITH_AUDIT
# 1089| audit_fd = audit_open ();
# 1090|-> audit_log_acct_message (audit_fd,
# 1091| AUDIT_USER_LOGIN,
# 1092| NULL, /* Prog. name */
Error: GCC_ANALYZER_WARNING (CWE-688):
shadow-4.15.1/src/passwd.c: scope_hint: In function ‘update_crypt_pw’
shadow-4.15.1/src/passwd.c:532:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(0, strlen(cp) + 2, 1)’ where non-null expected
shadow-4.15.1/lib/alloc.h:27:50: note: in definition of macro ‘XMALLOC’
shadow-4.15.1/src/passwd.c:530:31: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/src/passwd.c: scope_hint: In function ‘update_crypt_pw’
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 530| char *newpw = XMALLOC(strlen(cp) + 2, char);
# 531|
# 532|-> strcpy (newpw, "!");
# 533| strcat (newpw, cp);
# 534| if (!use_pam)
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/src/passwd.c:542:16: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h: scope_hint: In function ‘update_crypt_pw’
shadow-4.15.1/lib/alloc.h:27:50: note: in definition of macro ‘XMALLOC’
# 540| cp = newpw;
# 541| }
# 542|-> return cp;
# 543| }
# 544|
Error: COMPILER_WARNING (CWE-252):
shadow-4.15.1/src/su.c: scope_hint: In function ‘su_failure’
shadow-4.15.1/src/su.c:211:9: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
# 211 | audit_log_acct_message (audit_fd,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 212 | AUDIT_USER_ROLE_CHANGE,
# | ~~~~~~~~~~~~~~~~~~~~~~~
# 213 | NULL, /* Prog. name */
# | ~~~~~~~~~~~~~~~~~~~~~~~~~
# 214 | "su",
# | ~~~~~
# 215 | ('\0' != caller_name[0]) ? caller_name : "???",
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 216 | AUDIT_NO_ID,
# | ~~~~~~~~~~~~
# 217 | "localhost",
# | ~~~~~~~~~~~~
# 218 | NULL, /* addr */
# | ~~~~~~~~~~~~~~~~~~~
# 219 | tty,
# | ~~~~
# 220 | 0); /* result */
# | ~~
# 209| #ifdef WITH_AUDIT
# 210| audit_fd = audit_open ();
# 211|-> audit_log_acct_message (audit_fd,
# 212| AUDIT_USER_ROLE_CHANGE,
# 213| NULL, /* Prog. name */
Error: GCC_ANALYZER_WARNING (CWE-476):
shadow-4.15.1/src/su.c: scope_hint: In function ‘execve_shell’
shadow-4.15.1/src/su.c:250:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, n_args + 3, 8)’
shadow-4.15.1/src/su.c:249:25: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/src/su.c: scope_hint: In function ‘execve_shell’
# 248| }
# 249| targs = XMALLOC(n_args + 3, char *);
# 250|-> targs[0] = "sh";
# 251| targs[1] = "-";
# 252| targs[2] = xstrdup (shellname);
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/src/su.c:259:24: warning[-Wanalyzer-malloc-leak]: leak of ‘xreallocarray(0, n_args + 3, 8)’
shadow-4.15.1/src/su.c:249:25: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/src/su.c: scope_hint: In function ‘execve_shell’
# 257| }
# 258|
# 259|-> (void) execve (SHELL, targs, envp);
# 260| } else {
# 261| errno = err;
Error: CLANG_WARNING:
shadow-4.15.1/src/su.c:464:8: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 462| {
# 463| int ret;
# 464|-> ret = pam_authenticate (pamh, 0);
# 465| if (PAM_SUCCESS != ret) {
# 466| SYSLOG (((pw->pw_uid != 0)? LOG_NOTICE : LOG_WARN, "pam_authenticate: %s",
Error: COMPILER_WARNING (CWE-252):
shadow-4.15.1/src/su.c: scope_hint: In function ‘main’
shadow-4.15.1/src/su.c:1134:9: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
# 1134 | audit_log_acct_message (audit_fd,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1135 | AUDIT_USER_ROLE_CHANGE,
# | ~~~~~~~~~~~~~~~~~~~~~~~
# 1136 | NULL, /* Prog. name */
# | ~~~~~~~~~~~~~~~~~~~~~~~~~
# 1137 | "su",
# | ~~~~~
# 1138 | ('\0' != caller_name[0]) ? caller_name : "???",
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1139 | AUDIT_NO_ID,
# | ~~~~~~~~~~~~
# 1140 | "localhost",
# | ~~~~~~~~~~~~
# 1141 | NULL, /* addr */
# | ~~~~~~~~~~~~~~~~~~~
# 1142 | caller_tty,
# | ~~~~~~~~~~~
# 1143 | 1); /* result */
# | ~~
# 1132| #ifdef WITH_AUDIT
# 1133| audit_fd = audit_open ();
# 1134|-> audit_log_acct_message (audit_fd,
# 1135| AUDIT_USER_ROLE_CHANGE,
# 1136| NULL, /* Prog. name */
Error: GCC_ANALYZER_WARNING (CWE-775):
shadow-4.15.1/src/sulogin.c: scope_hint: In function ‘main’
shadow-4.15.1/src/sulogin.c:87:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(argv[1], 2)’
# 85| close (2);
# 86|
# 87|-> if (open (argv[1], O_RDWR) >= 0) {
# 88| dup (0);
# 89| dup (0);
Error: GCC_ANALYZER_WARNING (CWE-910):
shadow-4.15.1/src/sulogin.c:88:25: warning[-Wanalyzer-fd-use-after-close]: ‘dup’ on closed file descriptor ‘0’
# 86|
# 87| if (open (argv[1], O_RDWR) >= 0) {
# 88|-> dup (0);
# 89| dup (0);
# 90| } else {
Error: COMPILER_WARNING (CWE-252):
shadow-4.15.1/src/sulogin.c: scope_hint: In function ‘main’
shadow-4.15.1/src/sulogin.c:88:25: warning[-Wunused-result]: ignoring return value of ‘dup’ declared with attribute ‘warn_unused_result’
# 88 | dup (0);
# | ^~~~~~~
# 86|
# 87| if (open (argv[1], O_RDWR) >= 0) {
# 88|-> dup (0);
# 89| dup (0);
# 90| } else {
Error: GCC_ANALYZER_WARNING (CWE-910):
shadow-4.15.1/src/sulogin.c:89:25: warning[-Wanalyzer-fd-use-after-close]: ‘dup’ on closed file descriptor ‘0’
# 87| if (open (argv[1], O_RDWR) >= 0) {
# 88| dup (0);
# 89|-> dup (0);
# 90| } else {
# 91| exit (1);
Error: COMPILER_WARNING (CWE-252):
shadow-4.15.1/src/sulogin.c:89:25: warning[-Wunused-result]: ignoring return value of ‘dup’ declared with attribute ‘warn_unused_result’
# 89 | dup (0);
# | ^~~~~~~
# 87| if (open (argv[1], O_RDWR) >= 0) {
# 88| dup (0);
# 89|-> dup (0);
# 90| } else {
# 91| exit (1);
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/src/useradd.c: scope_hint: In function ‘get_defaults’
shadow-4.15.1/src/useradd.c:386:34: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
shadow-4.15.1/lib/alloc.h:112:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/lib/alloc.h: scope_hint: In function ‘get_defaults’
# 384| */
# 385| else if (MATCH (buf, DHOME)) {
# 386|-> def_home = xstrdup(ccp);
# 387| }
# 388|
Error: CLANG_WARNING:
shadow-4.15.1/src/useradd.c:731:3: warning[unix.Malloc]: Argument to free() is the address of a global variable, which is not memory allocated by malloc()
# 729| free(new_file);
# 730| if (prefix[0]) {
# 731|-> free(default_file);
# 732| }
# 733|
Error: COMPILER_WARNING (CWE-252):
shadow-4.15.1/src/useradd.c: scope_hint: In function ‘create_home’
shadow-4.15.1/src/useradd.c:2293:16: warning[-Wunused-result]: ignoring return value of ‘chown’ declared with attribute ‘warn_unused_result’
# 2293 | (void) chown(prefix_user_home, user_id, user_gid);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 2291| free(bhome);
# 2292|
# 2293|-> (void) chown(prefix_user_home, user_id, user_gid);
# 2294| mode = getdef_num("HOME_MODE",
# 2295| 0777 & ~getdef_num("UMASK", GETDEF_DEFAULT_UMASK));
Error: GCC_ANALYZER_WARNING (CWE-476):
shadow-4.15.1/src/useradd.c: scope_hint: In function ‘main’
shadow-4.15.1/src/useradd.c:2459:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘user_groups’
shadow-4.15.1/src/useradd.c:2455:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/src/useradd.c: scope_hint: In function ‘main’
# 2457| * Initialize the list to be empty
# 2458| */
# 2459|-> user_groups[0] = NULL;
# 2460|
# 2461|
Error: GCC_ANALYZER_WARNING (CWE-476):
shadow-4.15.1/src/usermod.c: scope_hint: In function ‘main’
shadow-4.15.1/src/usermod.c:2189:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘user_groups’
shadow-4.15.1/src/usermod.c:2188:23: note: in expansion of macro ‘XMALLOC’
shadow-4.15.1/src/usermod.c: scope_hint: In function ‘main’
# 2187| sys_ngroups = sysconf (_SC_NGROUPS_MAX);
# 2188| user_groups = XMALLOC(sys_ngroups + 1, char *);
# 2189|-> user_groups[0] = NULL;
# 2190|
# 2191| is_shadow_pwd = spw_file_present ();
Error: CLANG_WARNING:
shadow-4.15.1/src/vipw.c:119:6: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 117|
# 118| c = 0;
# 119|-> if (fseeko (fp, 0, SEEK_SET) == 0)
# 120| while ((c = getc (fp)) != EOF) {
# 121| if (putc (c, bkfp) == EOF) {
Error: GCC_ANALYZER_WARNING (CWE-775):
shadow-4.15.1/src/vipw.c: scope_hint: In function ‘vipwedit’
shadow-4.15.1/src/vipw.c:277:12: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(file, "r")’
# 275| vipwexit (_("failed to gain privileges"), errno, 1);
# 276| #endif /* WITH_TCB */
# 277|-> if (create_backup_file (f, fileedit, &st1) != 0) {
# 278| vipwexit (_("Couldn't make backup"), errno, 1);
# 279| }
Error: GCC_ANALYZER_WARNING (CWE-401):
shadow-4.15.1/src/vipw.c:277:12: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(file, "r")’
# 275| vipwexit (_("failed to gain privileges"), errno, 1);
# 276| #endif /* WITH_TCB */
# 277|-> if (create_backup_file (f, fileedit, &st1) != 0) {
# 278| vipwexit (_("Couldn't make backup"), errno, 1);
# 279| }
Error: CLANG_WARNING:
shadow-4.15.1/src/vipw.c:280:9: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 278| vipwexit (_("Couldn't make backup"), errno, 1);
# 279| }
# 280|-> (void) fclose (f);
# 281| createedit = true;
# 282|
Error: COMPILER_WARNING (CWE-252):
shadow-4.15.1/src/vipw.c: scope_hint: In function ‘vipwedit’
shadow-4.15.1/src/vipw.c:439:9: warning[-Wunused-result]: ignoring return value of ‘link’ declared with attribute ‘warn_unused_result’
# 439 | link (file, filebackup);
# | ^~~~~~~~~~~~~~~~~~~~~~~
# 437| #endif /* WITH_TCB */
# 438| unlink (filebackup);
# 439|-> link (file, filebackup);
# 440| if (rename (to_rename, file) == -1) {
# 441| fprintf (stderr,