mbedtls-2.28.7-1.fc40
List of Defects
Error: CPPCHECK_WARNING: [#def1]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/aes.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def2]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/aes.c:1277:31: warning[core.UndefinedBinaryOperatorResult]: The right operand of '^' is a garbage value
# 1275| for (i = 0; i < leftover; i++) {
# 1276| output[i] = prev_output[i];
# 1277|-> tmp[i] = input[i] ^ t[i];
# 1278| }
# 1279|
Error: CPPCHECK_WARNING: [#def3]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/asn1parse.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def4]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/asn1write.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def5]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/base64.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def6]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/bignum.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def7]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/bignum.c:812:23: warning[core.NullDereference]: Array access (via field 'p') results in a null pointer dereference
# 810|
# 811| for (i = 0; i < buflen; i++) {
# 812|-> X->p[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3);
# 813| }
# 814|
Error: CLANG_WARNING: [#def8]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/bignum.c:845:9: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 843| if (buflen != 0) {
# 844| Xp = (unsigned char *) X->p;
# 845|-> memcpy(Xp + overhead, buf, buflen);
# 846|
# 847| mpi_bigendian_to_host(X->p, limbs);
Error: CPPCHECK_WARNING (CWE-758): [#def9]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/bignum.c:1603: error[shiftTooManyBits]: Shifting 32-bit value by 64 bits is undefined behaviour
# 1601|
# 1602| #if defined(MBEDTLS_HAVE_UDBL)
# 1603|-> dividend = (mbedtls_t_udbl) u1 << biL;
# 1604| dividend |= (mbedtls_t_udbl) u0;
# 1605| quotient = dividend / d;
Error: CPPCHECK_WARNING (CWE-758): [#def10]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/bignum.c:1606: error[shiftTooManyBits]: Shifting 32-bit value by 64 bits is undefined behaviour
# 1604| dividend |= (mbedtls_t_udbl) u0;
# 1605| quotient = dividend / d;
# 1606|-> if (quotient > ((mbedtls_t_udbl) 1 << biL) - 1) {
# 1607| quotient = ((mbedtls_t_udbl) 1 << biL) - 1;
# 1608| }
Error: CPPCHECK_WARNING (CWE-758): [#def11]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/bignum.c:1607: error[shiftTooManyBits]: Shifting 32-bit value by 64 bits is undefined behaviour
# 1605| quotient = dividend / d;
# 1606| if (quotient > ((mbedtls_t_udbl) 1 << biL) - 1) {
# 1607|-> quotient = ((mbedtls_t_udbl) 1 << biL) - 1;
# 1608| }
# 1609|
Error: CLANG_WARNING: [#def12]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/bignum.c:2459:5: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 2457| }
# 2458|
# 2459|-> memset(X->p, 0, overhead);
# 2460| memset((unsigned char *) X->p + limbs * ciL, 0, (X->n - limbs) * ciL);
# 2461| MBEDTLS_MPI_CHK(f_rng(p_rng, (unsigned char *) X->p + overhead, n_bytes));
Error: CLANG_WARNING: [#def13]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/bignum.c:2928:13: warning[core.NullDereference]: Array access (via field 'p') results in a null pointer dereference
# 2926| MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(X, n * ciL, f_rng, p_rng));
# 2927| /* make sure generated number is at least (nbits-1)+0.5 bits (FIPS 186-4 §B.3.3 steps 4.4, 5.5) */
# 2928|-> if (X->p[n-1] < CEIL_MAXUINT_DIV_SQRT2) {
# 2929| continue;
# 2930| }
Error: CPPCHECK_WARNING: [#def14]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/blowfish.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def15]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/camellia.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def16]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ccm.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def17]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/chacha20.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def18]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/chachapoly.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def19]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/cipher.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-476): [#def20]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:16: included_from: Included from here.
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c: scope_hint: In function ‘ssl_session_save’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/common.h:282:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘p’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:5342:9: note: in expansion of macro ‘MBEDTLS_PUT_UINT64_BE’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c: scope_hint: In function ‘ssl_session_save’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:5342:9: note: in expansion of macro ‘MBEDTLS_PUT_UINT64_BE’
# 280| #define MBEDTLS_PUT_UINT64_BE(n, data, offset) \
# 281| { \
# 282|-> (data)[(offset)] = MBEDTLS_BYTE_7(n); \
# 283| (data)[(offset) + 1] = MBEDTLS_BYTE_6(n); \
# 284| (data)[(offset) + 2] = MBEDTLS_BYTE_5(n); \
Error: CPPCHECK_WARNING: [#def21]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ctr_drbg.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def22]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/debug.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def23]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/des.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def24]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/dhm.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def25]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ecp_curves.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def26]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/entropy.c:484:10: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 482| unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
# 483|
# 484|-> if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
# 485| ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
# 486| goto exit;
Error: CPPCHECK_WARNING: [#def27]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/error.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def28]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/gcm.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def29]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/havege.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def30]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/hkdf.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def31]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/hmac_drbg.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def32]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/hmac_drbg.c:170:10: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 168|
# 169| /* IV. Gather entropy_len bytes of entropy for the seed */
# 170|-> if ((ret = ctx->f_entropy(ctx->p_entropy,
# 171| seed, ctx->entropy_len)) != 0) {
# 172| return MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED;
Error: CLANG_WARNING: [#def33]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/hmac_drbg.c:186:14: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 184| * entropy source implementation can emit in a single
# 185| * call in configurations disabling SHA-512. */
# 186|-> if ((ret = ctx->f_entropy(ctx->p_entropy,
# 187| seed + seedlen,
# 188| ctx->entropy_len / 2)) != 0) {
Error: CPPCHECK_WARNING: [#def34]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/md.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def35]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/md.c:737:5: warning[unix.Malloc]: Potential leak of memory pointed to by 'ipad'
# 735|
# 736| cleanup:
# 737|-> mbedtls_platform_zeroize(sum, sizeof(sum));
# 738|
# 739| return ret;
Error: CPPCHECK_WARNING: [#def36]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/md5.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-775): [#def37]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/net_sockets.c: scope_hint: In function ‘mbedtls_net_connect’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/net_sockets.c:193:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘socket(*cur.ai_family, *cur.ai_socktype, *cur.ai_protocol)’
# 191| }
# 192|
# 193|-> if (connect(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) == 0) {
# 194| ret = 0;
# 195| break;
Error: GCC_ANALYZER_WARNING (CWE-775): [#def38]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/net_sockets.c: scope_hint: In function ‘mbedtls_net_bind’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/net_sockets.c:250:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*ctx.fd’
# 248| }
# 249|
# 250|-> if (bind(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) != 0) {
# 251| close(ctx->fd);
# 252| ret = MBEDTLS_ERR_NET_BIND_FAILED;
Error: GCC_ANALYZER_WARNING (CWE-775): [#def39]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/net_sockets.c:258:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*ctx.fd’
# 256| /* Listen only makes sense for TCP */
# 257| if (proto == MBEDTLS_NET_PROTO_TCP) {
# 258|-> if (listen(ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG) != 0) {
# 259| close(ctx->fd);
# 260| ret = MBEDTLS_ERR_NET_LISTEN_FAILED;
Error: GCC_ANALYZER_WARNING (CWE-775): [#def40]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/net_sockets.c:270:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*ctx.fd’
# 268| }
# 269|
# 270|-> freeaddrinfo(addr_list);
# 271|
# 272| return ret;
Error: GCC_ANALYZER_WARNING (CWE-775): [#def41]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/net_sockets.c:350:30: warning[-Wanalyzer-fd-leak]: leak of file descriptor
# 348| if (type == SOCK_STREAM) {
# 349| /* TCP: actual accept() */
# 350|-> ret = client_ctx->fd = (int) accept(bind_ctx->fd,
# 351| (struct sockaddr *) &client_addr, &n);
# 352| } else {
Error: GCC_ANALYZER_WARNING (CWE-775): [#def42]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/net_sockets.c: scope_hint: In function ‘mbedtls_net_accept’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/net_sockets.c:350:30: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*bind_ctx.fd’
# 348| if (type == SOCK_STREAM) {
# 349| /* TCP: actual accept() */
# 350|-> ret = client_ctx->fd = (int) accept(bind_ctx->fd,
# 351| (struct sockaddr *) &client_addr, &n);
# 352| } else {
Error: GCC_ANALYZER_WARNING (CWE-775): [#def43]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/net_sockets.c:382:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*bind_ctx.fd’
# 380| int one = 1;
# 381|
# 382|-> if (connect(bind_ctx->fd, (struct sockaddr *) &client_addr, n) != 0) {
# 383| return MBEDTLS_ERR_NET_ACCEPT_FAILED;
# 384| }
Error: GCC_ANALYZER_WARNING (CWE-775): [#def44]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/net_sockets.c:399:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*bind_ctx.fd’
# 397| }
# 398|
# 399|-> if (bind(bind_ctx->fd, (struct sockaddr *) &local_addr, n) != 0) {
# 400| return MBEDTLS_ERR_NET_BIND_FAILED;
# 401| }
Error: GCC_ANALYZER_WARNING (CWE-775): [#def45]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/net_sockets.c:409:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor
# 407| *ip_len = sizeof(addr4->sin_addr.s_addr);
# 408|
# 409|-> if (buf_size < *ip_len) {
# 410| return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL;
# 411| }
Error: GCC_ANALYZER_WARNING (CWE-775): [#def46]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/net_sockets.c:418:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor
# 416| *ip_len = sizeof(addr6->sin6_addr.s6_addr);
# 417|
# 418|-> if (buf_size < *ip_len) {
# 419| return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL;
# 420| }
Error: CPPCHECK_WARNING: [#def47]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/oid.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def48]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/pem.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-688): [#def49]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/pem.c: scope_hint: In function ‘mbedtls_pem_write_buffer’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/pem.c:494:9: warning[-Wanalyzer-null-argument]: use of NULL ‘c’ where non-null expected
<built-in>: note: argument 2 of ‘__builtin_memcpy’ must be non-null
# 492| while (use_len) {
# 493| len = (use_len > 64) ? 64 : use_len;
# 494|-> memcpy(p, c, len);
# 495| use_len -= len;
# 496| p += len;
Error: CLANG_WARNING: [#def50]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/pem.c:494:9: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 492| while (use_len) {
# 493| len = (use_len > 64) ? 64 : use_len;
# 494|-> memcpy(p, c, len);
# 495| use_len -= len;
# 496| p += len;
Error: CPPCHECK_WARNING: [#def51]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/pkcs12.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-457): [#def52]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/pkcs12.c: scope_hint: In function ‘mbedtls_pkcs12_derivation’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/pkcs12.c:429:29: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘hash_block[<unknown>]’
# 427| // B += 1
# 428| for (i = v; i > 0; i--) {
# 429|-> if (++hash_block[i - 1] != 0) {
# 430| break;
# 431| }
Error: CPPCHECK_WARNING: [#def53]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/pkcs5.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def54]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/pkparse.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def55]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/pkparse.c:320:10: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 318|
# 319| /* Ignore seed BIT STRING OPTIONAL */
# 320|-> if ((ret = mbedtls_asn1_get_tag(&p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING)) == 0) {
# 321| p += len;
# 322| }
Error: CLANG_WARNING: [#def56]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/pkparse.c:534:10: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 532| }
# 533|
# 534|-> if ((ret = mbedtls_rsa_import_raw(rsa, *p, len, NULL, 0, NULL, 0,
# 535| NULL, 0, NULL, 0)) != 0) {
# 536| return MBEDTLS_ERR_PK_INVALID_PUBKEY;
Error: CLANG_WARNING: [#def57]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/pkparse.c:546:10: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 544| }
# 545|
# 546|-> if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0,
# 547| NULL, 0, *p, len)) != 0) {
# 548| return MBEDTLS_ERR_PK_INVALID_PUBKEY;
Error: CPPCHECK_WARNING: [#def58]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/pkwrite.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def59]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/poly1305.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def60]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/psa_crypto.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def61]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/psa_crypto_aead.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def62]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/psa_crypto_cipher.c:357:9: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 355| if (input_length > 0) {
# 356| /* Save unprocessed bytes for later processing */
# 357|-> memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]),
# 358| input, input_length);
# 359| ctx->unprocessed_len += input_length;
Error: CPPCHECK_WARNING: [#def63]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/psa_crypto_mac.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def64]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/psa_crypto_slot_management.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def65]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/psa_crypto_storage.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def66]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ripemd160.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def67]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/rsa.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def68]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/rsa.c:2125:16: warning[core.UndefinedBinaryOperatorResult]: The left operand of '>>' is a garbage value
# 2123| msb = mbedtls_mpi_bitlen(&ctx->N) - 1;
# 2124|
# 2125|-> if (buf[0] >> (8 - siglen * 8 + msb)) {
# 2126| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
# 2127| }
Error: CPPCHECK_WARNING: [#def69]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/sha1.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def70]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/sha256.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def71]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/sha512.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def72]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_cache.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def73]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_cli.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def74]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_cli.c:284:5: warning[deadcode.DeadStores]: Value stored to 'p' is never read
# 282|
# 283| MBEDTLS_PUT_UINT16_BE(sig_alg_len, p, 0);
# 284|-> p += 2;
# 285|
# 286| *olen = 6 + sig_alg_len;
Error: CLANG_WARNING: [#def75]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_cli.c:358:5: warning[deadcode.DeadStores]: Value stored to 'p' is never read
# 356|
# 357| MBEDTLS_PUT_UINT16_BE(elliptic_curve_len, p, 0);
# 358|-> p += 2;
# 359|
# 360| *olen = 6 + elliptic_curve_len;
Error: CPPCHECK_WARNING: [#def76]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_cookie.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def77]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_msg.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def78]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_msg.c:649:5: warning[deadcode.DeadStores]: Value stored to 'post_avail' is never read
# 647|
# 648| data = rec->buf + rec->data_offset;
# 649|-> post_avail = rec->buf_len - (rec->data_len + rec->data_offset);
# 650| MBEDTLS_SSL_DEBUG_BUF(4, "before encrypt: output payload",
# 651| data, rec->data_len);
Error: CLANG_WARNING: [#def79]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_msg.c:910:9: warning[deadcode.DeadStores]: Value stored to 'post_avail' is never read
# 908| transform->taglen);
# 909| /* Account for authentication tag. */
# 910|-> post_avail -= transform->taglen;
# 911|
# 912| /*
Error: CLANG_WARNING: [#def80]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_msg.c:1068:13: warning[deadcode.DeadStores]: Value stored to 'post_avail' is never read
# 1066|
# 1067| rec->data_len += transform->maclen;
# 1068|-> post_avail -= transform->maclen;
# 1069| auth_done++;
# 1070|
Error: CPPCHECK_WARNING: [#def81]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_srv.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-476): [#def82]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_srv.c: scope_hint: In function ‘ssl_get_ecdh_params_from_cert’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_srv.c:3154:40: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_srv.c:15: included_from: Included from here.
# 3152|
# 3153| if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx,
# 3154|-> mbedtls_pk_ec(*own_key),
# 3155| MBEDTLS_ECDH_OURS)) != 0) {
# 3156| MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret);
Error: CLANG_WARNING: [#def83]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_srv.c:3909:50: warning[core.UndefinedBinaryOperatorResult]: The right operand of '&' is a garbage value
# 3907| * data-dependent branches. */
# 3908| for (i = 0; i < ssl->handshake->pmslen; i++) {
# 3909|-> pms[i] = (mask & fake_pms[i]) | ((~mask) & peer_pms[i]);
# 3910| }
# 3911|
Error: CPPCHECK_WARNING: [#def84]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_ticket.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def85]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-401): [#def86]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c: scope_hint: In function ‘mbedtls_ssl_session_copy’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:215:9: warning[-Wanalyzer-malloc-leak]: leak of ‘**ssl.session_negotiate.ticket’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:20: included_from: Included from here.
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:210:23: note: in expansion of macro ‘mbedtls_calloc’
# 213| }
# 214|
# 215|-> memcpy(dst->ticket, src->ticket, src->ticket_len);
# 216| }
# 217| #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
Error: GCC_ANALYZER_WARNING (CWE-476): [#def87]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:5388:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘p’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c: scope_hint: In function ‘ssl_session_save’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:5388:16: note: in expansion of macro ‘MBEDTLS_BYTE_2’
# 5386|
# 5387| if (used <= buf_len) {
# 5388|-> *p++ = MBEDTLS_BYTE_2(cert_len);
# 5389| *p++ = MBEDTLS_BYTE_1(cert_len);
# 5390| *p++ = MBEDTLS_BYTE_0(cert_len);
Error: CLANG_WARNING: [#def88]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:5388:14: warning[core.NullDereference]: Dereference of null pointer
# 5386|
# 5387| if (used <= buf_len) {
# 5388|-> *p++ = MBEDTLS_BYTE_2(cert_len);
# 5389| *p++ = MBEDTLS_BYTE_1(cert_len);
# 5390| *p++ = MBEDTLS_BYTE_0(cert_len);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def89]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:5424:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘p’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c: scope_hint: In function ‘ssl_session_save’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:5424:16: note: in expansion of macro ‘MBEDTLS_BYTE_2’
# 5422|
# 5423| if (used <= buf_len) {
# 5424|-> *p++ = MBEDTLS_BYTE_2(session->ticket_len);
# 5425| *p++ = MBEDTLS_BYTE_1(session->ticket_len);
# 5426| *p++ = MBEDTLS_BYTE_0(session->ticket_len);
Error: CLANG_WARNING: [#def90]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:5424:14: warning[core.NullDereference]: Dereference of null pointer
# 5422|
# 5423| if (used <= buf_len) {
# 5424|-> *p++ = MBEDTLS_BYTE_2(session->ticket_len);
# 5425| *p++ = MBEDTLS_BYTE_1(session->ticket_len);
# 5426| *p++ = MBEDTLS_BYTE_0(session->ticket_len);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def91]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:5445:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘p’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c: scope_hint: In function ‘ssl_session_save’
# 5443|
# 5444| if (used <= buf_len) {
# 5445|-> *p++ = session->mfl_code;
# 5446| }
# 5447| #endif
Error: CLANG_WARNING: [#def92]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:5445:14: warning[core.NullDereference]: Dereference of null pointer
# 5443|
# 5444| if (used <= buf_len) {
# 5445|-> *p++ = session->mfl_code;
# 5446| }
# 5447| #endif
Error: GCC_ANALYZER_WARNING (CWE-476): [#def93]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:5453:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘p’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c: scope_hint: In function ‘ssl_session_save’
# 5451|
# 5452| if (used <= buf_len) {
# 5453|-> *p++ = (unsigned char) ((session->trunc_hmac) & 0xFF);
# 5454| }
# 5455| #endif
Error: CLANG_WARNING: [#def94]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:5453:14: warning[core.NullDereference]: Dereference of null pointer
# 5451|
# 5452| if (used <= buf_len) {
# 5453|-> *p++ = (unsigned char) ((session->trunc_hmac) & 0xFF);
# 5454| }
# 5455| #endif
Error: GCC_ANALYZER_WARNING (CWE-476): [#def95]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:5461:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘p’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c: scope_hint: In function ‘ssl_session_save’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/common.h:94:40: note: in definition of macro ‘MBEDTLS_BYTE_0’
# 5459|
# 5460| if (used <= buf_len) {
# 5461|-> *p++ = MBEDTLS_BYTE_0(session->encrypt_then_mac);
# 5462| }
# 5463| #endif
Error: CLANG_WARNING: [#def96]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:5461:14: warning[core.NullDereference]: Dereference of null pointer
# 5459|
# 5460| if (used <= buf_len) {
# 5461|-> *p++ = MBEDTLS_BYTE_0(session->encrypt_then_mac);
# 5462| }
# 5463| #endif
Error: CLANG_WARNING: [#def97]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/ssl_tls.c:6355:17: warning[deadcode.DeadStores]: Value stored to 'p' is never read
# 6353| if (ssl->alpn_chosen != NULL) {
# 6354| memcpy(p, ssl->alpn_chosen, alpn_len);
# 6355|-> p += alpn_len;
# 6356| }
# 6357| }
Error: GCC_ANALYZER_WARNING (CWE-457): [#def98]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/timing.c: scope_hint: In function ‘mbedtls_timing_get_delay’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/timing.c:334:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*(mbedtls_timing_delay_context *)data.fin_ms’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/timing.c:427:13: note: in expansion of macro ‘FAIL’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/timing.c:12: included_from: Included from here.
mbedtls-2.28.7-build/mbedtls-2.28.7/library/timing.c:378:13: note: in expansion of macro ‘mbedtls_printf’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/timing.c:427:13: note: in expansion of macro ‘FAIL’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/timing.c:382:13: note: in expansion of macro ‘mbedtls_printf’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/timing.c:427:13: note: in expansion of macro ‘FAIL’
# 332| unsigned long elapsed_ms;
# 333|
# 334|-> if (ctx->fin_ms == 0) {
# 335| return -1;
# 336| }
Error: CPPCHECK_WARNING: [#def99]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/x509.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def100]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/x509_create.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def101]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/x509_crl.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def102]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/x509_crl.c:346:10: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 344| * signatureValue BIT STRING }
# 345| */
# 346|-> if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
# 347| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
# 348| mbedtls_x509_crl_free(crl);
Error: CLANG_WARNING: [#def103]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/x509_crl.c:391:10: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 389| crl->version++;
# 390|
# 391|-> if ((ret = mbedtls_x509_get_sig_alg(&crl->sig_oid, &sig_params1,
# 392| &crl->sig_md, &crl->sig_pk,
# 393| &crl->sig_opts)) != 0) {
Error: CPPCHECK_WARNING: [#def104]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/x509_crt.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def105]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/x509_crt.c:1123:10: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 1121| * signatureValue BIT STRING }
# 1122| */
# 1123|-> if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
# 1124| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
# 1125| mbedtls_x509_crt_free(crt);
Error: GCC_ANALYZER_WARNING (CWE-457): [#def106]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/x509_crt.c: scope_hint: In function ‘mbedtls_x509_parse_subject_alt_name’
mbedtls-2.28.7-build/mbedtls-2.28.7/library/x509_crt.c:1907:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘&other_name’
# 1905| memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name));
# 1906| san->type = MBEDTLS_X509_SAN_OTHER_NAME;
# 1907|-> memcpy(&san->san.other_name,
# 1908| &other_name, sizeof(other_name));
# 1909|
Error: CPPCHECK_WARNING: [#def107]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/x509_csr.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def108]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/x509_csr.c:104:10: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 102| * }
# 103| */
# 104|-> if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
# 105| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
# 106| mbedtls_x509_csr_free(csr);
Error: CLANG_WARNING: [#def109]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/x509_csr.c:201:10: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 199| }
# 200|
# 201|-> if ((ret = mbedtls_x509_get_sig_alg(&csr->sig_oid, &sig_params,
# 202| &csr->sig_md, &csr->sig_pk,
# 203| &csr->sig_opts)) != 0) {
Error: CPPCHECK_WARNING: [#def110]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/x509write_crt.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def111]
mbedtls-2.28.7-build/mbedtls-2.28.7/library/x509write_csr.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Scan Properties
| analyzer-version-clang | 18.1.7 |
| analyzer-version-cppcheck | 2.14.2 |
| analyzer-version-gcc | 14.1.1 |
| analyzer-version-gcc-analyzer | 14.1.1 |
| analyzer-version-shellcheck | 0.10.0 |
| enabled-plugins | clang, cppcheck, gcc, shellcheck |
| exit-code | 0 |
| host | ip-172-16-1-171.us-west-2.compute.internal |
| mock-config | fedora-41-x86_64 |
| project-name | mbedtls-2.28.7-1.fc40 |
| store-results-to | /tmp/tmp74ci3d6u/mbedtls-2.28.7-1.fc40.tar.xz |
| time-created | 2024-07-03 16:14:15 |
| time-finished | 2024-07-03 16:17:14 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmp74ci3d6u/mbedtls-2.28.7-1.fc40.tar.xz' '--gcc-analyze' '/tmp/tmp74ci3d6u/mbedtls-2.28.7-1.fc40.src.rpm' |
| tool-version | csmock-3.5.3-1.el9 |