Task #183 - xmlrpc-c-1.59.03-1.fc41/scan-results.err
back to task #183download
Error: SHELLCHECK_WARNING (CWE-563):
/usr/bin/xmlrpc-c-config:9:1: warning[SC2034]: ENABLE_ABYSS_THREADS appears unused. Verify use (or export if used externally).
# 7| # From 'shell_config'
# 8| #######################################################
# 9|-> ENABLE_ABYSS_THREADS="yes"
# 10| THREAD_LIBS=""
# 11| ENABLE_LIBXML2_BACKEND="no"
Error: SHELLCHECK_WARNING (CWE-563):
/usr/bin/xmlrpc-c-config:10:1: warning[SC2034]: THREAD_LIBS appears unused. Verify use (or export if used externally).
# 8| #######################################################
# 9| ENABLE_ABYSS_THREADS="yes"
# 10|-> THREAD_LIBS=""
# 11| ENABLE_LIBXML2_BACKEND="no"
# 12| MUST_BUILD_WININET_CLIENT="no"
Error: SHELLCHECK_WARNING (CWE-563):
/usr/bin/xmlrpc-c-config:32:1: warning[SC2034]: BLDDIR appears unused. Verify use (or export if used externally).
# 30| HEADERINST_DIR="/usr/include"
# 31| LIBINST_DIR="/usr/lib64"
# 32|-> BLDDIR="/builddir/build/BUILD/xmlrpc-c-1.59.03"
# 33| ABS_SRCDIR="/builddir/build/BUILD/xmlrpc-c-1.59.03"
# 34| ABYSS_DOES_OPENSSL="yes"
Error: SHELLCHECK_WARNING (CWE-563):
/usr/bin/xmlrpc-c-config:33:1: warning[SC2034]: ABS_SRCDIR appears unused. Verify use (or export if used externally).
# 31| LIBINST_DIR="/usr/lib64"
# 32| BLDDIR="/builddir/build/BUILD/xmlrpc-c-1.59.03"
# 33|-> ABS_SRCDIR="/builddir/build/BUILD/xmlrpc-c-1.59.03"
# 34| ABYSS_DOES_OPENSSL="yes"
# 35| OPENSSL_LDADD="-lssl -lcrypto"
Error: SHELLCHECK_WARNING (CWE-563):
/usr/bin/xmlrpc-c-config:77:1: warning[SC2034]: cpp_libs appears unused. Verify use (or export if used externally).
# 75| the_rpath=
# 76| the_wl_rpath=
# 77|-> cpp_libs=
# 78| # It's important that packetsocket lib go after client, server libs
# 79| packetsocket_lib=
Error: GCC_ANALYZER_WARNING (CWE-126):
xmlrpc-c-1.59.03/lib/abyss/src/sockutil.c:32: included_from: Included from here.
xmlrpc-c-1.59.03/lib/abyss/src/sockutil.c: scope_hint: In function ‘formatPeerInfoInet6’
xmlrpc-c-1.59.03/include/xmlrpc-c/string_int.h:129:23: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
xmlrpc-c-1.59.03/lib/abyss/src/sockutil.c:236:9: note: in expansion of macro ‘MEMSCPY’
xmlrpc-c-1.59.03/lib/abyss/src/sockutil.c:236:9: note: in expansion of macro ‘MEMSCPY’
xmlrpc-c-1.59.03/lib/abyss/src/sockutil.c:236:9: note: in expansion of macro ‘MEMSCPY’
xmlrpc-c-1.59.03/include/xmlrpc-c/string_int.h:129:23: note: read of 12 bytes from after the end of ‘sockaddr’
xmlrpc-c-1.59.03/lib/abyss/src/sockutil.c:236:9: note: in expansion of macro ‘MEMSCPY’
# └──────────────────────────────────────────────────────────────────────┘
# ^ ^
# 127| #define MEMSSET(a,b) (memset(a, b, sizeof(*a)))
# 128|
# 129|-> #define MEMSCPY(a,b) (memcpy(a, b, sizeof(*a)))
# 130|
# 131| #define MEMSZERO(a) (MEMSSET(a, 0))
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/include/xmlrpc-c/base.h:11: included_from: Included from here.
xmlrpc-c-1.59.03/src/xmlrpc_client.c:21: included_from: Included from here.
xmlrpc-c-1.59.03/src/xmlrpc_client.c: scope_hint: In function ‘xmlrpc_client_call2’
xmlrpc-c-1.59.03/include/xmlrpc-c/util.h:275:6: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘callXmlP’
xmlrpc-c-1.59.03/src/xmlrpc_client.c:623:25: note: in expansion of macro ‘XMLRPC_MEMBLOCK_SIZE’
xmlrpc-c-1.59.03/src/xmlrpc_client.c:623:25: note: in expansion of macro ‘XMLRPC_MEMBLOCK_SIZE’
xmlrpc-c-1.59.03/src/xmlrpc_client.c:623:25: note: in expansion of macro ‘XMLRPC_MEMBLOCK_SIZE’
# 273| xmlrpc_mem_block_free(block)
# 274| #define XMLRPC_MEMBLOCK_SIZE(type,block) \
# 275|-> (xmlrpc_mem_block_size(block) / sizeof(type))
# 276| #define XMLRPC_MEMBLOCK_CONTENTS(type,block) \
# 277| ((type*) xmlrpc_mem_block_contents(block))
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/conf.c:284:21: warning[core.NullDereference]: Access to field 'pw_uid' results in a dereference of a null pointer (loaded from variable 'pwd')
# 282| TraceExit("Unknown user '%s'", p);
# 283|
# 284|-> srvP->uid = pwd->pw_uid;
# 285| if ((int)srvP->gid==(-1))
# 286| srvP->gid = pwd->pw_gid;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/conn.c:526:17: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
# 524| dealWithReadTimeout(timedOutP, !readyForRead, timeout, errorP);
# 525| if (!*errorP)
# 526|-> dealWithReadEof(eofP, eof, errorP);
# 527| }
# 528| }
Error: GCC_ANALYZER_WARNING (CWE-122):
xmlrpc-c-1.59.03/lib/abyss/src/data.c: scope_hint: In function ‘PoolZoneAlloc’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:551:27: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
xmlrpc-c-1.59.03/lib/abyss/src/data.c:42: included_from: Included from here.
xmlrpc-c-1.59.03/lib/abyss/src/data.c:549:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:549:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:551:27: note: write of 7 bytes to beyond the end of the region
# 549| MALLOCARRAY(poolZoneP, zonesize);
# 550| if (poolZoneP) {
# 551|-> poolZoneP->pos = &poolZoneP->data[0];
# 552| poolZoneP->maxpos = poolZoneP->pos + zonesize;
# 553| poolZoneP->next = NULL;
Error: GCC_ANALYZER_WARNING (CWE-122):
xmlrpc-c-1.59.03/lib/abyss/src/data.c:552:27: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
xmlrpc-c-1.59.03/lib/abyss/src/data.c:549:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:549:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:552:27: note: write of 8 bytes to beyond the end of the region
# 550| if (poolZoneP) {
# 551| poolZoneP->pos = &poolZoneP->data[0];
# 552|-> poolZoneP->maxpos = poolZoneP->pos + zonesize;
# 553| poolZoneP->next = NULL;
# 554| poolZoneP->prev = NULL;
Error: GCC_ANALYZER_WARNING (CWE-122):
xmlrpc-c-1.59.03/lib/abyss/src/data.c:553:27: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
xmlrpc-c-1.59.03/lib/abyss/src/data.c:549:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:549:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:553:27: note: write of 8 bytes to beyond the end of the region
# 551| poolZoneP->pos = &poolZoneP->data[0];
# 552| poolZoneP->maxpos = poolZoneP->pos + zonesize;
# 553|-> poolZoneP->next = NULL;
# 554| poolZoneP->prev = NULL;
# 555| }
Error: GCC_ANALYZER_WARNING (CWE-122):
xmlrpc-c-1.59.03/lib/abyss/src/data.c:554:27: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
xmlrpc-c-1.59.03/lib/abyss/src/data.c:549:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:549:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:554:27: note: write of 8 bytes to beyond the end of the region
# 552| poolZoneP->maxpos = poolZoneP->pos + zonesize;
# 553| poolZoneP->next = NULL;
# 554|-> poolZoneP->prev = NULL;
# 555| }
# 556| return poolZoneP;
Error: GCC_ANALYZER_WARNING (CWE-122):
xmlrpc-c-1.59.03/lib/abyss/src/data.c: scope_hint: In function ‘PoolAlloc’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:621:40: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
xmlrpc-c-1.59.03/lib/abyss/src/data.c:43: included_from: Included from here.
xmlrpc-c-1.59.03/include/xmlrpc-c/util_int.h:33:26: note: in definition of macro ‘MAX’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:549:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:549:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:621:40: note: write of 8 bytes to beyond the end of the region
# 619| TPoolZone * const newPoolZoneP = PoolZoneAlloc(zonesize);
# 620| if (newPoolZoneP) {
# 621|-> newPoolZoneP->prev = curPoolZoneP;
# 622| newPoolZoneP->next = curPoolZoneP->next;
# 623| curPoolZoneP->next = newPoolZoneP;
Error: GCC_ANALYZER_WARNING (CWE-122):
xmlrpc-c-1.59.03/lib/abyss/src/data.c:622:40: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
xmlrpc-c-1.59.03/include/xmlrpc-c/util_int.h:33:26: note: in definition of macro ‘MAX’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:549:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:549:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:622:40: note: write of 8 bytes to beyond the end of the region
# 620| if (newPoolZoneP) {
# 621| newPoolZoneP->prev = curPoolZoneP;
# 622|-> newPoolZoneP->next = curPoolZoneP->next;
# 623| curPoolZoneP->next = newPoolZoneP;
# 624| poolP->currentzone = newPoolZoneP;
Error: GCC_ANALYZER_WARNING (CWE-122):
xmlrpc-c-1.59.03/lib/abyss/src/data.c:626:39: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
xmlrpc-c-1.59.03/include/xmlrpc-c/util_int.h:33:26: note: in definition of macro ‘MAX’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:549:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:549:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/abyss/src/data.c:626:39: note: write of 7 bytes to beyond the end of the region
# 624| poolP->currentzone = newPoolZoneP;
# 625| retval= newPoolZoneP->data;
# 626|-> newPoolZoneP->pos = newPoolZoneP->data + size;
# 627| } else
# 628| retval = NULL;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/handler.c:324:5: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 322|
# 323| /* Sort the files */
# 324|-> qsort(listP->item, listP->size, sizeof(void *),
# 325| (TQSortProc)(sort == 1 ? cmpfilenames : cmpfiledates));
# 326|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/handler.c:358:13: warning[deadcode.DeadStores]: Value stored to 'k' is never read
# 356| strcat(z1, "...");
# 357| strcat(z1, z + k - 11);
# 358|-> k = 24;
# 359| p = z1 + 24;
# 360| } else {
Error: COMPILER_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/handler.c:394:25: warning[-Wformat-overflow=]: ‘%5lu’ directive writing between 5 and 14 bytes into a region of size 9
# 394 | sprintf(z3, "%5" PRIu64 " %c", fi->size, u);
# | ^~~~
xmlrpc-c-1.59.03/lib/abyss/src/handler.c: scope_hint: In function ‘HandlerDefaultBuiltin’
xmlrpc-c-1.59.03/lib/abyss/src/handler.c:394:26: note: format string is defined here
# 394 | sprintf(z3, "%5" PRIu64 " %c", fi->size, u);
xmlrpc-c-1.59.03/lib/abyss/src/handler.c:394:25: note: directive argument in the range [0, 17592186044415]
# 394 | sprintf(z3, "%5" PRIu64 " %c", fi->size, u);
# | ^~~~
/usr/include/bits/stdio2.h:30:10: note: ‘__sprintf_chk’ output between 8 and 17 bytes into a destination of size 9
# 30 | return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 31 | __glibc_objsize (__s), __fmt,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 32 | __va_arg_pack ());
# | ~~~~~~~~~~~~~~~~~
# 392| }
# 393|
# 394|-> sprintf(z3, "%5" PRIu64 " %c", fi->size, u);
# 395|
# 396| if (xmlrpc_streq(fi->name, ".."))
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/handler.c:658:9: warning[core.CallAndMessage]: 5th function call argument is an uninitialized value
# 656|
# 657| if (sessionP->requestInfo.method != m_head)
# 658|-> sendBody(sessionP, fileP, filesize, mediatype, start, end);
# 659| }
# 660|
Error: GCC_ANALYZER_WARNING (CWE-688):
xmlrpc-c-1.59.03/lib/abyss/src/http.c: scope_hint: In function ‘RequestAuth’
xmlrpc-c-1.59.03/lib/abyss/src/http.c:149:13: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘valueBuffer’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strcpy’ must be non-null
# 147| char * authHdrPtr;
# 148|
# 149|-> strcpy(valueBuffer, authValue); /* initial value */
# 150| authHdrPtr = &valueBuffer[0];
# 151|
Error: CPPCHECK_WARNING (CWE-401):
xmlrpc-c-1.59.03/lib/abyss/src/http.c:177: error[memleak]: Memory leak: valueBuffer
# 175| free(valueBuffer);
# 176| }
# 177|-> } else
# 178| authorized = false;
# 179|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/server.c:540:5: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 538| const char * const name) {
# 539|
# 540|-> xmlrpc_strfree(serverP->srvP->name);
# 541|
# 542| serverP->srvP->name = strdup(name);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/server.c:562:9: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 560| struct _TServer * const srvP = serverP->srvP;
# 561|
# 562|-> if (srvP->logfilename)
# 563| xmlrpc_strfree(srvP->logfilename);
# 564|
Error: GCC_ANALYZER_WARNING (CWE-401):
xmlrpc-c-1.59.03/lib/abyss/src/server.c: scope_hint: In function ‘serverRun2’
xmlrpc-c-1.59.03/lib/abyss/src/server.c:1325:1: warning[-Wanalyzer-malloc-leak]: leak of ‘outstandingConnListP’
xmlrpc-c-1.59.03/lib/abyss/src/server.c:26: included_from: Included from here.
xmlrpc-c-1.59.03/lib/abyss/src/server.c:1017:5: note: in expansion of macro ‘MALLOCVAR_NOFAIL’
xmlrpc-c-1.59.03/lib/abyss/src/server.c:1017:5: note: in expansion of macro ‘MALLOCVAR_NOFAIL’
xmlrpc-c-1.59.03/lib/abyss/src/server.c:1017:5: note: in expansion of macro ‘MALLOCVAR_NOFAIL’
# 1323| destroyOutstandingConnList(outstandingConnListP);
# 1324| }
# 1325|-> }
# 1326|
# 1327|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/server.c:1325:1: warning[unix.Malloc]: Potential leak of memory pointed to by 'outstandingConnListP'
# 1323| destroyOutstandingConnList(outstandingConnListP);
# 1324| }
# 1325|-> }
# 1326|
# 1327|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/server.c:1613:13: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 1611| setGroups(&error);
# 1612|
# 1613|-> if (error) {
# 1614| TraceExit("Failed to set groups. %s", error);
# 1615| xmlrpc_strfree(error);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/session.c:257:9: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 255| unsigned int digitValue;
# 256|
# 257|-> parseHexDigit(*p, &digitValue, errorP);
# 258|
# 259| if (!*errorP) {
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/session.c: scope_hint: In function ‘parseChunkHeader’
xmlrpc-c-1.59.03/lib/abyss/src/session.c:261:19: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘digitValue’
# 259| if (!*errorP) {
# 260| accum <<= 4;
# 261|-> accum += digitValue;
# 262| }
# 263| }
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/session.c:293:12: warning[-Wmaybe-uninitialized]: ‘line’ may be used uninitialized
# 293 | if (line) {
# | ^
xmlrpc-c-1.59.03/lib/abyss/src/session.c: scope_hint: In function ‘getSomeChunkedRequestBody’
xmlrpc-c-1.59.03/lib/abyss/src/session.c:283:18: note: ‘line’ was declared here
# 283 | const char * line;
# | ^~~~
# 291| xmlrpc_strfree(error);
# 292| } else {
# 293|-> if (line) {
# 294| parseChunkHeader(line, chunkSizeP, errorP);
# 295|
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/session.c: scope_hint: In function ‘getChunkHeader’
xmlrpc-c-1.59.03/lib/abyss/src/session.c:293:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘line’
# 291| xmlrpc_strfree(error);
# 292| } else {
# 293|-> if (line) {
# 294| parseChunkHeader(line, chunkSizeP, errorP);
# 295|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/session.c:293:13: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 291| xmlrpc_strfree(error);
# 292| } else {
# 293|-> if (line) {
# 294| parseChunkHeader(line, chunkSizeP, errorP);
# 295|
Error: GCC_ANALYZER_WARNING (CWE-401):
xmlrpc-c-1.59.03/lib/abyss/src/session.c: scope_hint: In function ‘getChunkHeader’
xmlrpc-c-1.59.03/lib/abyss/src/session.c:305:1: warning[-Wanalyzer-malloc-leak]: leak of ‘line’
# 303| }
# 304| }
# 305|-> }
# 306|
# 307|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/session.c:305:1: warning[unix.Malloc]: Potential leak of memory pointed to by 'line'
# 303| }
# 304| }
# 305|-> }
# 306|
# 307|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/session.c:359:12: warning[-Wmaybe-uninitialized]: ‘gotHeader’ may be used uninitialized
# 359 | if (gotHeader) {
# | ^
xmlrpc-c-1.59.03/lib/abyss/src/session.c: scope_hint: In function ‘getSomeChunkedRequestBody’
xmlrpc-c-1.59.03/lib/abyss/src/session.c:353:10: note: ‘gotHeader’ was declared here
# 353 | bool gotHeader;
# | ^~~~~~~~~
# 357|
# 358| if (!*errorP) {
# 359|-> if (gotHeader) {
# 360| if (chunkSize == 0)
# 361| sessionP->chunkState.position = CHUNK_EOF;
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/session.c: scope_hint: In function ‘processChunkHeaderIfThere’
xmlrpc-c-1.59.03/lib/abyss/src/session.c:359:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘gotHeader’
# 357|
# 358| if (!*errorP) {
# 359|-> if (gotHeader) {
# 360| if (chunkSize == 0)
# 361| sessionP->chunkState.position = CHUNK_EOF;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/session.c:359:13: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 357|
# 358| if (!*errorP) {
# 359|-> if (gotHeader) {
# 360| if (chunkSize == 0)
# 361| sessionP->chunkState.position = CHUNK_EOF;
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/session.c:360:16: warning[-Wmaybe-uninitialized]: ‘chunkSize’ may be used uninitialized
# 360 | if (chunkSize == 0)
# | ^
xmlrpc-c-1.59.03/lib/abyss/src/session.c: scope_hint: In function ‘getSomeChunkedRequestBody’
xmlrpc-c-1.59.03/lib/abyss/src/session.c:354:14: note: ‘chunkSize’ was declared here
# 354 | uint32_t chunkSize;
# | ^~~~~~~~~
# 358| if (!*errorP) {
# 359| if (gotHeader) {
# 360|-> if (chunkSize == 0)
# 361| sessionP->chunkState.position = CHUNK_EOF;
# 362| else {
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:50:31: warning[-Wmaybe-uninitialized]: ‘httpMethod’ may be used uninitialized
# 50 | requestInfoP->method = httpMethod;
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c: scope_hint: In function ‘SessionReadRequest’
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:1187:17: note: ‘httpMethod’ was declared here
# 1187 | TMethod httpMethod;
# | ^~~~~~~~~~
# 48|
# 49| requestInfoP->requestline = xmlrpc_strdupsol(requestLine);
# 50|-> requestInfoP->method = httpMethod;
# 51| requestInfoP->host = xmlrpc_strdupnull(host);
# 52| requestInfoP->port = port;
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:51:33: warning[-Wmaybe-uninitialized]: ‘host’ may be used uninitialized
# 51 | requestInfoP->host = xmlrpc_strdupnull(host);
# | ^~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c: scope_hint: In function ‘SessionReadRequest’
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:1188:22: note: ‘host’ was declared here
# 1188 | const char * host;
# | ^~~~
# 49| requestInfoP->requestline = xmlrpc_strdupsol(requestLine);
# 50| requestInfoP->method = httpMethod;
# 51|-> requestInfoP->host = xmlrpc_strdupnull(host);
# 52| requestInfoP->port = port;
# 53| requestInfoP->uri = strdup(path);
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:52:31: warning[-Wmaybe-uninitialized]: ‘port’ may be used uninitialized
# 52 | requestInfoP->port = port;
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c: scope_hint: In function ‘SessionReadRequest’
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:1191:24: note: ‘port’ was declared here
# 1191 | unsigned short port;
# | ^~~~
# 50| requestInfoP->method = httpMethod;
# 51| requestInfoP->host = xmlrpc_strdupnull(host);
# 52|-> requestInfoP->port = port;
# 53| requestInfoP->uri = strdup(path);
# 54| requestInfoP->query = xmlrpc_strdupnull(query);
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:53:33: warning[-Wmaybe-uninitialized]: ‘path’ may be used uninitialized
# 53 | requestInfoP->uri = strdup(path);
# | ^~~~~~~~~~~~
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c: scope_hint: In function ‘SessionReadRequest’
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:1189:22: note: ‘path’ was declared here
# 1189 | const char * path;
# | ^~~~
# 51| requestInfoP->host = xmlrpc_strdupnull(host);
# 52| requestInfoP->port = port;
# 53|-> requestInfoP->uri = strdup(path);
# 54| requestInfoP->query = xmlrpc_strdupnull(query);
# 55| requestInfoP->from = NULL;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:53:33: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 51| requestInfoP->host = xmlrpc_strdupnull(host);
# 52| requestInfoP->port = port;
# 53|-> requestInfoP->uri = strdup(path);
# 54| requestInfoP->query = xmlrpc_strdupnull(query);
# 55| requestInfoP->from = NULL;
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:54:33: warning[-Wmaybe-uninitialized]: ‘query’ may be used uninitialized
# 54 | requestInfoP->query = xmlrpc_strdupnull(query);
# | ^~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c: scope_hint: In function ‘SessionReadRequest’
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:1190:22: note: ‘query’ was declared here
# 1190 | const char * query;
# | ^~~~~
# 52| requestInfoP->port = port;
# 53| requestInfoP->uri = strdup(path);
# 54|-> requestInfoP->query = xmlrpc_strdupnull(query);
# 55| requestInfoP->from = NULL;
# 56| requestInfoP->useragent = NULL;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:418:13: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 416| &timedOut, &error);
# 417|
# 418|-> if (error) {
# 419| xmlrpc_asprintf(errorP, "Got beginning of the request field, "
# 420| "but failed to get the rest. %s", error);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:435:31: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 433|
# 434| *timedOutP = false;
# 435|-> *requestLineP = line;
# 436| }
# 437| }
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:501:44: warning[-Wmaybe-uninitialized]: ‘digit0’ may be used uninitialized
# 501 | *unescapedP = ((digit0 << 4) | digit1);
# | ~~~~~~~~^~~~~
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c: scope_hint: In function ‘unescapeUri’
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:477:18: note: ‘digit0’ was declared here
# 477 | unsigned int digit0;
# | ^~~~~~
# 499|
# 500| if (!*errorP)
# 501|-> *unescapedP = ((digit0 << 4) | digit1);
# 502| }
# 503| }
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:501:44: warning[core.UndefinedBinaryOperatorResult]: The left operand of '<<' is a garbage value
# 499|
# 500| if (!*errorP)
# 501|-> *unescapedP = ((digit0 << 4) | digit1);
# 502| }
# 503| }
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:501:50: warning[-Wmaybe-uninitialized]: ‘digit1’ may be used uninitialized
# 501 | *unescapedP = ((digit0 << 4) | digit1);
# | ~~~~~~~~~~~~~~~^~~~~~~~~
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c: scope_hint: In function ‘unescapeUri’
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:493:26: note: ‘digit1’ was declared here
# 493 | unsigned int digit1;
# | ^~~~~~
# 499|
# 500| if (!*errorP)
# 501|-> *unescapedP = ((digit0 << 4) | digit1);
# 502| }
# 503| }
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:501:50: warning[core.UndefinedBinaryOperatorResult]: The right operand of '|' is a garbage value
# 499|
# 500| if (!*errorP)
# 501|-> *unescapedP = ((digit0 << 4) | digit1);
# 502| }
# 503| }
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:549:28: warning[-Wmaybe-uninitialized]: ‘unescaped’ may be used uninitialized
# 549 | *dst++ = unescaped;
# | ~~~~~~~^~~~~~~~~~~
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:538:22: note: ‘unescaped’ was declared here
# 538 | char unescaped;
# | ^~~~~~~~~
# 547| xmlrpc_strfree(error);
# 548| } else
# 549|-> *dst++ = unescaped;
# 550| } break;
# 551|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:697:9: warning[unix.Malloc]: Potential leak of memory pointed to by 'path'
# 695| *pathP = path;
# 696|
# 697|-> free(buffer);
# 698| }
# 699| }
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:721:12: warning[-Wmaybe-uninitialized]: ‘path’ may be used uninitialized
# 721 | if (path)
# | ^
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c: scope_hint: In function ‘SessionReadRequest’
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:777:18: note: ‘path’ was declared here
# 777 | const char * path;
# | ^~~~
# 719| *hostP = NULL;
# 720| if (!*errorP) {
# 721|-> if (path)
# 722| unescapeUri(path, pathP, errorP);
# 723| else
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:726:16: warning[-Wmaybe-uninitialized]: ‘query’ may be used uninitialized
# 726 | if (query)
# | ^
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c: scope_hint: In function ‘SessionReadRequest’
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:776:18: note: ‘query’ was declared here
# 776 | const char * query;
# | ^~~~~
# 724| *pathP = NULL;
# 725| if (!*errorP) {
# 726|-> if (query)
# 727| unescapeUri(query, queryP, errorP);
# 728| else
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:731:17: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 729| *queryP = NULL;
# 730| if (*errorP)
# 731|-> xmlrpc_strfree(*pathP);
# 732| } else {
# 733| if (*hostP)
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:733:17: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 731| xmlrpc_strfree(*pathP);
# 732| } else {
# 733|-> if (*hostP)
# 734| xmlrpc_strfree(*hostP);
# 735| }
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:783:13: warning[core.NullDereference]: Array access (from variable 'requestUriNoQuery') results in an undefined pointer dereference
# 781| splitUriQuery(requestUri, &query, &requestUriNoQuery, errorP);
# 782| if (!*errorP) {
# 783|-> if (requestUriNoQuery[0] == '/') {
# 784| host = NULL;
# 785| path = xmlrpc_strdupsol(requestUriNoQuery);
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:783:30: warning[-Wmaybe-uninitialized]: ‘requestUriNoQuery’ may be used uninitialized
# 783 | if (requestUriNoQuery[0] == '/') {
# | ~~~~~~~~~~~~~~~~~^~~
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c: scope_hint: In function ‘SessionReadRequest’
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:772:18: note: ‘requestUriNoQuery’ was declared here
# 772 | const char * requestUriNoQuery;
# | ^~~~~~~~~~~~~~~~~
# 781| splitUriQuery(requestUri, &query, &requestUriNoQuery, errorP);
# 782| if (!*errorP) {
# 783|-> if (requestUriNoQuery[0] == '/') {
# 784| host = NULL;
# 785| path = xmlrpc_strdupsol(requestUriNoQuery);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:797:20: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 795|
# 796| if (!*errorP) {
# 797|-> *portP = port;
# 798| unescapeHostPathQuery(host, path, query,
# 799| hostP, pathP, queryP, errorP);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:807:13: warning[unix.Malloc]: Potential leak of memory pointed to by 'path'
# 805| }
# 806|
# 807|-> if (query)
# 808| xmlrpc_strfree(query);
# 809| xmlrpc_strfree(requestUriNoQuery);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:811:1: warning[unix.Malloc]: Potential leak of memory pointed to by 'requestUriNoQuery'
# 809| xmlrpc_strfree(requestUriNoQuery);
# 810| }
# 811|-> }
# 812|
# 813|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:867:34: warning[-Wmaybe-uninitialized]: ‘requestLine’ may be used uninitialized
# 867 | char * const requestBuffer = strdup(requestLine);
# | ^~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c: scope_hint: In function ‘SessionReadRequest’
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:1174:12: note: ‘requestLine’ was declared here
# 1174 | char * requestLine; /* In connection's internal buffer */
# | ^~~~~~~~~~~
# 865| const char ** const errorP) {
# 866|
# 867|-> char * const requestBuffer = strdup(requestLine);
# 868|
# 869| const char * httpMethodName;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:906:21: warning[unix.Malloc]: Potential leak of memory pointed to by 'host'
# 904|
# 905| if (error) {
# 906|-> xmlrpc_asprintf(errorP, "Invalid URI ('%s'). %s",
# 907| requestUri, error);
# 908| xmlrpc_strfree(error);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:938:25: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 936| }
# 937| if (*errorP) {
# 938|-> xmlrpc_strfree(host);
# 939| xmlrpc_strfree(path);
# 940| xmlrpc_strfree(query);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:939:25: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 937| if (*errorP) {
# 938| xmlrpc_strfree(host);
# 939|-> xmlrpc_strfree(path);
# 940| xmlrpc_strfree(query);
# 941| }
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:942:28: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 940| xmlrpc_strfree(query);
# 941| }
# 942|-> *hostP = host;
# 943| *portP = port;
# 944| *pathP = path;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:944:28: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 942| *hostP = host;
# 943| *portP = port;
# 944|-> *pathP = path;
# 945| *queryP = query;
# 946| }
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:1110:13: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 1108| readField(sessionP->connP, deadline, &endOfHeader, &field,
# 1109| &timedOut, &error);
# 1110|-> if (error) {
# 1111| xmlrpc_asprintf(errorP, "Failed to read header from "
# 1112| "client connection. %s", error);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:1124:19: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 1122| char * fieldName;
# 1123|
# 1124|-> p = &field[0];
# 1125| getFieldNameToken(&p, &fieldName, errorP, httpErrorCodeP);
# 1126| if (!*errorP) {
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c: scope_hint: In function ‘SessionReadRequest’
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:1182:15: warning[-Wmaybe-uninitialized]: ‘timedOut’ may be used uninitialized
# 1182 | } else if (timedOut) {
# | ^
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:1172:10: note: ‘timedOut’ was declared here
# 1172 | bool timedOut;
# | ^~~~~~~~
# 1180| *httpErrorCodeP = 500; /* Internal error */
# 1181| xmlrpc_strfree(error);
# 1182|-> } else if (timedOut) {
# 1183| xmlrpc_asprintf(errorP, "Timed out waiting for client to send "
# 1184| "the request field");
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:1182:16: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 1180| *httpErrorCodeP = 500; /* Internal error */
# 1181| xmlrpc_strfree(error);
# 1182|-> } else if (timedOut) {
# 1183| xmlrpc_asprintf(errorP, "Timed out waiting for client to send "
# 1184| "the request field");
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:1200:13: warning[unix.Malloc]: Potential leak of memory pointed to by 'host'
# 1198|
# 1199| if (error) {
# 1200|-> xmlrpc_asprintf(errorP, "Unable to parse the request header "
# 1201| "'%s'. %s", requestLine, error);
# 1202| *httpErrorCodeP = 400; /* Bad request */
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:1200:13: warning[unix.Malloc]: Potential leak of memory pointed to by 'path'
# 1198|
# 1199| if (error) {
# 1200|-> xmlrpc_asprintf(errorP, "Unable to parse the request header "
# 1201| "'%s'. %s", requestLine, error);
# 1202| *httpErrorCodeP = 400; /* Bad request */
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:1205:13: warning[core.CallAndMessage]: 4th function call argument is an uninitialized value
# 1203| xmlrpc_strfree(error);
# 1204| } else {
# 1205|-> initRequestInfo(&sessionP->requestInfo, sessionP->version,
# 1206| requestLine,
# 1207| httpMethod, host, port, path, query);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:1205:13: warning[core.CallAndMessage]: 5th function call argument is an uninitialized value
# 1203| xmlrpc_strfree(error);
# 1204| } else {
# 1205|-> initRequestInfo(&sessionP->requestInfo, sessionP->version,
# 1206| requestLine,
# 1207| httpMethod, host, port, path, query);
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:1209:16: warning[-Wmaybe-uninitialized]: ‘moreFields’ may be used uninitialized
# 1209 | if (moreFields) {
# | ^
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:1192:14: note: ‘moreFields’ was declared here
# 1192 | bool moreFields;
# | ^~~~~~~~~~
# 1207| httpMethod, host, port, path, query);
# 1208|
# 1209|-> if (moreFields) {
# 1210| readAndProcessHeaderFields(sessionP, deadline,
# 1211| errorP, httpErrorCodeP);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sessionReadRequest.c:1209:17: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 1207| httpMethod, host, port, path, query);
# 1208|
# 1209|-> if (moreFields) {
# 1210| readAndProcessHeaderFields(sessionP, deadline,
# 1211| errorP, httpErrorCodeP);
Error: COMPILER_WARNING (CWE-477):
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c: scope_hint: In function ‘sslErrorMsg’
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c:71:9: warning[-Wdeprecated-declarations]: ‘ERR_get_error_line’ is deprecated: Since OpenSSL 3.0
# 71 | int const errCode = ERR_get_error_line(&sourceFileName, &lineNum);
# | ^~~
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c:26: included_from: Included from here.
/usr/include/openssl/err.h:423:15: note: declared here
# 423 | unsigned long ERR_get_error_line(const char **file, int *line);
# | ^~~~~~~~~~~~~~~~~~
# 69| int lineNum;
# 70|
# 71|-> int const errCode = ERR_get_error_line(&sourceFileName, &lineNum);
# 72|
# 73| if (errCode == 0)
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c: scope_hint: In function ‘createChannelFromAcceptedConn’
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c:658:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘sslP’
# 656| struct abyss_openSsl_chaninfo * channelInfoP;
# 657|
# 658|-> makeChannelInfo(&channelInfoP, sslP, errorP);
# 659| if (!*errorP) {
# 660| bool const userSuppliedFalse = false;
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c:658:13: warning[-Wmaybe-uninitialized]: ‘sslP’ may be used uninitialized
# 658 | makeChannelInfo(&channelInfoP, sslP, errorP);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c: scope_hint: In function ‘chanSwitchAccept’
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c:646:15: note: ‘sslP’ was declared here
# 646 | SSL * sslP;
# | ^~~~
# 656| struct abyss_openSsl_chaninfo * channelInfoP;
# 657|
# 658|-> makeChannelInfo(&channelInfoP, sslP, errorP);
# 659| if (!*errorP) {
# 660| bool const userSuppliedFalse = false;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c:658:13: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
# 656| struct abyss_openSsl_chaninfo * channelInfoP;
# 657|
# 658|-> makeChannelInfo(&channelInfoP, sslP, errorP);
# 659| if (!*errorP) {
# 660| bool const userSuppliedFalse = false;
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c:666:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘channelInfoP’
# 664|
# 665| if (*errorP)
# 666|-> free(channelInfoP);
# 667| else
# 668| *channelInfoPP = channelInfoP;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c:666:21: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 664|
# 665| if (*errorP)
# 666|-> free(channelInfoP);
# 667| else
# 668| *channelInfoPP = channelInfoP;
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c:668:36: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘channelInfoP’
# 666| free(channelInfoP);
# 667| else
# 668|-> *channelInfoPP = channelInfoP;
# 669| }
# 670| if (*errorP)
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c:668:36: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 666| free(channelInfoP);
# 667| else
# 668|-> *channelInfoPP = channelInfoP;
# 669| }
# 670| if (*errorP)
Error: GCC_ANALYZER_WARNING (CWE-401):
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c:678:1: warning[-Wanalyzer-malloc-leak]: leak of ‘channelOpenSslP’
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c:32: included_from: Included from here.
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c:641:5: note: in expansion of macro ‘MALLOCVAR’
# 676| free(channelOpenSslP);
# 677| }
# 678|-> }
# 679|
# 680|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c:678:1: warning[unix.Malloc]: Potential leak of memory pointed to by 'channelOpenSslP'
# 676| free(channelOpenSslP);
# 677| }
# 678|-> }
# 679|
# 680|
Error: GCC_ANALYZER_WARNING (CWE-775):
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c: scope_hint: In function ‘chanSwitchAccept’
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c:721:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘accept(*chanSwitchOpenSslP.listenFd, & peerAddr, & peerAddrLen)’
# 719| const char * error;
# 720|
# 721|-> createChannelFromAcceptedConn(
# 722| acceptedFd, chanSwitchOpenSslP->sslCtxP,
# 723| &channelP, channelInfoPP, &error);
Error: COMPILER_WARNING (CWE-252):
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c: scope_hint: In function ‘chanSwitchInterrupt’
xmlrpc-c-1.59.03/lib/abyss/src/socket_openssl.c:762:5: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 762 | write(chanSwitchOpenSslP->interruptPipe.interruptorFd,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 763 | &zero, sizeof(zero));
# | ~~~~~~~~~~~~~~~~~~~~
# 760| unsigned char const zero[1] = {0u};
# 761|
# 762|-> write(chanSwitchOpenSslP->interruptPipe.interruptorFd,
# 763| &zero, sizeof(zero));
# 764| }
Error: GCC_ANALYZER_WARNING (CWE-775):
xmlrpc-c-1.59.03/lib/abyss/src/socket_unix.c: scope_hint: In function ‘chanSwitchAccept’
xmlrpc-c-1.59.03/lib/abyss/src/socket_unix.c:354:35: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘accept(*listenSocketP.fd, & peerAddr, & peerAddrLen)’
xmlrpc-c-1.59.03/lib/abyss/src/socket_unix.c:501:9: note: in expansion of macro ‘MALLOCVAR’
# 352| xmlrpc_asprintf(errorP, "Unable to allocate memory");
# 353| else {
# 354|-> channelInfoP->peerAddrLen = peerAddrLen;
# 355| channelInfoP->peerAddr = peerAddr;
# 356|
Error: GCC_ANALYZER_WARNING (CWE-775):
xmlrpc-c-1.59.03/lib/abyss/src/socket_unix.c:498:10: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘accept(*listenSocketP.fd, & peerAddr, & peerAddrLen)’
# 496|
# 497| makeChannelInfo(&channelInfoP, peerAddr, sizeof(peerAddr), errorP);
# 498|-> if (!*errorP) {
# 499| struct socketUnix * acceptedSocketP;
# 500|
Error: GCC_ANALYZER_WARNING (CWE-401):
xmlrpc-c-1.59.03/lib/abyss/src/socket_unix.c: scope_hint: In function ‘createChannelForAccept’
xmlrpc-c-1.59.03/lib/abyss/src/socket_unix.c:533:1: warning[-Wanalyzer-malloc-leak]: leak of ‘channelInfoP’
xmlrpc-c-1.59.03/lib/abyss/src/socket_unix.c:34: included_from: Included from here.
xmlrpc-c-1.59.03/lib/abyss/src/socket_unix.c:349:5: note: in expansion of macro ‘MALLOCVAR’
xmlrpc-c-1.59.03/lib/abyss/src/socket_unix.c:501:9: note: in expansion of macro ‘MALLOCVAR’
# 531| free(channelInfoP);
# 532| }
# 533|-> }
# 534|
# 535|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/socket_unix.c:533:1: warning[unix.Malloc]: Potential leak of memory pointed to by 'channelInfoP'
# 531| free(channelInfoP);
# 532| }
# 533|-> }
# 534|
# 535|
Error: COMPILER_WARNING (CWE-252):
xmlrpc-c-1.59.03/lib/abyss/src/socket_unix.c: scope_hint: In function ‘chanSwitchInterrupt’
xmlrpc-c-1.59.03/lib/abyss/src/socket_unix.c:612:5: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 612 | write(listenSocketP->interruptPipe.interruptorFd, &zero, sizeof(zero));
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 610| unsigned char const zero[1] = {0u};
# 611|
# 612|-> write(listenSocketP->interruptPipe.interruptorFd, &zero, sizeof(zero));
# 613| }
# 614|
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/socket_unix.c: scope_hint: In function ‘SocketUnixCreateFd’
xmlrpc-c-1.59.03/lib/abyss/src/socket_unix.c:858:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘channelInfoP’
# 856| ChannelUnixCreateFd(fd, &channelP, &channelInfoP, &error);
# 857| if (!error)
# 858|-> SocketCreateChannel(channelP, channelInfoP, &socketP);
# 859| } else {
# 860| TChanSwitch * chanSwitchP;
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/socket_unix.c:858:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘channelP’
# 856| ChannelUnixCreateFd(fd, &channelP, &channelInfoP, &error);
# 857| if (!error)
# 858|-> SocketCreateChannel(channelP, channelInfoP, &socketP);
# 859| } else {
# 860| TChanSwitch * chanSwitchP;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/socket_unix.c:858:13: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 856| ChannelUnixCreateFd(fd, &channelP, &channelInfoP, &error);
# 857| if (!error)
# 858|-> SocketCreateChannel(channelP, channelInfoP, &socketP);
# 859| } else {
# 860| TChanSwitch * chanSwitchP;
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/abyss/src/socket_unix.c:863:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘chanSwitchP’
# 861| ChanSwitchUnixCreateFd(fd, &chanSwitchP, &error);
# 862| if (!error)
# 863|-> SocketCreateChanSwitch(chanSwitchP, &socketP);
# 864| }
# 865| if (error) {
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/socket_unix.c:863:13: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 861| ChanSwitchUnixCreateFd(fd, &chanSwitchP, &error);
# 862| if (!error)
# 863|-> SocketCreateChanSwitch(chanSwitchP, &socketP);
# 864| }
# 865| if (error) {
Error: COMPILER_WARNING (CWE-252):
xmlrpc-c-1.59.03/lib/abyss/src/sockutil.c: scope_hint: In function ‘sockutil_interruptPipeInterrupt’
xmlrpc-c-1.59.03/lib/abyss/src/sockutil.c:80:5: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 80 | write(interruptPipe.interruptorFd, &zero, sizeof(zero));
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 78| unsigned char const zero[1] = {0u};
# 79|
# 80|-> write(interruptPipe.interruptorFd, &zero, sizeof(zero));
# 81| }
# 82|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sockutil.c:153:1: warning[unix.Malloc]: Potential leak of memory pointed to by 'sockName'
# 151| free(sockName);
# 152| }
# 153|-> }
# 154|
# 155|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/abyss/src/sockutil.c:197:1: warning[unix.Malloc]: Potential leak of memory pointed to by 'peerName'
# 195| free(peerName);
# 196| }
# 197|-> }
# 198|
# 199|
Error: COMPILER_WARNING (CWE-477):
xmlrpc-c-1.59.03/lib/curl_transport/curltransaction.c: scope_hint: In function ‘setupCurlSession’
xmlrpc-c-1.59.03/lib/curl_transport/curltransaction.c:727:13: warning[-Wdeprecated-declarations]: ‘CURLOPT_PROGRESSFUNCTION’ is deprecated: since 7.32.0. Use CURLOPT_XFERINFOFUNCTION
xmlrpc-c-1.59.03/lib/curl_transport/curltransaction.c:19: included_from: Included from here.
/usr/include/curl/curl.h:1291:3: note: declared here
# 725| if (transP->progress) {
# 726| curl_easy_setopt(curlSessionP, CURLOPT_NOPROGRESS, 0);
# 727|-> curl_easy_setopt(curlSessionP, CURLOPT_PROGRESSFUNCTION,
# 728| curlProgress);
# 729| curl_easy_setopt(curlSessionP, CURLOPT_PROGRESSDATA, transP);
Error: COMPILER_WARNING (CWE-477):
xmlrpc-c-1.59.03/lib/curl_transport/curltransaction.c:778:13: warning[-Wdeprecated-declarations]: ‘CURLOPT_RANDOM_FILE’ is deprecated: since 7.84.0. Serves no purpose anymore
/usr/include/curl/curl.h:1360:3: note: declared here
# 776| curlSetupP->caPath);
# 777| if (curlSetupP->randomFile)
# 778|-> curl_easy_setopt(curlSessionP, CURLOPT_RANDOM_FILE,
# 779| curlSetupP->randomFile);
# 780| if (curlSetupP->egdSocket)
Error: COMPILER_WARNING (CWE-477):
xmlrpc-c-1.59.03/lib/curl_transport/curltransaction.c:781:13: warning[-Wdeprecated-declarations]: ‘CURLOPT_EGDSOCKET’ is deprecated: since 7.84.0. Serves no purpose anymore
/usr/include/curl/curl.h:1364:3: note: declared here
# 779| curlSetupP->randomFile);
# 780| if (curlSetupP->egdSocket)
# 781|-> curl_easy_setopt(curlSessionP, CURLOPT_EGDSOCKET,
# 782| curlSetupP->egdSocket);
# 783| if (curlSetupP->sslCipherList)
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/curl_transport/curltransaction.c:860:10: warning[unix.Malloc]: Potential leak of memory pointed to by 'authHdrValue'
# 858| }
# 859|
# 860|-> if (!envP->fault_occurred)
# 861| setupKeepalive(curlSetupP, curlSessionP, envP);
# 862|
Error: GCC_ANALYZER_WARNING (CWE-401):
xmlrpc-c-1.59.03/lib/curl_transport/curltransaction.c:863:1: warning[-Wanalyzer-malloc-leak]: leak of ‘authHdrValue’
/usr/include/curl/curl.h:3227: included_from: Included from here.
xmlrpc-c-1.59.03/lib/curl_transport/curltransaction.c:719:26: note: in expansion of macro ‘XMLRPC_MEMBLOCK_CONTENTS’
# 861| setupKeepalive(curlSetupP, curlSessionP, envP);
# 862|
# 863|-> }
# 864|
# 865|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/curl_transport/xmlrpc_curl_transport.c:402:56: warning[-Wmaybe-uninitialized]: ‘selectTimeoutMillisec’ may be used uninitialized
# 402 | retval.tv_nsec = (uint32_t)((selectTimeoutMillisec % 1000) * million);
# | ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~
xmlrpc-c-1.59.03/lib/curl_transport/xmlrpc_curl_transport.c: scope_hint: In function ‘waitForWork’
xmlrpc-c-1.59.03/lib/curl_transport/xmlrpc_curl_transport.c:378:18: note: ‘selectTimeoutMillisec’ was declared here
# 378 | unsigned int selectTimeoutMillisec;
# | ^~~~~~~~~~~~~~~~~~~~~
# 400| }
# 401| retval.tv_sec = selectTimeoutMillisec / 1000;
# 402|-> retval.tv_nsec = (uint32_t)((selectTimeoutMillisec % 1000) * million);
# 403|
# 404| return retval;
Error: GCC_ANALYZER_WARNING (CWE-476):
xmlrpc-c-1.59.03/lib/curl_transport/xmlrpc_curl_transport.c: scope_hint: In function ‘startRpc’
xmlrpc-c-1.59.03/lib/curl_transport/xmlrpc_curl_transport.c:1269:5: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘rpcP’
xmlrpc-c-1.59.03/lib/curl_transport/xmlrpc_curl_transport.c:73: included_from: Included from here.
xmlrpc-c-1.59.03/lib/curl_transport/xmlrpc_curl_transport.c:1295:5: note: in expansion of macro ‘MALLOCVAR’
# 1267| rpc * const rpcP) {
# 1268|
# 1269|-> curlMulti_addHandle(envP,
# 1270| rpcP->transportP->asyncCurlMultiP,
# 1271| curlTransaction_curlSession(rpcP->curlTransactionP));
Error: GCC_ANALYZER_WARNING (CWE-476):
xmlrpc-c-1.59.03/lib/curl_transport/xmlrpc_curl_transport.c:1357:5: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘rpcP’
xmlrpc-c-1.59.03/lib/curl_transport/xmlrpc_curl_transport.c: scope_hint: In function ‘call’
xmlrpc-c-1.59.03/lib/curl_transport/xmlrpc_curl_transport.c: scope_hint: In function ‘call’
xmlrpc-c-1.59.03/lib/curl_transport/xmlrpc_curl_transport.c:1295:5: note: in expansion of macro ‘MALLOCVAR’
# 1355| int * const interruptP) {
# 1356|
# 1357|-> performCurlTransaction(envP, rpcP->curlTransactionP, curlMultiP,
# 1358| interruptP);
# 1359| }
Error: CPPCHECK_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/curl_transport/xmlrpc_curl_transport.c:1555: warning[uninitvar]: Uninitialized variable: waitTimeoutTime
# 1553|
# 1554| finishCurlMulti(&env, clientTransportP->asyncCurlMultiP,
# 1555|-> timeoutType, waitTimeoutTime,
# 1556| clientTransportP->interruptP);
# 1557|
Error: GCC_ANALYZER_WARNING (CWE-476):
xmlrpc-c-1.59.03/lib/expat/xmlparse/xmlparse.c: scope_hint: In function ‘doProlog’
xmlrpc-c-1.59.03/lib/expat/xmlparse/xmlparse.c:332:53: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
xmlrpc-c-1.59.03/lib/expat/xmlparse/xmlparse.c:3625:16: note: in expansion of macro ‘externalEntityRefHandler’
xmlrpc-c-1.59.03/lib/expat/xmlparse/xmlparse.c: scope_hint: In function ‘doProlog’
xmlrpc-c-1.59.03/lib/expat/xmlparse/xmlparse.c:3621:16: note: in expansion of macro ‘externalEntityRefHandler’
xmlrpc-c-1.59.03/lib/expat/xmlparse/xmlparse.c:3625:16: note: in expansion of macro ‘externalEntityRefHandler’
# 330| #define endNamespaceDeclHandler (((Parser *)parser)->m_endNamespaceDeclHandler)
# 331| #define notStandaloneHandler (((Parser *)parser)->m_notStandaloneHandler)
# 332|-> #define externalEntityRefHandler (((Parser *)parser)->m_externalEntityRefHandler)
# 333| #define externalEntityRefHandlerArg (((Parser *)parser)->m_externalEntityRefHandlerArg)
# 334| #define unknownEncodingHandler (((Parser *)parser)->m_unknownEncodingHandler)
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/expat/xmlparse/xmlparse.c: scope_hint: In function ‘poolGrow’
xmlrpc-c-1.59.03/lib/expat/xmlparse/xmlparse.c:486:8: warning[-Wmaybe-uninitialized]: ‘wasGrownFromFreeBlocks’ may be used uninitialized
# 486 | if (wasGrownFromFreeBlocks)
# | ^
xmlrpc-c-1.59.03/lib/expat/xmlparse/xmlparse.c:482:10: note: ‘wasGrownFromFreeBlocks’ was declared here
# 482 | bool wasGrownFromFreeBlocks;
# | ^~~~~~~~~~~~~~~~~~~~~~
# 484| poolGrowFromFreeBlocks(poolP, &wasGrownFromFreeBlocks);
# 485|
# 486|-> if (wasGrownFromFreeBlocks)
# 487| *errorP = NULL;
# 488| else {
Error: CPPCHECK_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/expat/xmlparse/xmlparse.c:1579: error[uninitvar]: Uninitialized variable: &version
# 1577| next,
# 1578| &parserP->m_eventPtr,
# 1579|-> &version,
# 1580| &encodingName,
# 1581| &newEncodingP,
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/expat/xmlparse/xmlparse.c:2748:27: warning[unix.Malloc]: Potential leak of memory pointed to by 'tag'
# 2746| tag->buf = malloc(INIT_TAG_BUF_SIZE);
# 2747| if (!tag->buf) {
# 2748|-> *errorCodeP = XML_ERROR_NO_MEMORY;
# 2749| return;
# 2750| }
Error: CPPCHECK_WARNING (CWE-401):
xmlrpc-c-1.59.03/lib/expat/xmlparse/xmlparse.c:2749: error[memleak]: Memory leak: tag
# 2747| if (!tag->buf) {
# 2748| *errorCodeP = XML_ERROR_NO_MEMORY;
# 2749|-> return;
# 2750| }
# 2751| tag->bufEnd = tag->buf + INIT_TAG_BUF_SIZE;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/expat/xmltok/xmltok.c:1252:17: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 1250| }
# 1251| do {
# 1252|-> *(*toP)++ = *utf8++;
# 1253| } while (--n != 0);
# 1254| }
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/expat/xmltok/xmltok.c:11: included_from: Included from here.
xmlrpc-c-1.59.03/lib/expat/xmltok/xmltok_ns.c: scope_hint: In function ‘findEncodingNS’
xmlrpc-c-1.59.03/lib/expat/xmltok/xmltok.h:262:10: warning[-Wmaybe-uninitialized]: ‘buf’ may be used uninitialized
# 262 | (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim))
# | ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/lib/expat/xmltok/xmltok.h:262:10: note: by argument 5 of type ‘const char *’ to ‘void Utf8Converter (const struct ENCODING *, const char * *, const char *, char * *, const char *)’
xmlrpc-c-1.59.03/lib/expat/xmltok/xmltok.c:1554: included_from: Included from here.
xmlrpc-c-1.59.03/lib/expat/xmltok/xmltok_ns.c:81:8: note: ‘buf’ declared here
# 81 | char buf[ENCODING_MAX];
# | ^~~
# 260|
# 261| #define XmlUtf8Convert(enc, fromP, fromLim, toP, toLim) \
# 262|-> (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim))
# 263|
# 264| #define XmlUtf16Convert(enc, fromP, fromLim, toP, toLim) \
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/libutil++/base64.cpp:40:38: warning[-Wmaybe-uninitialized]: ‘buffer.buffer’ may be used uninitialized
# 40 | this->buffer = (this->buffer << 8) | newBits;
# | ~~~~~~~~~~~~~~^~~~~
xmlrpc-c-1.59.03/lib/libutil++/base64.cpp: scope_hint: In function ‘xmlrpc_c::base64FromBytes[abi:cxx11](std::vector<unsigned char, std::allocator<unsigned char> > const&, xmlrpc_c::newlineCtl)’
xmlrpc-c-1.59.03/lib/libutil++/base64.cpp:116:15: note: ‘buffer.buffer’ was declared here
# 116 | bitBuffer buffer;
# | ^~~~~~
# 38| // Shift in 8 bits to the right end of the buffer
# 39|
# 40|-> this->buffer = (this->buffer << 8) | newBits;
# 41| this->bitsInBuffer += 8;
# 42|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/libutil++/base64.cpp:50:38: warning[-Wmaybe-uninitialized]: ‘buffer.buffer’ may be used uninitialized
# 50 | this->buffer = (this->buffer << 6) | newBits;
# | ~~~~~~~~~~~~~~^~~~~
xmlrpc-c-1.59.03/lib/libutil++/base64.cpp: scope_hint: In function ‘xmlrpc_c::bytesFromBase64(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)’
xmlrpc-c-1.59.03/lib/libutil++/base64.cpp:224:15: note: ‘buffer.buffer’ was declared here
# 224 | bitBuffer buffer;
# | ^~~~~~
# 48| // Shift in 6 bits to the right end of the buffer
# 49|
# 50|-> this->buffer = (this->buffer << 6) | newBits;
# 51| this->bitsInBuffer += 6;
# 52|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/libutil++/base64.cpp:50:38: warning[core.UndefinedBinaryOperatorResult]: The left operand of '<<' is a garbage value
# 48| // Shift in 6 bits to the right end of the buffer
# 49|
# 50|-> this->buffer = (this->buffer << 6) | newBits;
# 51| this->bitsInBuffer += 6;
# 52|
Error: CPPCHECK_WARNING (CWE-664):
xmlrpc-c-1.59.03/lib/libutil++/girerr.cpp:23: error[va_end_missing]: va_list 'varargs' was opened but not closed by va_end().
# 21| xmlrpc_strfree(value);
# 22|
# 23|-> throw(girerr::error(valueString));
# 24|
# 25| va_end(varargs);
Error: CPPCHECK_WARNING (CWE-401):
xmlrpc-c-1.59.03/lib/libutil/asprintf.c:166: error[memleak]: Memory leak: retvalOrNull
# 164| retvalOrNull = strdup(string);
# 165|
# 166|-> return retvalOrNull ? retvalOrNull : xmlrpc_strsol;
# 167| }
# 168|
Error: GCC_ANALYZER_WARNING (CWE-126):
xmlrpc-c-1.59.03/lib/libutil/make_printable.c: scope_hint: In function ‘xmlrpc_makePrintable_lp’
xmlrpc-c-1.59.03/lib/libutil/make_printable.c:37:29: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
xmlrpc-c-1.59.03/lib/libutil/make_printable.c:7: included_from: Included from here.
xmlrpc-c-1.59.03/lib/libutil/make_printable.c:37:29: note: read of 1 byte from after the end of ‘buffer’
xmlrpc-c-1.59.03/lib/libutil/make_printable.c:37:29: note: valid subscripts for ‘buffer’ are ‘[0]’ to ‘[1]’
# └─────────────────────────────┘
# ^
# 35|
# 36| if (0) {
# 37|-> } else if (input[inputCursor] == '\\') {
# 38| output[outputCursor++] = '\\';
# 39| output[outputCursor++] = '\\';
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/libutil/make_printable.c:37:43: warning[core.UndefinedBinaryOperatorResult]: The left operand of '==' is a garbage value due to array index out of bounds
# 35|
# 36| if (0) {
# 37|-> } else if (input[inputCursor] == '\\') {
# 38| output[outputCursor++] = '\\';
# 39| output[outputCursor++] = '\\';
Error: CPPCHECK_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/libutil/memblock.c:89: warning[uninitvar]: Uninitialized variables: blockP.poolP, blockP.size, blockP.allocated, blockP.blockP
# 87| }
# 88| }
# 89|-> return blockP;
# 90| }
# 91|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/libutil/memblock.c:89:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 87| }
# 88| }
# 89|-> return blockP;
# 90| }
# 91|
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/libutil/memblock.c: scope_hint: In function ‘xmlrpc_mem_block_new_pool’
xmlrpc-c-1.59.03/lib/libutil/memblock.c:89:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘blockP’
# 87| }
# 88| }
# 89|-> return blockP;
# 90| }
# 91|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/libutil/memblock.c: scope_hint: In function ‘xmlrpc_mem_block_new_pool’
xmlrpc-c-1.59.03/lib/libutil/memblock.c:89:12: warning[-Wmaybe-uninitialized]: ‘blockP’ may be used uninitialized
# 89 | return blockP;
# | ^~~~~~
xmlrpc-c-1.59.03/lib/libutil/memblock.c:51:24: note: ‘blockP’ was declared here
# 51 | xmlrpc_mem_block * blockP;
# | ^~~~~~
# 87| }
# 88| }
# 89|-> return blockP;
# 90| }
# 91|
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/libutil/memblock.c: scope_hint: In function ‘xmlrpc_mem_block_new’
xmlrpc-c-1.59.03/lib/libutil/memblock.c:100:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘blockP’
xmlrpc-c-1.59.03/lib/libutil/memblock.c: scope_hint: In function ‘xmlrpc_mem_block_new’
# 98| Create an xmlrpc_mem_block of size 'size', not in any pool
# 99| -----------------------------------------------------------------------------*/
# 100|-> return xmlrpc_mem_block_new_pool(envP, size, NULL);
# 101| }
# 102|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/libutil/memblock.c: scope_hint: In function ‘xmlrpc_mem_block_new’
xmlrpc-c-1.59.03/lib/libutil/memblock.c:100:12: warning[-Wmaybe-uninitialized]: ‘blockP’ may be used uninitialized
# 100 | return xmlrpc_mem_block_new_pool(envP, size, NULL);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/lib/libutil/memblock.c:51:24: note: ‘blockP’ was declared here
# 51 | xmlrpc_mem_block * blockP;
# | ^~~~~~
# 98| Create an xmlrpc_mem_block of size 'size', not in any pool
# 99| -----------------------------------------------------------------------------*/
# 100|-> return xmlrpc_mem_block_new_pool(envP, size, NULL);
# 101| }
# 102|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/libutil/mempool.c:44:5: warning[unix.Malloc]: Use of memory after it is freed
# 42| free(poolP);
# 43| }
# 44|-> return poolP;
# 45| }
# 46|
Error: COMPILER_WARNING:
xmlrpc-c-1.59.03/lib/libutil/string_number.c: scope_hint: In function ‘xmlrpc_parse_int64’
xmlrpc-c-1.59.03/lib/libutil/string_number.c:35:29: warning[-Wformat=]: format ‘%lld’ expects argument of type ‘long long int’, but argument 3 has type ‘long int’
# 35 | xmlrpc_faultf(envP, "Number cannot be represented in 64 bits. "
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/include/xmlrpc-c/util.h:23: included_from: Included from here.
xmlrpc-c-1.59.03/include/xmlrpc-c/base.h:11: included_from: Included from here.
xmlrpc-c-1.59.03/lib/libutil/string_number.c:12: included_from: Included from here.
xmlrpc-c-1.59.03/include/xmlrpc-c/config.h:40:28: note: format string is defined here
# 40 | #define XMLRPC_PRId64 "lld"
# 33|
# 34| if (errno == ERANGE)
# 35|-> xmlrpc_faultf(envP, "Number cannot be represented in 64 bits. "
# 36| "Must be in the range "
# 37| "[%" XMLRPC_PRId64 " - %" XMLRPC_PRId64 "]",
Error: COMPILER_WARNING:
xmlrpc-c-1.59.03/lib/libutil/string_number.c:35:29: warning[-Wformat=]: format ‘%lld’ expects argument of type ‘long long int’, but argument 4 has type ‘long int’
# 35 | xmlrpc_faultf(envP, "Number cannot be represented in 64 bits. "
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/include/xmlrpc-c/config.h:40:28: note: format string is defined here
# 40 | #define XMLRPC_PRId64 "lld"
# 33|
# 34| if (errno == ERANGE)
# 35|-> xmlrpc_faultf(envP, "Number cannot be represented in 64 bits. "
# 36| "Must be in the range "
# 37| "[%" XMLRPC_PRId64 " - %" XMLRPC_PRId64 "]",
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/libutil/utf8.c:158:9: warning[-Wmaybe-uninitialized]: ‘wc’ may be used uninitialized
# 158 | xmlrpc_env_set_fault_formatted(
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 159 | envP, XMLRPC_INVALID_UTF8_ERROR,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 160 | "Xmlrpc-c is not capable of handling UTF16 character encodings "
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 161 | "longer than 16 bits, which means you can't have a code point "
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 162 | "> U+FFFD. "
# | ~~~~~~~~~~~~~
# 163 | "This string contains 0x%04x",
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 164 | (unsigned)wc);
# | ~~~~~~~~~~~~~
xmlrpc-c-1.59.03/lib/libutil/utf8.c: scope_hint: In function ‘decodeUtf8’
xmlrpc-c-1.59.03/lib/libutil/utf8.c:192:13: note: ‘wc’ was declared here
# 192 | wchar_t wc;
# | ^~
# 156| -----------------------------------------------------------------------------*/
# 157| if (wc > UCS2_MAX_LEGAL_CHARACTER)
# 158|-> xmlrpc_env_set_fault_formatted(
# 159| envP, XMLRPC_INVALID_UTF8_ERROR,
# 160| "Xmlrpc-c is not capable of handling UTF16 character encodings "
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/libutil/utf8.c: scope_hint: In function ‘decodeMultibyte’
xmlrpc-c-1.59.03/lib/libutil/utf8.c:243:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘wc’
# 241|
# 242| if (!envP->fault_occurred)
# 243|-> validateUtf16(envP, wc);
# 244|
# 245| if (!envP->fault_occurred)
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/libutil/utf8.c:243:9: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
# 241|
# 242| if (!envP->fault_occurred)
# 243|-> validateUtf16(envP, wc);
# 244|
# 245| if (!envP->fault_occurred)
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/libutil/utf8.c:251:10: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘wc’
# 249| "Overlong UTF-8 sequence not allowed");
# 250|
# 251|-> *wcP = wc;
# 252| }
# 253|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/libutil/utf8.c:251:10: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 249| "Overlong UTF-8 sequence not allowed");
# 250|
# 251|-> *wcP = wc;
# 252| }
# 253|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/lib/libutil/utf8.c:325:34: warning[-Wmaybe-uninitialized]: ‘wc’ may be used uninitialized
# 325 | ioBuff[outPos++] = wc;
# | ~~~~~~~~~~~~~~~~~^~~~
xmlrpc-c-1.59.03/lib/libutil/utf8.c:288:17: note: ‘wc’ was declared here
# 288 | wchar_t wc;
# | ^~
# 323| /* If we have a buffer, write our character to it. */
# 324| if (ioBuff)
# 325|-> ioBuff[outPos++] = wc;
# 326| }
# 327| }
Error: GCC_ANALYZER_WARNING (CWE-122):
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:57:30: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:52:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:52:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:57:30: note: write of 7 bytes to beyond the end of the region
# 55|
# 56| for (i = 0; i < numOptions; ++i) {
# 57|-> longopts[i].name = optionDescArray[i].name;
# 58| /* If the option takes a value, we say it is optional even
# 59| though it never is. That's because if we say it is
Error: GCC_ANALYZER_WARNING (CWE-122):
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:65:33: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:52:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:52:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:65:33: note: write of 4 bytes to beyond the end of the region
# 63| the user omits a required option value.
# 64| */
# 65|-> longopts[i].has_arg =
# 66| optionDescArray[i].type == OPTTYPE_FLAG ?
# 67| no_argument : optional_argument;
Error: GCC_ANALYZER_WARNING (CWE-122):
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:68:30: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:52:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:52:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:68:30: note: write of 8 bytes to beyond the end of the region
# 66| optionDescArray[i].type == OPTTYPE_FLAG ?
# 67| no_argument : optional_argument;
# 68|-> longopts[i].flag = NULL;
# 69| longopts[i].val = i;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-122):
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:69:29: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:52:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:52:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:69:29: note: write of 4 bytes to beyond the end of the region
# 67| no_argument : optional_argument;
# 68| longopts[i].flag = NULL;
# 69|-> longopts[i].val = i;
# 70| }
# 71| longopts[numOptions].name = 0;
Error: GCC_ANALYZER_WARNING (CWE-401):
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c: scope_hint: In function ‘parseOptionValue’
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:189:30: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(optarg)’
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:52:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:52:5: note: in expansion of macro ‘MALLOCARRAY’
# 187| else {
# 188| *errorP = NULL;
# 189|-> optionP->value.s = strdup(optarg);
# 190| }
# 191| break;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:211:9: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 209|
# 210| parseOptionValue(optarg, optionP, &error);
# 211|-> if (error)
# 212| casprintf(errorP, "Error in '%s' option: %s", optionP->name, error);
# 213| else
Error: GCC_ANALYZER_WARNING (CWE-401):
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:236:16: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(*<unknown>)’
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:225:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:225:5: note: in expansion of macro ‘MALLOCARRAY’
# 234| for (i = 0; i < cpP->numArguments; ++i) {
# 235| cpP->argumentArray[i] = strdup(argv[getopt_argstart() + i]);
# 236|-> if (cpP->argumentArray[i] == NULL) {
# 237| fprintf(stderr, "Unable to allocate memory for Argument %u\n",
# 238| i);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/lib/util/cmdline_parser_cpp.cpp:20:5: warning[deadcode.DeadStores]: Value stored to 'retval' is never read
# 18| enum optiontype retval;
# 19|
# 20|-> retval = OPTTYPE_FLAG; // defeat compiler warning
# 21|
# 22| switch (arg) {
Error: GCC_ANALYZER_WARNING (CWE-131):
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:13: included_from: Included from here.
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c: scope_hint: In function ‘createLongOptsArray’
xmlrpc-c-1.59.03/lib/util/include/mallocvar.h:79:15: warning[-Wanalyzer-allocation-size]: allocated buffer size is not a multiple of the pointee's size
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:52:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:52:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:52:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/lib/util/cmdline_parser.c:52:5: note: in expansion of macro ‘MALLOCARRAY’
# 77| void * array; \
# 78| mallocProduct(&array, nElements, sizeof(arrayName[0])); \
# 79|-> arrayName = array; \
# 80| } while (0)
# 81|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/cpp/registry.cpp:284:17: warning[core.CallAndMessage]: Called C++ object pointer is null
# 282| method2P->execute(paramList, callInfoP, &result);
# 283| else
# 284|-> methodP->execute(paramList, &result);
# 285| } catch (xmlrpc_c::fault const& fault) {
# 286| xmlrpc_env_set_fault(envP, fault.getCode(),
Error: CPPCHECK_WARNING (CWE-762):
xmlrpc-c-1.59.03/src/cpp/server_cgi.cpp:227: error[mismatchAllocDealloc]: Mismatching allocation and deallocation: buffer
# 225| setModeBinary(fileP);
# 226| char * const buffer(new char[length]);
# 227|-> UNIQUE_PTR<char> p(buffer); // To make it go away when we leave
# 228|
# 229| size_t count;
Error: GCC_ANALYZER_WARNING (CWE-401):
xmlrpc-c-1.59.03/src/double.c: scope_hint: In function ‘bufferConcat’
xmlrpc-c-1.59.03/src/double.c:50:27: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
# 48| bufferP->bytes = realloc(bufferP->bytes, newSize);
# 49| bufferP->next = bufferP->bytes + oldSize;
# 50|-> bufferP->end = bufferP->bytes + newSize;
# 51| }
# 52|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/double.c:281:9: warning[unix.Malloc]: Potential leak of memory pointed to by 'formatted.bytes'
# 279|
# 280| if (formatted.bytes == NULL)
# 281|-> xmlrpc_faultf(envP, "Couldn't allocate memory to format %g",
# 282| value);
# 283| else
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/json.c:712:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 710| xmlrpc_env_clean(&env);
# 711|
# 712|-> return valP;
# 713| }
# 714|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/json.c: scope_hint: In function ‘parseValue’
xmlrpc-c-1.59.03/src/json.c:976:12: warning[-Wmaybe-uninitialized]: ‘valP’ may be used uninitialized
# 976 | return retval;
# | ^~~~~~
xmlrpc-c-1.59.03/src/json.c:695:20: note: ‘valP’ was declared here
# 695 | xmlrpc_value * valP;
# | ^~~~
# 974| tokTypeName(tokP->type));
# 975| }
# 976|-> return retval;
# 977| }
# 978|
Error: CPPCHECK_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/json.c:985: error[legacyUninitvar]: Uninitialized variable: retval
# 983| const char * const str) {
# 984|
# 985|-> xmlrpc_value * retval = retval;
# 986| Tokenizer tok;
# 987|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/json.c:985:5: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 983| const char * const str) {
# 984|
# 985|-> xmlrpc_value * retval = retval;
# 986| Tokenizer tok;
# 987|
Error: GCC_ANALYZER_WARNING (CWE-476):
xmlrpc-c-1.59.03/src/method.c: scope_hint: In function ‘parseArgumentTypeSpecifiers’
xmlrpc-c-1.59.03/src/method.c:113:57: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
xmlrpc-c-1.59.03/src/method.c: scope_hint: In function ‘parseArgumentTypeSpecifiers’
xmlrpc-c-1.59.03/src/method.c:22: included_from: Included from here.
xmlrpc-c-1.59.03/lib/util/include/mallocvar.h:83:20: note: in definition of macro ‘REALLOCARRAY’
xmlrpc-c-1.59.03/lib/util/include/mallocvar.h:83:20: note: in definition of macro ‘REALLOCARRAY’
xmlrpc-c-1.59.03/src/method.c:81:9: note: in expansion of macro ‘REALLOCARRAY’
xmlrpc-c-1.59.03/src/method.c:81:9: note: in expansion of macro ‘REALLOCARRAY’
xmlrpc-c-1.59.03/src/method.c:81:9: note: in expansion of macro ‘REALLOCARRAY’
# 111| makeRoomInArgList(envP, signatureP, signatureP->argCount + 1);
# 112|
# 113|-> signatureP->argList[signatureP->argCount++] = typeName;
# 114| }
# 115| }
Error: GCC_ANALYZER_WARNING (CWE-476):
xmlrpc-c-1.59.03/src/method.c: scope_hint: In function ‘listSignatures’
xmlrpc-c-1.59.03/src/method.c:221:31: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘signatureP’
xmlrpc-c-1.59.03/src/method.c: scope_hint: In function ‘listSignatures’
xmlrpc-c-1.59.03/src/method.c:147:5: note: in expansion of macro ‘MALLOCVAR’
# 219|
# 220| if (!envP->fault_occurred) {
# 221|-> signatureP->nextP = NULL;
# 222| *p = signatureP;
# 223| p = &signatureP->nextP;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/parse_datetime.c:465:24: warning[core.CallAndMessage]: Passed-by-value struct argument contains uninitialized data (e.g., field: 'Y')
# 463|
# 464| if (!envP->fault_occurred)
# 465|-> *valuePP = xmlrpc_datetime_new(envP, dt);
# 466| }
# 467| }
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/parse_value.c: scope_hint: In function ‘parseArrayDataChild’
xmlrpc-c-1.59.03/src/parse_value.c:55:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘itemP’
xmlrpc-c-1.59.03/src/parse_value.c: scope_hint: In function ‘parseArrayDataChild’
xmlrpc-c-1.59.03/src/parse_value.c: scope_hint: In function ‘parseArrayDataChild’
# 53|
# 54| if (!envP->fault_occurred) {
# 55|-> xmlrpc_array_append_item(envP, arrayP, itemP);
# 56|
# 57| xmlrpc_DECREF(itemP);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/parse_value.c:55:13: warning[core.CallAndMessage]: 3rd function call argument is an uninitialized value
# 53|
# 54| if (!envP->fault_occurred) {
# 55|-> xmlrpc_array_append_item(envP, arrayP, itemP);
# 56|
# 57| xmlrpc_DECREF(itemP);
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/parse_value.c:116:31: warning[-Wmaybe-uninitialized]: ‘nameElemP’ may be used uninitialized
# 116 | size_t const childCount = xml_element_children_size(nameElemP);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/src/parse_value.c: scope_hint: In function ‘xmlrpc_parseValue.part.0’
xmlrpc-c-1.59.03/src/parse_value.c:193:23: note: ‘nameElemP’ was declared here
# 193 | xml_element * nameElemP;
# | ^~~~~~~~~
# 114| xmlrpc_value ** const valuePP) {
# 115|
# 116|-> size_t const childCount = xml_element_children_size(nameElemP);
# 117|
# 118| if (childCount > 0)
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/parse_value.c:198:13: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
# 196|
# 197| if (!envP->fault_occurred) {
# 198|-> parseName(envP, nameElemP, keyPP);
# 199|
# 200| if (!envP->fault_occurred) {
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/parse_value.c:201:31: warning[-Wmaybe-uninitialized]: ‘valueElemP’ may be used uninitialized
# 201 | xml_element * valueElemP;
# | ^~~~~~~~~~
# 199|
# 200| if (!envP->fault_occurred) {
# 201|-> xml_element * valueElemP;
# 202|
# 203| getValueChild(envP, memberP, &valueElemP);
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/parse_value.c:206:21: warning[-Wmaybe-uninitialized]: ‘valueElemP’ may be used uninitialized
# 206 | xmlrpc_parseValue(envP, maxRecursion-1, valueElemP,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 207 | valuePP);
# | ~~~~~~~~
xmlrpc-c-1.59.03/src/parse_value.c: scope_hint: In function ‘xmlrpc_parseValue’
xmlrpc-c-1.59.03/src/parse_value.c:201:31: note: ‘valueElemP’ was declared here
# 201 | xml_element * valueElemP;
# | ^~~~~~~~~~
# 204|
# 205| if (!envP->fault_occurred)
# 206|-> xmlrpc_parseValue(envP, maxRecursion-1, valueElemP,
# 207| valuePP);
# 208|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/parse_value.c:206:21: warning[core.CallAndMessage]: 3rd function call argument is an uninitialized value
# 204|
# 205| if (!envP->fault_occurred)
# 206|-> xmlrpc_parseValue(envP, maxRecursion-1, valueElemP,
# 207| valuePP);
# 208|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/parse_value.c:210:21: warning[-Wmaybe-uninitialized]: ‘keyP’ may be used uninitialized
# 210 | xmlrpc_DECREF(*keyPP);
# | ^~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/src/parse_value.c: scope_hint: In function ‘xmlrpc_parseValue.part.0’
xmlrpc-c-1.59.03/src/parse_value.c:247:32: note: ‘keyP’ was declared here
# 247 | xmlrpc_value * keyP;
# | ^~~~
# 208|
# 209| if (envP->fault_occurred)
# 210|-> xmlrpc_DECREF(*keyPP);
# 211| }
# 212| }
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/parse_value.c:210:21: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 208|
# 209| if (envP->fault_occurred)
# 210|-> xmlrpc_DECREF(*keyPP);
# 211| }
# 212| }
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/parse_value.c: scope_hint: In function ‘parseStruct’
xmlrpc-c-1.59.03/src/parse_value.c:253:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘valueP’
xmlrpc-c-1.59.03/src/parse_value.c: scope_hint: In function ‘parseStruct’
# 251|
# 252| if (!envP->fault_occurred) {
# 253|-> xmlrpc_struct_set_value_v(envP, structP, keyP, valueP);
# 254|
# 255| xmlrpc_DECREF(keyP);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/parse_value.c:253:21: warning[core.CallAndMessage]: 3rd function call argument is an uninitialized value
# 251|
# 252| if (!envP->fault_occurred) {
# 253|-> xmlrpc_struct_set_value_v(envP, structP, keyP, valueP);
# 254|
# 255| xmlrpc_DECREF(keyP);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/parse_value.c:253:21: warning[core.CallAndMessage]: 4th function call argument is an uninitialized value
# 251|
# 252| if (!envP->fault_occurred) {
# 253|-> xmlrpc_struct_set_value_v(envP, structP, keyP, valueP);
# 254|
# 255| xmlrpc_DECREF(keyP);
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/parse_value.c:432:12: warning[-Wmaybe-uninitialized]: ‘mantissaEnd’ may be used uninitialized
# 432 | if (mantissa == mantissaEnd && fraction == fractionEnd) {
# | ^
xmlrpc-c-1.59.03/src/parse_value.c: scope_hint: In function ‘xmlrpc_parseValue.part.0’
xmlrpc-c-1.59.03/src/parse_value.c:420:18: note: ‘mantissaEnd’ was declared here
# 420 | const char * mantissaEnd;
# | ^~~~~~~~~~~
# 430| accum = 0.0;
# 431|
# 432|-> if (mantissa == mantissaEnd && fraction == fractionEnd) {
# 433| setParseFault(envP, "No digits");
# 434| return;
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/parse_value.c:432:12: warning[-Wmaybe-uninitialized]: ‘mantissa’ may be used uninitialized
# 432 | if (mantissa == mantissaEnd && fraction == fractionEnd) {
# | ^
xmlrpc-c-1.59.03/src/parse_value.c: scope_hint: In function ‘xmlrpc_parseValue.part.0’
xmlrpc-c-1.59.03/src/parse_value.c:419:18: note: ‘mantissa’ was declared here
# 419 | const char * mantissa;
# | ^~~~~~~~
# 430| accum = 0.0;
# 431|
# 432|-> if (mantissa == mantissaEnd && fraction == fractionEnd) {
# 433| setParseFault(envP, "No digits");
# 434| return;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/parse_value.c:432:22: warning[core.UndefinedBinaryOperatorResult]: The left operand of '==' is a garbage value
# 430| accum = 0.0;
# 431|
# 432|-> if (mantissa == mantissaEnd && fraction == fractionEnd) {
# 433| setParseFault(envP, "No digits");
# 434| return;
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/parse_value.c:432:37: warning[-Wmaybe-uninitialized]: ‘fractionEnd’ may be used uninitialized
# 432 | if (mantissa == mantissaEnd && fraction == fractionEnd) {
# | ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/src/parse_value.c: scope_hint: In function ‘xmlrpc_parseValue.part.0’
xmlrpc-c-1.59.03/src/parse_value.c:422:18: note: ‘fractionEnd’ was declared here
# 422 | const char * fractionEnd;
# | ^~~~~~~~~~~
# 430| accum = 0.0;
# 431|
# 432|-> if (mantissa == mantissaEnd && fraction == fractionEnd) {
# 433| setParseFault(envP, "No digits");
# 434| return;
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/parse_value.c:432:37: warning[-Wmaybe-uninitialized]: ‘fraction’ may be used uninitialized
# 432 | if (mantissa == mantissaEnd && fraction == fractionEnd) {
# | ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/src/parse_value.c: scope_hint: In function ‘xmlrpc_parseValue.part.0’
xmlrpc-c-1.59.03/src/parse_value.c:421:18: note: ‘fraction’ was declared here
# 421 | const char * fraction;
# | ^~~~~~~~
# 430| accum = 0.0;
# 431|
# 432|-> if (mantissa == mantissaEnd && fraction == fractionEnd) {
# 433| setParseFault(envP, "No digits");
# 434| return;
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/parse_value.c:530:20: warning[-Wmaybe-uninitialized]: ‘valueDouble’ may be used uninitialized
# 530 | *valuePP = xmlrpc_double_new(envP, valueDouble);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/src/parse_value.c: scope_hint: In function ‘xmlrpc_parseValue.part.0’
xmlrpc-c-1.59.03/src/parse_value.c:505:12: note: ‘valueDouble’ was declared here
# 505 | double valueDouble;
# | ^~~~~~~~~~~
# 528|
# 529| if (!envP->fault_occurred)
# 530|-> *valuePP = xmlrpc_double_new(envP, valueDouble);
# 531|
# 532| xmlrpc_env_clean(&parseEnv);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/registry.c:77:5: warning[unix.Malloc]: Use of memory after it is freed
# 75| free(registryP);
# 76| }
# 77|-> return registryP;
# 78| }
# 79|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/registry.c:430:17: warning[core.CallAndMessage]: 3rd function call argument is an uninitialized value
# 428|
# 429| if (!fault.fault_occurred) {
# 430|-> xmlrpc_serialize_response2(envP, responseXmlP,
# 431| resultP, registryP->dialect);
# 432|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/registry.c:469:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 467| &responseXmlP);
# 468|
# 469|-> return responseXmlP;
# 470| }
# 471|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/system_method.c: scope_hint: In function ‘system_multicall’
xmlrpc-c-1.59.03/src/system_method.c:166:17: warning[-Wmaybe-uninitialized]: ‘methlistP’ may be used uninitialized
# 166 | xmlrpc_array_size(envP, methlistP);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/src/system_method.c:148:20: note: ‘methlistP’ was declared here
# 148 | xmlrpc_value * methlistP;
# | ^~~~~~~~~
# 164| /* Loop over our input list, calling each method in turn. */
# 165| unsigned int const methodCount =
# 166|-> xmlrpc_array_size(envP, methlistP);
# 167| unsigned int i;
# 168| for (i = 0; i < methodCount && !envP->fault_occurred; ++i) {
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/system_method.c:166:17: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
# 164| /* Loop over our input list, calling each method in turn. */
# 165| unsigned int const methodCount =
# 166|-> xmlrpc_array_size(envP, methlistP);
# 167| unsigned int i;
# 168| for (i = 0; i < methodCount && !envP->fault_occurred; ++i) {
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/system_method.c:180:21: warning[core.CallAndMessage]: 3rd function call argument is an uninitialized value
# 178| if (!envP->fault_occurred) {
# 179| /* Append this method result to our master array. */
# 180|-> xmlrpc_array_append_item(envP, resultsP, resultP);
# 181| xmlrpc_DECREF(resultP);
# 182| }
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/system_method.c:181:21: warning[-Wmaybe-uninitialized]: ‘resultP’ may be used uninitialized
# 181 | xmlrpc_DECREF(resultP);
# | ^~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/src/system_method.c:172:32: note: ‘resultP’ was declared here
# 172 | xmlrpc_value * resultP;
# | ^~~~~~~
# 179| /* Append this method result to our master array. */
# 180| xmlrpc_array_append_item(envP, resultsP, resultP);
# 181|-> xmlrpc_DECREF(resultP);
# 182| }
# 183| }
Error: CPPCHECK_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/system_method.c:275: error[legacyUninitvar]: Uninitialized variable: retvalP
# 273| createMethodListArray(envP, registryP, &retvalP);
# 274| }
# 275|-> return retvalP;
# 276| }
# 277|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/system_method.c:275:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 273| createMethodListArray(envP, registryP, &retvalP);
# 274| }
# 275|-> return retvalP;
# 276| }
# 277|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/system_method.c: scope_hint: In function ‘system_listMethods’
xmlrpc-c-1.59.03/src/system_method.c:275:12: warning[-Wmaybe-uninitialized]: ‘retvalP’ may be used uninitialized
# 275 | return retvalP;
# | ^~~~~~~
xmlrpc-c-1.59.03/src/system_method.c:259:20: note: ‘retvalP’ was declared here
# 259 | xmlrpc_value * retvalP;
# | ^~~~~~~
# 273| createMethodListArray(envP, registryP, &retvalP);
# 274| }
# 275|-> return retvalP;
# 276| }
# 277|
Error: CPPCHECK_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/system_method.c:333: error[legacyUninitvar]: Uninitialized variable: retvalP
# 331| }
# 332|
# 333|-> return retvalP;
# 334| }
# 335|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/system_method.c:333:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 331| }
# 332|
# 333|-> return retvalP;
# 334| }
# 335|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/system_method.c: scope_hint: In function ‘system_methodExist’
xmlrpc-c-1.59.03/src/system_method.c:333:12: warning[-Wmaybe-uninitialized]: ‘retvalP’ may be used uninitialized
# 333 | return retvalP;
# | ^~~~~~~
xmlrpc-c-1.59.03/src/system_method.c:317:20: note: ‘retvalP’ was declared here
# 317 | xmlrpc_value * retvalP;
# | ^~~~~~~
# 331| }
# 332|
# 333|-> return retvalP;
# 334| }
# 335|
Error: CPPCHECK_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/system_method.c:403: error[legacyUninitvar]: Uninitialized variable: retvalP
# 401| }
# 402|
# 403|-> return retvalP;
# 404| }
# 405|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/system_method.c:403:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 401| }
# 402|
# 403|-> return retvalP;
# 404| }
# 405|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/system_method.c: scope_hint: In function ‘system_methodHelp’
xmlrpc-c-1.59.03/src/system_method.c:403:12: warning[-Wmaybe-uninitialized]: ‘retvalP’ may be used uninitialized
# 403 | return retvalP;
# | ^~~~~~~
xmlrpc-c-1.59.03/src/system_method.c:381:20: note: ‘retvalP’ was declared here
# 381 | xmlrpc_value * retvalP;
# | ^~~~~~~
# 401| }
# 402|
# 403|-> return retvalP;
# 404| }
# 405|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/system_method.c: scope_hint: In function ‘system_methodSignature’
xmlrpc-c-1.59.03/src/system_method.c:575:20: warning[-Wmaybe-uninitialized]: ‘signatureListP’ may be used uninitialized
# 575 | if (signatureListP)
# | ^
xmlrpc-c-1.59.03/src/system_method.c:570:28: note: ‘signatureListP’ was declared here
# 570 | xmlrpc_value * signatureListP;
# | ^~~~~~~~~~~~~~
# 573|
# 574| if (!envP->fault_occurred) {
# 575|-> if (signatureListP)
# 576| retvalP = signatureListP;
# 577| else
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/system_method.c:575:21: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 573|
# 574| if (!envP->fault_occurred) {
# 575|-> if (signatureListP)
# 576| retvalP = signatureListP;
# 577| else
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/system_method.c:585:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 583| xmlrpc_env_clean(&env);
# 584|
# 585|-> return retvalP;
# 586| }
# 587|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/system_method.c:585:12: warning[-Wmaybe-uninitialized]: ‘retvalP’ may be used uninitialized
# 585 | return retvalP;
# | ^~~~~~~
xmlrpc-c-1.59.03/src/system_method.c:549:20: note: ‘retvalP’ was declared here
# 549 | xmlrpc_value * retvalP;
# | ^~~~~~~
# 583| xmlrpc_env_clean(&env);
# 584|
# 585|-> return retvalP;
# 586| }
# 587|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/system_method.c:658:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 656| xmlrpc_env_clean(&env);
# 657|
# 658|-> return retvalP;
# 659| }
# 660|
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/system_method.c: scope_hint: In function ‘system_shutdown’
xmlrpc-c-1.59.03/src/system_method.c:658:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘retvalP’
# 656| xmlrpc_env_clean(&env);
# 657|
# 658|-> return retvalP;
# 659| }
# 660|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/system_method.c: scope_hint: In function ‘system_shutdown’
xmlrpc-c-1.59.03/src/system_method.c:658:12: warning[-Wmaybe-uninitialized]: ‘retvalP’ may be used uninitialized
# 658 | return retvalP;
# | ^~~~~~~
xmlrpc-c-1.59.03/src/system_method.c:618:20: note: ‘retvalP’ was declared here
# 618 | xmlrpc_value * retvalP;
# | ^~~~~~~
# 656| xmlrpc_env_clean(&env);
# 657|
# 658|-> return retvalP;
# 659| }
# 660|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/system_method.c:720:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 718| constructCapabilities(envP, registryP, &retvalP);
# 719|
# 720|-> return retvalP;
# 721| }
# 722|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/system_method.c: scope_hint: In function ‘system_capabilities’
xmlrpc-c-1.59.03/src/system_method.c:720:12: warning[-Wmaybe-uninitialized]: ‘retvalP’ may be used uninitialized
# 720 | return retvalP;
# | ^~~~~~~
xmlrpc-c-1.59.03/src/system_method.c:703:20: note: ‘retvalP’ was declared here
# 703 | xmlrpc_value * retvalP;
# | ^~~~~~~
# 718| constructCapabilities(envP, registryP, &retvalP);
# 719|
# 720|-> return retvalP;
# 721| }
# 722|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/system_method.c:786:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 784| listCapabilities(envP, registryP, &retvalP);
# 785|
# 786|-> return retvalP;
# 787| }
# 788|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/system_method.c: scope_hint: In function ‘system_getCapabilities’
xmlrpc-c-1.59.03/src/system_method.c:786:12: warning[-Wmaybe-uninitialized]: ‘retvalP’ may be used uninitialized
# 786 | return retvalP;
# | ^~~~~~~
xmlrpc-c-1.59.03/src/system_method.c:769:20: note: ‘retvalP’ was declared here
# 769 | xmlrpc_value * retvalP;
# | ^~~~~~~
# 784| listCapabilities(envP, registryP, &retvalP);
# 785|
# 786|-> return retvalP;
# 787| }
# 788|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_array.c:177:13: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 175|
# 176| if (!envP->fault_occurred)
# 177|-> xmlrpc_DECREF(valueP);
# 178| }
# 179| if (envP->fault_occurred)
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_array.c:182:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 180| valueP = NULL;
# 181|
# 182|-> return valueP;
# 183| }
# 184|
Error: CPPCHECK_WARNING (CWE-672):
xmlrpc-c-1.59.03/src/xmlrpc_array.c:201: error[deallocret]: Returning/dereferencing 'arrayP' after it is deallocated / released
# 199| free(arrayP);
# 200| }
# 201|-> return arrayP;
# 202| }
# 203|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_array.c:201:5: warning[unix.Malloc]: Use of memory after it is freed
# 199| free(arrayP);
# 200| }
# 201|-> return arrayP;
# 202| }
# 203|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_array.c:245:17: warning[unix.Malloc]: Attempt to free released memory
# 243|
# 244| if (envP->fault_occurred)
# 245|-> free(arrayP);
# 246| }
# 247| }
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_array.c:248:5: warning[unix.Malloc]: Use of memory after it is freed
# 246| }
# 247| }
# 248|-> return arrayP;
# 249| }
# 250|
Error: GCC_ANALYZER_WARNING (CWE-688):
xmlrpc-c-1.59.03/src/xmlrpc_authcookie.c:63:5: warning[-Wanalyzer-null-argument]: use of NULL ‘unencoded’ where non-null expected
xmlrpc-c-1.59.03/src/xmlrpc_authcookie.c:62:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_authcookie.c:62:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_authcookie.c:62:5: note: in expansion of macro ‘MALLOCARRAY’
<built-in>: note: argument 1 of ‘__builtin_sprintf’ must be non-null
# 61|
# 62| MALLOCARRAY(unencoded,(strlen(username) + strlen(password) + 1 + 1));
# 63|-> sprintf(unencoded, "%s:%s", username, password);
# 64|
# 65| /* Create encoded string. */
Error: GCC_ANALYZER_WARNING (CWE-688):
xmlrpc-c-1.59.03/src/xmlrpc_authcookie.c: scope_hint: In function ‘xmlrpc_authcookie_set’
xmlrpc-c-1.59.03/src/xmlrpc_authcookie.c:63:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘unencoded’ where non-null expected
xmlrpc-c-1.59.03/src/xmlrpc_authcookie.c:32: included_from: Included from here.
xmlrpc-c-1.59.03/src/xmlrpc_authcookie.c:62:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_authcookie.c:62:5: note: in expansion of macro ‘MALLOCARRAY’
<built-in>: note: argument 1 of ‘__builtin_sprintf’ must be non-null
# 61|
# 62| MALLOCARRAY(unencoded,(strlen(username) + strlen(password) + 1 + 1));
# 63|-> sprintf(unencoded, "%s:%s", username, password);
# 64|
# 65| /* Create encoded string. */
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_build.c:114:17: warning[core.CallAndMessage]: 3rd function call argument is an uninitialized value
# 112| getValue(envP, formatP, argsP, &itemP);
# 113| if (!envP->fault_occurred) {
# 114|-> xmlrpc_array_append_item(envP, arrayP, itemP);
# 115| xmlrpc_DECREF(itemP);
# 116| }
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_build.c:187:21: warning[core.CallAndMessage]: 4th function call argument is an uninitialized value
# 185| if (!envP->fault_occurred)
# 186| /* Add the new member to the struct. */
# 187|-> xmlrpc_struct_set_value_v(envP, structP, keyP, valueP);
# 188|
# 189| xmlrpc_DECREF(valueP);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_build.c:189:17: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 187| xmlrpc_struct_set_value_v(envP, structP, keyP, valueP);
# 188|
# 189|-> xmlrpc_DECREF(valueP);
# 190| xmlrpc_DECREF(keyP);
# 191| }
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_build.c:391:13: warning[core.NullDereference]: Dereference of undefined pointer value (loaded from variable 'suffix')
# 389|
# 390| if (!envP->fault_occurred) {
# 391|-> if (*suffix != '\0')
# 392| xmlrpc_faultf(envP, "Junk after the format specifier: '%s'. "
# 393| "The format string must describe exactly "
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_build.c:400:13: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 398|
# 399| if (envP->fault_occurred)
# 400|-> xmlrpc_DECREF(retval);
# 401| }
# 402| return retval;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_build.c:402:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 400| xmlrpc_DECREF(retval);
# 401| }
# 402|-> return retval;
# 403| }
# 404|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_client.c:419:9: warning[-Wmaybe-uninitialized]: ‘transportparms.parmsP’ may be used uninitialized
# 419 | transportOpsP->create(
# | ^~~~~~~~~~~~~~~~~~~~~~
# 420 | envP, flags, appname, appversion,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 421 | transportparmsP, transportparmSize,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 422 | &transportP);
# | ~~~~~~~~~~~~
xmlrpc-c-1.59.03/src/xmlrpc_client.c: scope_hint: In function ‘xmlrpc_client_create’
xmlrpc-c-1.59.03/src/xmlrpc_client.c:458:27: note: ‘transportparms.parmsP’ was declared here
# 458 | struct xportParms transportparms;
# | ^~~~~~~~~~~~~~
# 417|
# 418| /* The following call is not thread-safe */
# 419|-> transportOpsP->create(
# 420| envP, flags, appname, appversion,
# 421| transportparmsP, transportparmSize,
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_client.c:419:9: warning[-Wmaybe-uninitialized]: ‘transportparms.size’ may be used uninitialized
# 419 | transportOpsP->create(
# | ^~~~~~~~~~~~~~~~~~~~~~
# 420 | envP, flags, appname, appversion,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 421 | transportparmsP, transportparmSize,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 422 | &transportP);
# | ~~~~~~~~~~~~
xmlrpc-c-1.59.03/src/xmlrpc_client.c: scope_hint: In function ‘xmlrpc_client_create’
xmlrpc-c-1.59.03/src/xmlrpc_client.c:458:27: note: ‘transportparms.size’ was declared here
# 458 | struct xportParms transportparms;
# | ^~~~~~~~~~~~~~
# 417|
# 418| /* The following call is not thread-safe */
# 419|-> transportOpsP->create(
# 420| envP, flags, appname, appversion,
# 421| transportparmsP, transportparmSize,
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_client.c:419:9: warning[core.NullDereference]: Access to field 'create' results in a dereference of an undefined pointer value (loaded from variable 'transportOpsP')
# 417|
# 418| /* The following call is not thread-safe */
# 419|-> transportOpsP->create(
# 420| envP, flags, appname, appversion,
# 421| transportparmsP, transportparmSize,
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_client.c:473:16: warning[-Wmaybe-uninitialized]: ‘transportName’ may be used uninitialized
# 473 | if (transportName)
# | ^
xmlrpc-c-1.59.03/src/xmlrpc_client.c: scope_hint: In function ‘xmlrpc_client_create’
xmlrpc-c-1.59.03/src/xmlrpc_client.c:457:22: note: ‘transportName’ was declared here
# 457 | const char * transportName;
# | ^~~~~~~~~~~~~
# 471|
# 472| if (!envP->fault_occurred) {
# 473|-> if (transportName)
# 474| createTransportAndClient(envP, transportName,
# 475| transportparms.parmsP,
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_client.c:473:17: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 471|
# 472| if (!envP->fault_occurred) {
# 473|-> if (transportName)
# 474| createTransportAndClient(envP, transportName,
# 475| transportparms.parmsP,
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_client.c:622:25: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 620|
# 621| xmlrpc_traceXml("XML-RPC CALL",
# 622|-> XMLRPC_MEMBLOCK_CONTENTS(char, callXmlP),
# 623| XMLRPC_MEMBLOCK_SIZE(char, callXmlP));
# 624|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_client.c:743:9: warning[core.CallAndMessage]: 5th function call argument is an uninitialized value
# 741|
# 742| if (!envP->fault_occurred) {
# 743|-> xmlrpc_client_call2(envP, clientP,
# 744| serverInfoP, methodName, paramArrayP,
# 745| resultPP);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_client.c:781:13: warning[core.CallAndMessage]: 5th function call argument is an uninitialized value
# 779| if (!envP->fault_occurred) {
# 780| /* Perform the actual XML-RPC call. */
# 781|-> xmlrpc_client_call2(envP, clientP,
# 782| serverInfoP, methodName, paramArrayP,
# 783| resultPP);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_client.c:788:9: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 786| xmlrpc_server_info_free(serverInfoP);
# 787| }
# 788|-> xmlrpc_DECREF(paramArrayP);
# 789| }
# 790| }
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_client.c: scope_hint: In function ‘callInfoCreate’
xmlrpc-c-1.59.03/src/xmlrpc_client.c:883:39: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘callXmlP’
# 881|
# 882| if (!envP->fault_occurred) {
# 883|-> callInfoP->serialized_xml = callXmlP;
# 884|
# 885| callInfoSetCompletion(envP, callInfoP, serverUrl, methodName,
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_client.c:883:39: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 881|
# 882| if (!envP->fault_occurred) {
# 883|-> callInfoP->serialized_xml = callXmlP;
# 884|
# 885| callInfoSetCompletion(envP, callInfoP, serverUrl, methodName,
Error: GCC_ANALYZER_WARNING (CWE-401):
xmlrpc-c-1.59.03/src/xmlrpc_client.c:890:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
# 888|
# 889| if (envP->fault_occurred)
# 890|-> free(callInfoP);
# 891| }
# 892| }
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_client.c:903:9: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 901| XMLRPC_ASSERT_PTR_OK(callInfoP);
# 902|
# 903|-> if (callInfoP->completionFn) {
# 904| xmlrpc_DECREF(callInfoP->completionArgs.paramArrayP);
# 905| xmlrpc_strfree(callInfoP->completionArgs.methodName);
Error: GCC_ANALYZER_WARNING (CWE-476):
xmlrpc-c-1.59.03/src/xmlrpc_client.c: scope_hint: In function ‘callInfoDestroy’
xmlrpc-c-1.59.03/src/xmlrpc_client.c:903:18: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘callInfoP’
xmlrpc-c-1.59.03/src/xmlrpc_client.c:19: included_from: Included from here.
xmlrpc-c-1.59.03/src/xmlrpc_client.c:874:5: note: in expansion of macro ‘MALLOCVAR’
# 901| XMLRPC_ASSERT_PTR_OK(callInfoP);
# 902|
# 903|-> if (callInfoP->completionFn) {
# 904| xmlrpc_DECREF(callInfoP->completionArgs.paramArrayP);
# 905| xmlrpc_strfree(callInfoP->completionArgs.methodName);
Error: GCC_ANALYZER_WARNING (CWE-416):
xmlrpc-c-1.59.03/src/xmlrpc_client.c:903:18: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘callInfoP’
xmlrpc-c-1.59.03/src/xmlrpc_client.c:874:5: note: in expansion of macro ‘MALLOCVAR’
# 901| XMLRPC_ASSERT_PTR_OK(callInfoP);
# 902|
# 903|-> if (callInfoP->completionFn) {
# 904| xmlrpc_DECREF(callInfoP->completionArgs.paramArrayP);
# 905| xmlrpc_strfree(callInfoP->completionArgs.methodName);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_client.c:994:5: warning[core.CallAndMessage]: 6th function call argument is an uninitialized value
# 992| }
# 993| /* Call the user's completion function with the RPC result */
# 994|-> (*callInfoP->completionFn)(callInfoP->completionArgs.serverUrl,
# 995| callInfoP->completionArgs.methodName,
# 996| callInfoP->completionArgs.paramArrayP,
Error: GCC_ANALYZER_WARNING (CWE-476):
xmlrpc-c-1.59.03/src/xmlrpc_client.c: scope_hint: In function ‘xmlrpc_client_start_rpc’
xmlrpc-c-1.59.03/src/xmlrpc_client.c:1054:49: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘callInfoP’
xmlrpc-c-1.59.03/include/xmlrpc-c/util.h:275:28: note: in definition of macro ‘XMLRPC_MEMBLOCK_SIZE’
xmlrpc-c-1.59.03/src/xmlrpc_client.c:874:5: note: in expansion of macro ‘MALLOCVAR’
xmlrpc-c-1.59.03/include/xmlrpc-c/util.h:275:28: note: in definition of macro ‘XMLRPC_MEMBLOCK_SIZE’
xmlrpc-c-1.59.03/include/xmlrpc-c/util.h:275:28: note: in definition of macro ‘XMLRPC_MEMBLOCK_SIZE’
# 1052| "XML-RPC CALL",
# 1053| XMLRPC_MEMBLOCK_CONTENTS(char, callInfoP->serialized_xml),
# 1054|-> XMLRPC_MEMBLOCK_SIZE(char, callInfoP->serialized_xml));
# 1055|
# 1056| clientP->transportOps.send_request(
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_client.c:1063:9: warning[unix.Malloc]: Use of memory after it is freed
# 1061| }
# 1062| if (envP->fault_occurred)
# 1063|-> callInfoDestroy(callInfoP);
# 1064| else {
# 1065| /* asynchComplete() will destroy *callInfoP */
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_client.c:1094:9: warning[core.CallAndMessage]: 5th function call argument is an uninitialized value
# 1092|
# 1093| if (!envP->fault_occurred) {
# 1094|-> xmlrpc_client_start_rpc(envP, clientP,
# 1095| serverInfoP, methodName, paramArrayP,
# 1096| responseHandler, userHandle);
Error: CPPCHECK_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_client_global.c:146: warning[uninitvar]: Uninitialized variable: resultP
# 144| va_end(args);
# 145| }
# 146|-> return resultP;
# 147| }
# 148|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_client_global.c:146:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 144| va_end(args);
# 145| }
# 146|-> return resultP;
# 147| }
# 148|
Error: CPPCHECK_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_client_global.c:171: warning[uninitvar]: Uninitialized variable: resultP
# 169| va_end(args);
# 170| }
# 171|-> return resultP;
# 172| }
# 173|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_client_global.c:171:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 169| va_end(args);
# 170| }
# 171|-> return resultP;
# 172| }
# 173|
Error: CPPCHECK_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_client_global.c:192: warning[uninitvar]: Uninitialized variable: resultP
# 190| &resultP);
# 191|
# 192|-> return resultP;
# 193| }
# 194|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_client_global.c:192:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 190| &resultP);
# 191|
# 192|-> return resultP;
# 193| }
# 194|
Error: CPPCHECK_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_client_global.c:220: warning[uninitvar]: Uninitialized variable: resultP
# 218| }
# 219| }
# 220|-> return resultP;
# 221| }
# 222|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_client_global.c:220:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 218| }
# 219| }
# 220|-> return resultP;
# 221| }
# 222|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_client_global.c:333:9: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 331| validateGlobalClientExists(&env);
# 332|
# 333|-> if (!env.fault_occurred) {
# 334| va_list args;
# 335|
Error: GCC_ANALYZER_WARNING (CWE-476):
xmlrpc-c-1.59.03/src/xmlrpc_data.c: scope_hint: In function ‘xmlrpc_int_new’
xmlrpc-c-1.59.03/src/xmlrpc_data.c:441:24: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 439|
# 440| if (!envP->fault_occurred) {
# 441|-> valP->_type = XMLRPC_TYPE_INT;
# 442| valP->_value.i = value;
# 443| }
Error: GCC_ANALYZER_WARNING (CWE-476):
xmlrpc-c-1.59.03/src/xmlrpc_data.c: scope_hint: In function ‘xmlrpc_i8_new’
xmlrpc-c-1.59.03/src/xmlrpc_data.c:477:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 475|
# 476| if (!envP->fault_occurred) {
# 477|-> valP->_type = XMLRPC_TYPE_I8;
# 478| valP->_value.i8 = value;
# 479| }
Error: GCC_ANALYZER_WARNING (CWE-476):
xmlrpc-c-1.59.03/src/xmlrpc_data.c: scope_hint: In function ‘xmlrpc_bool_new’
xmlrpc-c-1.59.03/src/xmlrpc_data.c:513:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 511|
# 512| if (!envP->fault_occurred) {
# 513|-> valP->_type = XMLRPC_TYPE_BOOL;
# 514| valP->_value.b = value;
# 515| }
Error: GCC_ANALYZER_WARNING (CWE-476):
xmlrpc-c-1.59.03/src/xmlrpc_data.c: scope_hint: In function ‘xmlrpc_double_new.part.0’
xmlrpc-c-1.59.03/src/xmlrpc_data.c:554:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 552|
# 553| if (!envP->fault_occurred) {
# 554|-> valP->_type = XMLRPC_TYPE_DOUBLE;
# 555| valP->_value.d = value;
# 556| }
Error: GCC_ANALYZER_WARNING (CWE-476):
xmlrpc-c-1.59.03/src/xmlrpc_data.c: scope_hint: In function ‘xmlrpc_base64_new’
xmlrpc-c-1.59.03/src/xmlrpc_data.c:593:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 591|
# 592| if (!envP->fault_occurred) {
# 593|-> valP->_type = XMLRPC_TYPE_BASE64;
# 594|
# 595| valP->blockP = xmlrpc_mem_block_new(envP, length);
Error: CPPCHECK_WARNING (CWE-672):
xmlrpc-c-1.59.03/src/xmlrpc_data.c:604: error[deallocret]: Returning/dereferencing 'valP' after it is deallocated / released
# 602| free(valP);
# 603| }
# 604|-> return valP;
# 605| }
# 606|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_data.c:604:5: warning[unix.Malloc]: Use of memory after it is freed
# 602| free(valP);
# 603| }
# 604|-> return valP;
# 605| }
# 606|
Error: GCC_ANALYZER_WARNING (CWE-476):
xmlrpc-c-1.59.03/src/xmlrpc_data.c: scope_hint: In function ‘xmlrpc_cptr_new_dtor’
xmlrpc-c-1.59.03/src/xmlrpc_data.c:654:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 652|
# 653| if (!envP->fault_occurred) {
# 654|-> valP->_type = XMLRPC_TYPE_C_PTR;
# 655| valP->_value.cptr.objectP = value;
# 656| valP->_value.cptr.dtor = dtor;
Error: GCC_ANALYZER_WARNING (CWE-476):
xmlrpc-c-1.59.03/src/xmlrpc_data.c: scope_hint: In function ‘xmlrpc_nil_new’
xmlrpc-c-1.59.03/src/xmlrpc_data.c:691:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 689| xmlrpc_createXmlrpcValue(envP, &valP);
# 690| if (!envP->fault_occurred)
# 691|-> valP->_type = XMLRPC_TYPE_NIL;
# 692|
# 693| return valP;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:151:13: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 149| char dtString[64];
# 150|
# 151|-> xmlrpc_gmtime(secs, &brokenTime);
# 152|
# 153| /* Note that this format is NOT ISO 8601 -- it's a bizarre
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:159:23: warning[core.UndefinedBinaryOperatorResult]: The left operand of '!=' is a garbage value
# 157| &brokenTime);
# 158|
# 159|-> if (usecs != 0) {
# 160| char usecString[32];
# 161| assert(usecs < 1000000);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:274:25: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 272| xmlrpc_read_datetime_usec(envP, valueP, &secs, &usecs);
# 273|
# 274|-> timeValueP->tv_sec = secs;
# 275| timeValueP->tv_usec = usecs;
# 276| }
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:275:25: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 273|
# 274| timeValueP->tv_sec = secs;
# 275|-> timeValueP->tv_usec = usecs;
# 276| }
# 277| #endif
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:293:25: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 291| xmlrpc_read_datetime_usec(envP, valueP, &secs, &usecs);
# 292|
# 293|-> timeValueP->tv_sec = secs;
# 294| timeValueP->tv_nsec = usecs * 1000;
# 295| }
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:294:33: warning[core.UndefinedBinaryOperatorResult]: The left operand of '*' is a garbage value
# 292|
# 293| timeValueP->tv_sec = secs;
# 294|-> timeValueP->tv_nsec = usecs * 1000;
# 295| }
# 296| #endif
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:376:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 374| free(readBufferP);
# 375| }
# 376|-> return valP;
# 377| }
# 378|
Error: CPPCHECK_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:571: error[legacyUninitvar]: Uninitialized variable: retval
# 569| }
# 570|
# 571|-> return retval;
# 572| }
# 573|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:571:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 569| }
# 570|
# 571|-> return retval;
# 572| }
# 573|
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c: scope_hint: In function ‘xmlrpc_datetime_new_str’
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:571:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘retval’
# 569| }
# 570|
# 571|-> return retval;
# 572| }
# 573|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c: scope_hint: In function ‘xmlrpc_datetime_new_str’
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:571:12: warning[-Wmaybe-uninitialized]: ‘retval’ may be used uninitialized
# 571 | return retval;
# | ^~~~~~
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:554:20: note: ‘retval’ was declared here
# 554 | xmlrpc_value * retval;
# | ^~~~~~
# 569| }
# 570|
# 571|-> return retval;
# 572| }
# 573|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:606:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 604| valueP = xmlrpc_datetime_new(envP, dt);
# 605| }
# 606|-> return valueP;
# 607| }
# 608|
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c: scope_hint: In function ‘xmlrpc_datetime_new_usec’
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:606:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘valueP’
# 604| valueP = xmlrpc_datetime_new(envP, dt);
# 605| }
# 606|-> return valueP;
# 607| }
# 608|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c: scope_hint: In function ‘xmlrpc_datetime_new_usec’
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:606:12: warning[-Wmaybe-uninitialized]: ‘valueP’ may be used uninitialized
# 606 | return valueP;
# | ^~~~~~
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:585:20: note: ‘valueP’ was declared here
# 585 | xmlrpc_value * valueP;
# | ^~~~~~
# 604| valueP = xmlrpc_datetime_new(envP, dt);
# 605| }
# 606|-> return valueP;
# 607| }
# 608|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c: scope_hint: In function ‘xmlrpc_datetime_new_timeval’
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:626:12: warning[-Wmaybe-uninitialized]: ‘valueP’ may be used uninitialized
# 626 | return xmlrpc_datetime_new_usec(envP, value.tv_sec, value.tv_usec);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:585:20: note: ‘valueP’ was declared here
# 585 | xmlrpc_value * valueP;
# | ^~~~~~
# 624| struct timeval const value) {
# 625|
# 626|-> return xmlrpc_datetime_new_usec(envP, value.tv_sec, value.tv_usec);
# 627| }
# 628| #endif
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c: scope_hint: In function ‘xmlrpc_datetime_new_timespec’
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:638:12: warning[-Wmaybe-uninitialized]: ‘valueP’ may be used uninitialized
# 638 | return xmlrpc_datetime_new_usec(envP, value.tv_sec, value.tv_nsec/1000);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/src/xmlrpc_datetime.c:585:20: note: ‘valueP’ was declared here
# 585 | xmlrpc_value * valueP;
# | ^~~~~~
# 636| struct timespec const value) {
# 637|
# 638|-> return xmlrpc_datetime_new_usec(envP, value.tv_sec, value.tv_nsec/1000);
# 639| }
# 640| #endif
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_decompose.c:726:64: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 724|
# 725| if (!envP->fault_occurred)
# 726|-> decompNodeP->store.Tarray.itemArray[itemCnt++] = itemNodeP;
# 727| }
# 728| }
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_decompose.c: scope_hint: In function ‘doStructValue’
xmlrpc-c-1.59.03/src/xmlrpc_decompose.c:757:27: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘valueNodeP’
# 755|
# 756| if (!envP->fault_occurred)
# 757|-> mbrP->decompTreeP = valueNodeP;
# 758| }
# 759|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_decompose.c:1064:13: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 1062|
# 1063| if (envP->fault_occurred)
# 1064|-> destroyDecompTree(decompRootP);
# 1065| }
# 1066| *decompRootPP = decompRootP;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_decompose.c:1066:19: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 1064| destroyDecompTree(decompRootP);
# 1065| }
# 1066|-> *decompRootPP = decompRootP;
# 1067| }
# 1068|
Error: COMPILER_WARNING (CWE-563):
xmlrpc-c-1.59.03/src/xmlrpc_expat.c: scope_hint: In function ‘xml_init’
xmlrpc-c-1.59.03/src/xmlrpc_expat.c:47:29: warning[-Wunused-parameter]: unused parameter ‘envP’
# 47 | xml_init(xmlrpc_env * const envP) {
# | ~~~~~~~~~~~~~~~~~~~^~~~
# 45|
# 46| void
# 47|-> xml_init(xmlrpc_env * const envP) {
# 48|
# 49| XMLRPC_ASSERT_ENV_OK(envP);
Error: GCC_ANALYZER_WARNING (CWE-476):
xmlrpc-c-1.59.03/src/xmlrpc_expat.c: scope_hint: In function ‘xml_element_free’
xmlrpc-c-1.59.03/src/xmlrpc_expat.c:132:5: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘elemP’
xmlrpc-c-1.59.03/include/xmlrpc-c/base.h:11: included_from: Included from here.
xmlrpc-c-1.59.03/src/xmlrpc_expat.c:13: included_from: Included from here.
xmlrpc-c-1.59.03/src/xmlrpc_expat.c:80:5: note: in expansion of macro ‘XMLRPC_FAIL_IF_NULL’
xmlrpc-c-1.59.03/src/xmlrpc_expat.c:80:5: note: in expansion of macro ‘XMLRPC_FAIL_IF_NULL’
xmlrpc-c-1.59.03/include/xmlrpc-c/util.h:226:13: note: in expansion of macro ‘XMLRPC_FAIL’
xmlrpc-c-1.59.03/src/xmlrpc_expat.c:80:5: note: in expansion of macro ‘XMLRPC_FAIL_IF_NULL’
# 130| XMLRPC_ASSERT_ELEM_OK(elemP);
# 131|
# 132|-> xmlrpc_strfree(elemP->name);
# 133| elemP->name = XMLRPC_BAD_POINTER;
# 134|
Error: GCC_ANALYZER_WARNING (CWE-416):
xmlrpc-c-1.59.03/src/xmlrpc_expat.c:132:5: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘elemP’
xmlrpc-c-1.59.03/src/xmlrpc_expat.c:80:5: note: in expansion of macro ‘XMLRPC_FAIL_IF_NULL’
xmlrpc-c-1.59.03/src/xmlrpc_expat.c:144:5: note: in expansion of macro ‘XMLRPC_MEMBLOCK_FREE’
# 130| XMLRPC_ASSERT_ELEM_OK(elemP);
# 131|
# 132|-> xmlrpc_strfree(elemP->name);
# 133| elemP->name = XMLRPC_BAD_POINTER;
# 134|
Error: GCC_ANALYZER_WARNING (CWE-476):
xmlrpc-c-1.59.03/src/xmlrpc_expat.c: scope_hint: In function ‘xml_element_append_child’
xmlrpc-c-1.59.03/src/xmlrpc_expat.c:242:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 240| XMLRPC_MEMBLOCK_APPEND(xml_element *, envP, elemP->childrenP, &childP, 1);
# 241| if (!envP->fault_occurred)
# 242|-> childP->parentP = elemP;
# 243| else
# 244| xml_element_free(childP);
Error: GCC_ANALYZER_WARNING (CWE-401):
xmlrpc-c-1.59.03/src/xmlrpc_expat.c: scope_hint: In function ‘startElement.part.0’
xmlrpc-c-1.59.03/src/xmlrpc_expat.c:305:27: warning[-Wanalyzer-malloc-leak]: leak of ‘xmlElementNew(&*(ParseContext *)userData.env, name)’
xmlrpc-c-1.59.03/src/xmlrpc_expat.c:80:5: note: in expansion of macro ‘XMLRPC_FAIL_IF_NULL’
xmlrpc-c-1.59.03/src/xmlrpc_expat.c:80:5: note: in expansion of macro ‘XMLRPC_FAIL_IF_NULL’
# 303|
# 304| elemP = xmlElementNew(&contextP->env, name);
# 305|-> if (!contextP->env.fault_occurred) {
# 306| XMLRPC_ASSERT(elemP != NULL);
# 307|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_expat.c:495:17: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 493| envP, XMLRPC_PARSE_ERROR,
# 494| xmlrpc_XML_GetErrorString(parser));
# 495|-> if (!context.env.fault_occurred) {
# 496| /* Have to clean up what our handlers built before Expat
# 497| barfed.
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_expat.c:507:17: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 505| such a problem in *contextP.
# 506| */
# 507|-> if (context.env.fault_occurred)
# 508| xmlrpc_env_set_fault_formatted(
# 509| envP, context.env.fault_code,
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_parse.c:656:13: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 654| retval = NULL;
# 655| else {
# 656|-> if (faultString) {
# 657| xmlrpc_env_set_fault(envP, faultCode, faultString);
# 658| xmlrpc_strfree(faultString);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_parse.c:661:20: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 659| retval = NULL;
# 660| } else
# 661|-> retval = result; /* transfer reference */
# 662| }
# 663| return retval;
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c:161:22: warning[-Wmaybe-uninitialized]: ‘xmlProcessorMaxStackSize’ may be used uninitialized
# 161 | size_t const stackSize =
# | ^~~~~~~~~
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c: scope_hint: In function ‘xmlrpc_server_abyss_set_handler3’
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c:219:12: note: ‘xmlProcessorMaxStackSize’ was declared here
# 219 | size_t xmlProcessorMaxStackSize;
# | ^~~~~~~~~~~~~~~~~~~~~~~~
# 159|
# 160| {
# 161|-> size_t const stackSize =
# 162| xmlrpc_abyss_handler_stacksize() + xmlProcessorMaxStackSize;
# 163| struct ServerReqHandler3 const handlerDesc = {
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c:194:12: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 192|
# 193| if (parmSize >= XMLRPC_AHPSIZE(access_ctl_expires)
# 194|-> && parmsP->access_ctl_expires) {
# 195| expires = true;
# 196|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c:251:13: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 249|
# 250| if (parmSize >= XMLRPC_AHPSIZE(chunk_response) &&
# 251|-> parmsP->chunk_response)
# 252| uriHandlerXmlrpcP->chunkResponse = parmsP->chunk_response;
# 253| else
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c:263:9: warning[core.CallAndMessage]: 4th function call argument is an uninitialized value
# 261| }
# 262| if (!envP->fault_occurred)
# 263|-> setHandler(envP, srvP, uriHandlerXmlrpcP, xmlProcessorMaxStackSize);
# 264|
# 265| if (envP->fault_occurred)
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c:461:8: warning[-Wmaybe-uninitialized]: ‘sockAddrP’ may be used uninitialized
# 461 | if (*sockAddrPP == NULL) {
# | ^
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c: scope_hint: In function ‘xmlrpc_server_abyss_create’
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c:649:29: note: ‘sockAddrP’ was declared here
# 649 | const struct sockaddr * sockAddrP;
# | ^~~~~~~~~
# 459| *sockAddrPP = NULL;
# 460|
# 461|-> if (*sockAddrPP == NULL) {
# 462| unsigned int portNumber;
# 463|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c:529:5: warning[-Wmaybe-uninitialized]: ‘socketFd’ may be used uninitialized
# 529 | ChanSwitchUnixCreateFd(socketFd, chanSwitchPP, errorP);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c: scope_hint: In function ‘xmlrpc_server_abyss_create’
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c:652:15: note: ‘socketFd’ was declared here
# 652 | TOsSocket socketFd;
# | ^~~~~~~~
# 527| ChanSwitchWinCreateWinsock(socketFd, chanSwitchPP, errorP);
# 528| #else
# 529|-> ChanSwitchUnixCreateFd(socketFd, chanSwitchPP, errorP);
# 530| #endif
# 531|
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c:565:5: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘protocolFamily’
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c: scope_hint: In function ‘createChanSwitchSockAddr’
# 563| chanSwitchPP, errorP);
# 564| #else
# 565|-> ChanSwitchUnixCreate2(protocolFamily, sockAddrP, sockAddrLen,
# 566| chanSwitchPP, errorP);
# 567| #endif
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c:565:5: warning[-Wmaybe-uninitialized]: ‘protocolFamily’ may be used uninitialized
# 565 | ChanSwitchUnixCreate2(protocolFamily, sockAddrP, sockAddrLen,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 566 | chanSwitchPP, errorP);
# | ~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c: scope_hint: In function ‘xmlrpc_server_abyss_create’
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c:579:9: note: ‘protocolFamily’ was declared here
# 579 | int protocolFamily;
# | ^~~~~~~~~~~~~~
# 563| chanSwitchPP, errorP);
# 564| #else
# 565|-> ChanSwitchUnixCreate2(protocolFamily, sockAddrP, sockAddrLen,
# 566| chanSwitchPP, errorP);
# 567| #endif
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c:565:5: warning[-Wmaybe-uninitialized]: ‘sockAddrLen’ may be used uninitialized
# 565 | ChanSwitchUnixCreate2(protocolFamily, sockAddrP, sockAddrLen,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 566 | chanSwitchPP, errorP);
# | ~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c: scope_hint: In function ‘xmlrpc_server_abyss_create’
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c:650:15: note: ‘sockAddrLen’ was declared here
# 650 | socklen_t sockAddrLen;
# | ^~~~~~~~~~~
# 563| chanSwitchPP, errorP);
# 564| #else
# 565|-> ChanSwitchUnixCreate2(protocolFamily, sockAddrP, sockAddrLen,
# 566| chanSwitchPP, errorP);
# 567| #endif
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c:599:9: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 597| const char * error;
# 598|
# 599|-> chanSwitchCreateSockAddr(protocolFamily, sockAddrP, sockAddrLen,
# 600| chanSwitchPP, &error);
# 601|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c:885:1: warning[unix.Malloc]: Potential leak of memory pointed to by 'serverP'
# 883| }
# 884| }
# 885|-> }
# 886|
# 887|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_server_abyss.c:1161:9: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
# 1159| xmlrpc_server_abyss_sig * oldHandlersP;
# 1160|
# 1161|-> xmlrpc_server_abyss_setup_sig(envP, serverP, &oldHandlersP);
# 1162|
# 1163| if (!envP->fault_occurred) {
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_server_cgi.c:213:38: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 211| if (!type || !xmlrpc_strneq(type, "text/xml", strlen("text/xml"))) {
# 212| char *template = "Expected content type: \"text/xml\", received: \"%s\"";
# 213|-> size_t err_len = strlen(template) + strlen(type) + 1;
# 214| char *err = malloc(err_len);
# 215|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_server_cgi.c:258:9: warning[unix.Malloc]: Potential leak of memory pointed to by 'err'
# 256|
# 257| cleanup:
# 258|-> if (input)
# 259| xmlrpc_mem_block_free(input);
# 260| if (output)
Error: GCC_ANALYZER_WARNING (CWE-401):
xmlrpc-c-1.59.03/src/xmlrpc_server_info.c: scope_hint: In function ‘xmlrpc_server_info_new’
xmlrpc-c-1.59.03/src/xmlrpc_server_info.c:61:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
# 59| }
# 60| if (envP->fault_occurred)
# 61|-> free(serverInfoP);
# 62| }
# 63| return serverInfoP;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_server_info.c:63:5: warning[unix.Malloc]: Use of memory after it is freed
# 61| free(serverInfoP);
# 62| }
# 63|-> return serverInfoP;
# 64| }
# 65|
Error: GCC_ANALYZER_WARNING (CWE-401):
xmlrpc-c-1.59.03/src/xmlrpc_server_info.c: scope_hint: In function ‘xmlrpc_server_info_copy’
xmlrpc-c-1.59.03/src/xmlrpc_server_info.c:165:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
# 163|
# 164| if (envP->fault_occurred)
# 165|-> free(serverInfoP);
# 166| }
# 167| return serverInfoP;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_server_info.c:167:5: warning[unix.Malloc]: Use of memory after it is freed
# 165| free(serverInfoP);
# 166| }
# 167|-> return serverInfoP;
# 168| }
# 169|
Error: GCC_ANALYZER_WARNING (CWE-122):
xmlrpc-c-1.59.03/src/xmlrpc_string.c: scope_hint: In function ‘copyAndConvertLfToCrlf’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:201:22: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
xmlrpc-c-1.59.03/include/xmlrpc-c/base.h:11: included_from: Included from here.
xmlrpc-c-1.59.03/src/xmlrpc_string.c:22: included_from: Included from here.
xmlrpc-c-1.59.03/include/xmlrpc-c/util.h:275:28: note: in definition of macro ‘XMLRPC_MEMBLOCK_SIZE’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:20: included_from: Included from here.
xmlrpc-c-1.59.03/src/xmlrpc_string.c:191:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:191:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:201:22: note: write of 1 byte to beyond the end of the region
# 199| for (p = &src[0], q = &dst[0]; p < srcEnd; ++p) {
# 200| if (*p == '\n')
# 201|-> *q++ = '\r';
# 202|
# 203| *q++ = *p;
Error: GCC_ANALYZER_WARNING (CWE-122):
xmlrpc-c-1.59.03/src/xmlrpc_string.c:203:18: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
xmlrpc-c-1.59.03/include/xmlrpc-c/util.h:275:28: note: in definition of macro ‘XMLRPC_MEMBLOCK_SIZE’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:191:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:191:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:203:18: note: write of 1 byte to beyond the end of the region
# 201| *q++ = '\r';
# 202|
# 203|-> *q++ = *p;
# 204| }
# 205| XMLRPC_ASSERT(q == dst + dstLen);
Error: GCC_ANALYZER_WARNING (CWE-122):
xmlrpc-c-1.59.03/src/xmlrpc_string.c:207:12: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
xmlrpc-c-1.59.03/include/xmlrpc-c/util.h:275:28: note: in definition of macro ‘XMLRPC_MEMBLOCK_SIZE’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:191:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:191:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:207:12: note: write of 1 byte to beyond the end of the region
# 205| XMLRPC_ASSERT(q == dst + dstLen);
# 206|
# 207|-> *q = '\0';
# 208|
# 209| *dstP = dst;
Error: GCC_ANALYZER_WARNING (CWE-131):
xmlrpc-c-1.59.03/src/xmlrpc_string.c:392:27: warning[-Wanalyzer-allocation-size]: allocated buffer size is not a multiple of the pointee's size
xmlrpc-c-1.59.03/src/xmlrpc_string.c:384:9: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:384:9: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:384:9: note: in expansion of macro ‘MALLOCARRAY’
# 390| stringValue[length] = '\0';
# 391|
# 392|-> *stringValueP = stringValue;
# 393| }
# 394| }
Error: GCC_ANALYZER_WARNING (CWE-122):
xmlrpc-c-1.59.03/src/xmlrpc_string.c:445:22: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
xmlrpc-c-1.59.03/src/xmlrpc_string.c:435:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:435:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:445:22: note: write of 3 bytes to beyond the end of the region
# 443| for (p = &src[0], q = &dst[0]; p < srcEnd; ++p) {
# 444| if (*p == '\n')
# 445|-> *q++ = '\r';
# 446|
# 447| *q++ = *p;
Error: GCC_ANALYZER_WARNING (CWE-122):
xmlrpc-c-1.59.03/src/xmlrpc_string.c:447:18: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
xmlrpc-c-1.59.03/src/xmlrpc_string.c:435:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:435:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:447:18: note: write of 3 bytes to beyond the end of the region
# 445| *q++ = '\r';
# 446|
# 447|-> *q++ = *p;
# 448| }
# 449| XMLRPC_ASSERT(q == dst + dstLen);
Error: GCC_ANALYZER_WARNING (CWE-122):
xmlrpc-c-1.59.03/src/xmlrpc_string.c:451:12: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
xmlrpc-c-1.59.03/src/xmlrpc_string.c:435:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:435:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:451:12: note: write of 3 bytes to beyond the end of the region
# 449| XMLRPC_ASSERT(q == dst + dstLen);
# 450|
# 451|-> *q = '\0';
# 452|
# 453| *dstP = dst;
Error: GCC_ANALYZER_WARNING (CWE-131):
xmlrpc-c-1.59.03/src/xmlrpc_string.c:453:18: warning[-Wanalyzer-allocation-size]: allocated buffer size is not a multiple of the pointee's size
xmlrpc-c-1.59.03/src/xmlrpc_string.c:435:5: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:435:5: note: in expansion of macro ‘MALLOCARRAY’
# 451| *q = '\0';
# 452|
# 453|-> *dstP = dst;
# 454| *dstLenP = dstLen;
# 455| }
Error: GCC_ANALYZER_WARNING (CWE-131):
xmlrpc-c-1.59.03/src/xmlrpc_string.c:522:31: warning[-Wanalyzer-allocation-size]: allocated buffer size is not a multiple of the pointee's size
xmlrpc-c-1.59.03/src/xmlrpc_string.c: scope_hint: In function ‘xmlrpc_read_string_w_lp’
xmlrpc-c-1.59.03/include/xmlrpc-c/util.h:277:40: note: in definition of macro ‘XMLRPC_MEMBLOCK_CONTENTS’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:513:13: note: in expansion of macro ‘MALLOCARRAY’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:513:13: note: in expansion of macro ‘MALLOCARRAY’
# 520|
# 521| *lengthP = size - 1; /* size includes terminating NUL */
# 522|-> *stringValueP = stringValue;
# 523| }
# 524| }
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_string.c:784:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 782| xmlrpc_value * retval;
# 783| stringNew(envP, length, value, CR_IS_LINEDELIM, &retval);
# 784|-> return retval;
# 785| }
# 786|
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_string.c: scope_hint: In function ‘xmlrpc_string_new_lp’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:784:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘retval’
# 782| xmlrpc_value * retval;
# 783| stringNew(envP, length, value, CR_IS_LINEDELIM, &retval);
# 784|-> return retval;
# 785| }
# 786|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_string.c:796:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 794| xmlrpc_value * retval;
# 795| stringNew(envP, length, value, CR_IS_CHAR, &retval);
# 796|-> return retval;
# 797| }
# 798|
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_string.c: scope_hint: In function ‘xmlrpc_string_new_lp_cr’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:796:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘retval’
# 794| xmlrpc_value * retval;
# 795| stringNew(envP, length, value, CR_IS_CHAR, &retval);
# 796|-> return retval;
# 797| }
# 798|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_string.c:807:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 805| xmlrpc_value * retval;
# 806| stringNew(envP, strlen(value), value, CR_IS_LINEDELIM, &retval);
# 807|-> return retval;
# 808| }
# 809|
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_string.c: scope_hint: In function ‘xmlrpc_string_new’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:807:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘retval’
# 805| xmlrpc_value * retval;
# 806| stringNew(envP, strlen(value), value, CR_IS_LINEDELIM, &retval);
# 807|-> return retval;
# 808| }
# 809|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_string.c:818:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 816| xmlrpc_value * retval;
# 817| stringNew(envP, strlen(value), value, CR_IS_CHAR, &retval);
# 818|-> return retval;
# 819| }
# 820|
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_string.c: scope_hint: In function ‘xmlrpc_string_new_cr’
xmlrpc-c-1.59.03/src/xmlrpc_string.c:818:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘retval’
# 816| xmlrpc_value * retval;
# 817| stringNew(envP, strlen(value), value, CR_IS_CHAR, &retval);
# 818|-> return retval;
# 819| }
# 820|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_string.c:901:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 899| xmlrpc_value * valP;
# 900| stringWNew(envP, length, value, CR_IS_LINEDELIM, &valP);
# 901|-> return valP;
# 902| }
# 903|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_string.c:914:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 912| xmlrpc_value * valP;
# 913| stringWNew(envP, length, value, CR_IS_CHAR, &valP);
# 914|-> return valP;
# 915| }
# 916|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_string.c:926:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 924| xmlrpc_value * valP;
# 925| stringWNew(envP, wcslen(value), value, CR_IS_LINEDELIM, &valP);
# 926|-> return valP;
# 927| }
# 928|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_string.c:937:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 935| xmlrpc_value * valP;
# 936| stringWNew(envP, wcslen(value), value, CR_IS_CHAR, &valP);
# 937|-> return valP;
# 938| }
# 939|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_struct.c:139:5: warning[unix.Malloc]: Use of memory after it is freed
# 137| free(valP);
# 138| }
# 139|-> return valP;
# 140| }
# 141|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_struct.c:195:17: warning[unix.Malloc]: Attempt to free released memory
# 193|
# 194| if (envP->fault_occurred)
# 195|-> free(structP);
# 196| }
# 197| }
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_struct.c:198:5: warning[unix.Malloc]: Use of memory after it is freed
# 196| }
# 197| }
# 198|-> return structP;
# 199| }
# 200|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_struct.c:498:24: warning[core.UndefinedBinaryOperatorResult]: The left operand of '==' is a garbage value
# 496|
# 497| if (!envP->fault_occurred) {
# 498|-> if (retval == NULL) {
# 499| xmlrpc_env_set_fault_formatted(
# 500| envP, XMLRPC_INDEX_ERROR,
Error: CPPCHECK_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_struct.c:511: error[legacyUninitvar]: Uninitialized variable: retval
# 509| xmlrpc_DECREF(keyP);
# 510| }
# 511|-> return retval;
# 512| }
# 513|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/src/xmlrpc_struct.c:511:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 509| xmlrpc_DECREF(keyP);
# 510| }
# 511|-> return retval;
# 512| }
# 513|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/src/xmlrpc_struct.c: scope_hint: In function ‘xmlrpc_struct_get_value_n’
xmlrpc-c-1.59.03/src/xmlrpc_struct.c:511:12: warning[-Wmaybe-uninitialized]: ‘retval’ may be used uninitialized
# 511 | return retval;
# | ^~~~~~
xmlrpc-c-1.59.03/src/xmlrpc_struct.c:490:20: note: ‘retval’ declared here
# 490 | xmlrpc_value * retval;
# | ^~~~~~
# 509| xmlrpc_DECREF(keyP);
# 510| }
# 511|-> return retval;
# 512| }
# 513|
Error: GCC_ANALYZER_WARNING (CWE-688):
xmlrpc-c-1.59.03/tools/lib/dumpvalue.c: scope_hint: In function ‘dumpStructMember’
xmlrpc-c-1.59.03/tools/lib/dumpvalue.c:318:32: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘prefix’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 316| printf("Unable to get struct member %u\n", index);
# 317| else {
# 318|-> int const blankCount = strlen(prefix);
# 319| const char * prefix2;
# 320| const char * blankPrefix;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/tools/lib/dumpvalue.c:359:39: warning[unix.Malloc]: Potential leak of memory pointed to by 'prefix1'
# 357| printf("%sStruct of %u members:\n", prefix, structSize);
# 358|
# 359|-> for (i = 0; i < structSize; ++i) {
# 360| const char * prefix1;
# 361|
Error: GCC_ANALYZER_WARNING (CWE-401):
xmlrpc-c-1.59.03/tools/lib/dumpvalue.c: scope_hint: In function ‘dumpStruct’
xmlrpc-c-1.59.03/tools/lib/dumpvalue.c:374:1: warning[-Wanalyzer-malloc-leak]: leak of ‘prefix1’
# 372| }
# 373| xmlrpc_env_clean(&env);
# 374|-> }
# 375|
# 376|
Error: COMPILER_WARNING:
xmlrpc-c-1.59.03/tools/lib/dumpvalue.c: scope_hint: In function ‘dumpI8’
xmlrpc-c-1.59.03/tools/lib/dumpvalue.c:438:16: warning[-Wformat=]: format ‘%lld’ expects argument of type ‘long long int’, but argument 3 has type ‘xmlrpc_int64’ {aka ‘long int’}
# 438 | printf("%s64-bit integer: %" XMLRPC_PRId64 "\n", prefix, value);
# | ^~~~~~~~~~~~~~~~~~~~~ ~~~~~
# | |
# | xmlrpc_int64 {aka long int}
xmlrpc-c-1.59.03/include/xmlrpc-c/util.h:23: included_from: Included from here.
xmlrpc-c-1.59.03/include/xmlrpc-c/base.h:11: included_from: Included from here.
xmlrpc-c-1.59.03/tools/lib/dumpvalue.c:19: included_from: Included from here.
xmlrpc-c-1.59.03/include/xmlrpc-c/config.h:40:28: note: format string is defined here
# 40 | #define XMLRPC_PRId64 "lld"
# 436| (unsigned long)valueP, env.fault_string);
# 437| else
# 438|-> printf("%s64-bit integer: %" XMLRPC_PRId64 "\n", prefix, value);
# 439|
# 440| xmlrpc_env_clean(&env);
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:237:9: warning[-Wmaybe-uninitialized]: ‘cmdline.url’ may be used uninitialized
# 237 | if (strstr(urlArg, "://") != 0)
# | ^~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c: scope_hint: In function ‘main’
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:904:24: note: ‘cmdline.url’ was declared here
# 904 | struct cmdlineInfo cmdline;
# | ^~~~~~~
# 235| const char ** const urlP) {
# 236|
# 237|-> if (strstr(urlArg, "://") != 0)
# 238| casprintf(urlP, "%s", urlArg);
# 239| else
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c: scope_hint: In function ‘getDelimiter’
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:286:31: warning[-Wmaybe-uninitialized]: ‘tokenType’ may be used uninitialized
# 286 | if (!envP->fault_occurred && tokenType != END)
# | ~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:270:20: note: ‘tokenType’ was declared here
# 270 | enum TokenType tokenType;
# | ^~~~~~~~~
# 284| }
# 285|
# 286|-> if (!envP->fault_occurred && tokenType != END)
# 287| ++cursor;
# 288|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:286:44: warning[core.UndefinedBinaryOperatorResult]: The left operand of '!=' is a garbage value
# 284| }
# 285|
# 286|-> if (!envP->fault_occurred && tokenType != END)
# 287| ++cursor;
# 288|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:290:12: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 288|
# 289| *cursorP = cursor;
# 290|-> *typeP = tokenType;
# 291| }
# 292|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:706:13: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 704|
# 705| if (!envP->fault_occurred) {
# 706|-> if (strlen(cdata) == 0)
# 707| setError(envP, "Expected value type specifier such as 'i/' or "
# 708| "'array/' but found '%s'", *cursorP);
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:779:32: warning[-Wmaybe-uninitialized]: ‘cmdline.paramCount’ may be used uninitialized
# 779 | for (i = 0; i < paramCount && !envP->fault_occurred; ++i) {
# | ~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c: scope_hint: In function ‘main’
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:904:24: note: ‘cmdline.paramCount’ was declared here
# 904 | struct cmdlineInfo cmdline;
# | ^~~~~~~
# 777| paramArrayP = xmlrpc_array_new(envP);
# 778|
# 779|-> for (i = 0; i < paramCount && !envP->fault_occurred; ++i) {
# 780| xmlrpc_value * paramP;
# 781| xmlrpc_env paramEnv;
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:785:9: warning[-Wmaybe-uninitialized]: ‘cmdline.params’ may be used uninitialized
# 785 | computeParam(¶mEnv, params[i], ¶mP);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c: scope_hint: In function ‘main’
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:904:24: note: ‘cmdline.params’ was declared here
# 904 | struct cmdlineInfo cmdline;
# | ^~~~~~~
# 783| xmlrpc_env_init(¶mEnv);
# 784|
# 785|-> computeParam(¶mEnv, params[i], ¶mP);
# 786|
# 787| if (!paramEnv.fault_occurred) {
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:788:13: warning[core.CallAndMessage]: 3rd function call argument is an uninitialized value
# 786|
# 787| if (!paramEnv.fault_occurred) {
# 788|-> xmlrpc_array_append_item(¶mEnv, paramArrayP, paramP);
# 789|
# 790| xmlrpc_DECREF(paramP);
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:822:17: warning[-Wmaybe-uninitialized]: ‘cmdline.methodName’ may be used uninitialized
# 822 | *resultPP = xmlrpc_client_call_server_params(
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 823 | &env, serverInfoP, methodName, paramArrayP);
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c: scope_hint: In function ‘main’
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:904:24: note: ‘cmdline.methodName’ was declared here
# 904 | struct cmdlineInfo cmdline;
# | ^~~~~~~
# 820| xmlrpc_env env;
# 821| xmlrpc_env_init(&env);
# 822|-> *resultPP = xmlrpc_client_call_server_params(
# 823| &env, serverInfoP, methodName, paramArrayP);
# 824|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:851:8: warning[-Wmaybe-uninitialized]: ‘MEM[(const char * *)&cmdline + 48B]’ may be used uninitialized
# 851 | if (transport && streq(transport, "curl")) {
# | ^
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c: scope_hint: In function ‘main’
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:904:24: note: ‘MEM[(const char * *)&cmdline + 48B]’ was declared here
# 904 | struct cmdlineInfo cmdline;
# | ^~~~~~~
# 849| clientparms.transport = transport;
# 850|
# 851|-> if (transport && streq(transport, "curl")) {
# 852| struct xmlrpc_curl_xportparms * curlXportParmsP;
# 853| MALLOCVAR(curlXportParmsP);
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:855:44: warning[-Wmaybe-uninitialized]: ‘cmdline.curlinterface’ may be used uninitialized
# 855 | curlXportParmsP->network_interface = curlinterface;
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c: scope_hint: In function ‘main’
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:904:24: note: ‘cmdline.curlinterface’ was declared here
# 904 | struct cmdlineInfo cmdline;
# | ^~~~~~~
# 853| MALLOCVAR(curlXportParmsP);
# 854|
# 855|-> curlXportParmsP->network_interface = curlinterface;
# 856| curlXportParmsP->no_ssl_verifypeer = curlnoverifypeer;
# 857| curlXportParmsP->no_ssl_verifyhost = curlnoverifyhost;
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:858:44: warning[-Wmaybe-uninitialized]: ‘cmdline.curluseragent’ may be used uninitialized
# 858 | curlXportParmsP->user_agent = curluseragent;
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c: scope_hint: In function ‘main’
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:904:24: note: ‘cmdline.curluseragent’ was declared here
# 904 | struct cmdlineInfo cmdline;
# | ^~~~~~~
# 856| curlXportParmsP->no_ssl_verifypeer = curlnoverifypeer;
# 857| curlXportParmsP->no_ssl_verifyhost = curlnoverifyhost;
# 858|-> curlXportParmsP->user_agent = curluseragent;
# 859|
# 860| clientparms.transportparmsP = curlXportParmsP;
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:890:12: warning[-Wmaybe-uninitialized]: ‘cmdline.username’ may be used uninitialized
# 890 | if (userName) {
# | ^
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c: scope_hint: In function ‘main’
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:904:24: note: ‘cmdline.username’ was declared here
# 904 | struct cmdlineInfo cmdline;
# | ^~~~~~~
# 888| serverInfoP = xmlrpc_server_info_new(envP, serverUrl);
# 889| if (!envP->fault_occurred) {
# 890|-> if (userName) {
# 891| xmlrpc_server_info_set_basic_auth(
# 892| envP, serverInfoP, userName, password);
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:891:13: warning[-Wmaybe-uninitialized]: ‘cmdline.password’ may be used uninitialized
# 891 | xmlrpc_server_info_set_basic_auth(
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 892 | envP, serverInfoP, userName, password);
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c: scope_hint: In function ‘main’
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:904:24: note: ‘cmdline.password’ was declared here
# 904 | struct cmdlineInfo cmdline;
# | ^~~~~~~
# 889| if (!envP->fault_occurred) {
# 890| if (userName) {
# 891|-> xmlrpc_server_info_set_basic_auth(
# 892| envP, serverInfoP, userName, password);
# 893| }
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:916:8: warning[-Wmaybe-uninitialized]: ‘MEM <unsigned int> [(struct cmdlineInfo *)&cmdline + 80B]’ may be used uninitialized
# 916 | if (cmdline.xmlsizelimitSpec)
# | ^
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:904:24: note: ‘MEM <unsigned int> [(struct cmdlineInfo *)&cmdline + 80B]’ was declared here
# 904 | struct cmdlineInfo cmdline;
# | ^~~~~~~
# 914| die_if_fault_occurred(&env);
# 915|
# 916|-> if (cmdline.xmlsizelimitSpec)
# 917| xmlrpc_limit_set(XMLRPC_XML_SIZE_LIMIT_ID, cmdline.xmlsizelimit);
# 918|
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:916:9: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 914| die_if_fault_occurred(&env);
# 915|
# 916|-> if (cmdline.xmlsizelimitSpec)
# 917| xmlrpc_limit_set(XMLRPC_XML_SIZE_LIMIT_ID, cmdline.xmlsizelimit);
# 918|
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:917:9: warning[-Wmaybe-uninitialized]: ‘cmdline.xmlsizelimit’ may be used uninitialized
# 917 | xmlrpc_limit_set(XMLRPC_XML_SIZE_LIMIT_ID, cmdline.xmlsizelimit);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:904:24: note: ‘cmdline.xmlsizelimit’ was declared here
# 904 | struct cmdlineInfo cmdline;
# | ^~~~~~~
# 915|
# 916| if (cmdline.xmlsizelimitSpec)
# 917|-> xmlrpc_limit_set(XMLRPC_XML_SIZE_LIMIT_ID, cmdline.xmlsizelimit);
# 918|
# 919| computeUrl(cmdline.url, &url);
Error: GCC_ANALYZER_WARNING (CWE-457):
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c: scope_hint: In function ‘main’
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:919:5: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘cmdline.url’
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c: scope_hint: In function ‘main’
# 917| xmlrpc_limit_set(XMLRPC_XML_SIZE_LIMIT_ID, cmdline.xmlsizelimit);
# 918|
# 919|-> computeUrl(cmdline.url, &url);
# 920|
# 921| computeParamArray(&env, cmdline.paramCount, cmdline.params, ¶mArrayP);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:919:5: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 917| xmlrpc_limit_set(XMLRPC_XML_SIZE_LIMIT_ID, cmdline.xmlsizelimit);
# 918|
# 919|-> computeUrl(cmdline.url, &url);
# 920|
# 921| computeParamArray(&env, cmdline.paramCount, cmdline.params, ¶mArrayP);
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:940:5: warning[-Wmaybe-uninitialized]: ‘resultP’ may be used uninitialized
# 940 | xmlrpc_DECREF(resultP);
# | ^~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:907:20: note: ‘resultP’ was declared here
# 907 | xmlrpc_value * resultP;
# | ^~~~~~~
# 938| strfree(url);
# 939|
# 940|-> xmlrpc_DECREF(resultP);
# 941|
# 942| freeCmdline(cmdline);
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/tools/xmlrpc/xmlrpc.c:944:5: warning[unix.Malloc]: Potential leak of memory pointed to by 'cmdline.params'
# 942| freeCmdline(cmdline);
# 943|
# 944|-> xmlrpc_env_clean(&env);
# 945|
# 946| return 0;
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/tools/xmlrpc_dumpserver/xmlrpc_dumpserver.c:253:9: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 251| const char * error;
# 252|
# 253|-> runServer(cmdline.port, &error);
# 254|
# 255| if (error) {
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/tools/xmlrpc_transport/xmlrpc_transport.c:132:9: warning[-Wmaybe-uninitialized]: ‘cmdline.url’ may be used uninitialized
# 132 | if (strstr(urlArg, "://") != 0) {
# | ^~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/tools/xmlrpc_transport/xmlrpc_transport.c: scope_hint: In function ‘main’
xmlrpc-c-1.59.03/tools/xmlrpc_transport/xmlrpc_transport.c:247:24: note: ‘cmdline.url’ was declared here
# 247 | struct cmdlineInfo cmdline;
# | ^~~~~~~
# 130| const char ** const urlP) {
# 131|
# 132|-> if (strstr(urlArg, "://") != 0) {
# 133| *urlP = strdup(urlArg);
# 134| } else {
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/tools/xmlrpc_transport/xmlrpc_transport.c:150:27: warning[-Wmaybe-uninitialized]: ‘cmdline.transport’ may be used uninitialized
# 150 | clientparms.transport = transport;
# | ~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
xmlrpc-c-1.59.03/tools/xmlrpc_transport/xmlrpc_transport.c: scope_hint: In function ‘main’
xmlrpc-c-1.59.03/tools/xmlrpc_transport/xmlrpc_transport.c:247:24: note: ‘cmdline.transport’ was declared here
# 247 | struct cmdlineInfo cmdline;
# | ^~~~~~~
# 148| struct xmlrpc_clientparms clientparms;
# 149|
# 150|-> clientparms.transport = transport;
# 151|
# 152| clientparms.transportparmsP = NULL;
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/tools/xmlrpc_transport/xmlrpc_transport.c:178:12: warning[-Wmaybe-uninitialized]: ‘cmdline.username’ may be used uninitialized
# 178 | if (userName) {
# | ^
xmlrpc-c-1.59.03/tools/xmlrpc_transport/xmlrpc_transport.c: scope_hint: In function ‘main’
xmlrpc-c-1.59.03/tools/xmlrpc_transport/xmlrpc_transport.c:247:24: note: ‘cmdline.username’ was declared here
# 247 | struct cmdlineInfo cmdline;
# | ^~~~~~~
# 176| serverInfoP = xmlrpc_server_info_new(envP, serverUrl);
# 177| if (!envP->fault_occurred) {
# 178|-> if (userName) {
# 179| xmlrpc_server_info_set_basic_auth(
# 180| envP, serverInfoP, userName, password);
Error: COMPILER_WARNING (CWE-457):
xmlrpc-c-1.59.03/tools/xmlrpc_transport/xmlrpc_transport.c:179:13: warning[-Wmaybe-uninitialized]: ‘cmdline.password’ may be used uninitialized
# 179 | xmlrpc_server_info_set_basic_auth(
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 180 | envP, serverInfoP, userName, password);
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmlrpc-c-1.59.03/tools/xmlrpc_transport/xmlrpc_transport.c: scope_hint: In function ‘main’
xmlrpc-c-1.59.03/tools/xmlrpc_transport/xmlrpc_transport.c:247:24: note: ‘cmdline.password’ was declared here
# 247 | struct cmdlineInfo cmdline;
# | ^~~~~~~
# 177| if (!envP->fault_occurred) {
# 178| if (userName) {
# 179|-> xmlrpc_server_info_set_basic_auth(
# 180| envP, serverInfoP, userName, password);
# 181| }
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/tools/xmlrpc_transport/xmlrpc_transport.c:259:5: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 257| die_if_fault_occurred(&env);
# 258|
# 259|-> computeUrl(cmdline.url, &url);
# 260|
# 261| createServerInfo(&env, url, cmdline.username, cmdline.password,
Error: CLANG_WARNING:
xmlrpc-c-1.59.03/tools/xmlrpc_transport/xmlrpc_transport.c:285:5: warning[unix.Malloc]: Potential leak of memory pointed to by 'url'
# 283| strfree(url);
# 284|
# 285|-> freeCmdline(cmdline);
# 286|
# 287| xmlrpc_env_clean(&env);