OpenScanHub - Task log

Task #2028 - xorg-x11-xauth-1.1.2-6.fc40/scan-results.err

back to task #2028
download

Error: GCC_ANALYZER_WARNING (CWE-476):
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/gethost.c: scope_hint: In function ‘get_address_info’
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/gethost.c:235:28: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘c’
#  233|   			src = fulldpyname;
#  234|   		} else {
#  235|-> 			*c = '\0';
#  236|   			src = buf;
#  237|   		}

Error: CPPCHECK_WARNING:
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/parsedpy.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: GCC_ANALYZER_WARNING (CWE-122):
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/parsedpy.c: scope_hint: In function ‘copystring’
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/parsedpy.c:69:17: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
#   67|       if (cp) {
#   68|   	if (src) memcpy (cp, src, len);
#   69|-> 	cp[len] = '\0';
#   70|       }
#   71|       return cp;

Error: CPPCHECK_WARNING:
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: GCC_ANALYZER_WARNING (CWE-476):
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c: scope_hint: In function ‘split_into_words’
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:291:15: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  289|   	jword = skip_space (src);
#  290|   	src = skip_nonspace (jword);
#  291|-> 	savec = *src;
#  292|   	*src = '\0';
#  293|   	if (cur == total) {

Error: GCC_ANALYZER_WARNING (CWE-762):
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:296:24: warning[-Wanalyzer-mismatching-deallocation]: ‘argv’ should have been deallocated with ‘free’ but was deallocated with ‘reallocarray’
#  294|   	    const char **new_argv;
#  295|   	    total += WORDSTOALLOC;
#  296|-> 	    new_argv = reallocarray (argv, total, sizeof (char *));
#  297|   	    if (new_argv != NULL) {
#  298|   		argv = new_argv;

Error: CLANG_WARNING:
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:453:12: warning[unix.Malloc]: Potential leak of memory pointed to by 'auth'
#  451|     bad:
#  452|       if (auth) XauDisposeAuth (auth);	/* won't free null pointers */
#  453|->     return NULL;
#  454|   }
#  455|   

Error: GCC_ANALYZER_WARNING (CWE-401):
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:537:28: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
#  535|   
#  536|   		if (authl_cur == NULL) {
#  537|-> 		    *authl = authl_cur = newal;
#  538|   		} else {
#  539|   		    authl_cur->next = newal;

Error: GCC_ANALYZER_WARNING (CWE-401):
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:537:28: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
#  535|   
#  536|   		if (authl_cur == NULL) {
#  537|-> 		    *authl = authl_cur = newal;
#  538|   		} else {
#  539|   		    authl_cur->next = newal;

Error: GCC_ANALYZER_WARNING (CWE-401):
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c: scope_hint: In function ‘get_displayname_auth’
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:537:28: warning[-Wanalyzer-malloc-leak]: leak of ‘proto_head’
#  535|   
#  536|   		if (authl_cur == NULL) {
#  537|-> 		    *authl = authl_cur = newal;
#  538|   		} else {
#  539|   		    authl_cur->next = newal;

Error: GCC_ANALYZER_WARNING (CWE-401):
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:544:29: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
#  542|   
#  543|   		newal->next = NULL;
#  544|-> 		newal->auth = auth;
#  545|   
#  546|   		auth->family = addrlist_cur->family;

Error: CLANG_WARNING:
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:602:4: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
#  600|   
#  601|       for (us = (unsigned char *) retval, i = len; i > 0; hexstr++) {
#  602|-> 	c = *hexstr;
#  603|   	if (isspace(c)) continue;	 /* already know it is ascii */
#  604|   	if (isupper(c))

Error: CLANG_WARNING:
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1081:6: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 1079|   	    a->number_length == b->number_length &&
# 1080|   	    a->name_length == b->name_length &&
# 1081|-> 	    memcmp(a->address, b->address, a->address_length) == 0 &&
# 1082|   	    memcmp(a->number, b->number, a->number_length) == 0 &&
# 1083|   	    memcmp(a->name, b->name, a->name_length) == 0) ? 1 : 0);

Error: GCC_ANALYZER_WARNING (CWE-688):
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c: scope_hint: In function ‘eq_auth_dpy_and_name’
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1081:13: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:51: included_from: Included from here.
/usr/include/X11/Xos.h:62: included_from: Included from here.
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/xauth.h:29: included_from: Included from here.
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:37: included_from: Included from here.
/usr/include/string.h:64:12: note: argument 2 of ‘memcmp’ must be non-null
# 1079|   	    a->number_length == b->number_length &&
# 1080|   	    a->name_length == b->name_length &&
# 1081|-> 	    memcmp(a->address, b->address, a->address_length) == 0 &&
# 1082|   	    memcmp(a->number, b->number, a->number_length) == 0 &&
# 1083|   	    memcmp(a->name, b->name, a->name_length) == 0) ? 1 : 0);

Error: GCC_ANALYZER_WARNING (CWE-688):
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1082:13: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
/usr/include/string.h:64:12: note: argument 2 of ‘memcmp’ must be non-null
# 1080|   	    a->name_length == b->name_length &&
# 1081|   	    memcmp(a->address, b->address, a->address_length) == 0 &&
# 1082|-> 	    memcmp(a->number, b->number, a->number_length) == 0 &&
# 1083|   	    memcmp(a->name, b->name, a->name_length) == 0) ? 1 : 0);
# 1084|   }

Error: GCC_ANALYZER_WARNING (CWE-476):
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c: scope_hint: In function ‘match_auth_dpy’
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1097:37: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘b’
# 1095|   match_auth_dpy(register Xauth *a, register Xauth *b)
# 1096|   {
# 1097|->     if (a->family != FamilyWild && b->family != FamilyWild) {
# 1098|           /* Both "a" and "b" are not FamilyWild, they are "normal" families. */
# 1099|   	

Error: GCC_ANALYZER_WARNING (CWE-688):
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1110:13: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
/usr/include/string.h:64:12: note: argument 2 of ‘memcmp’ must be non-null
# 1108|   	 * "FamilyWild". */
# 1109|   	if (a->address_length != b->address_length ||
# 1110|->             memcmp(a->address, b->address, a->address_length) != 0)
# 1111|               return 0;
# 1112|       }

Error: CLANG_WARNING:
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1110:13: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 1108|   	 * "FamilyWild". */
# 1109|   	if (a->address_length != b->address_length ||
# 1110|->             memcmp(a->address, b->address, a->address_length) != 0)
# 1111|               return 0;
# 1112|       }

Error: GCC_ANALYZER_WARNING (CWE-476):
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1114:35: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘b’
# 1112|       }
# 1113|       
# 1114|->     if (a->number_length != 0 && b->number_length != 0) {
# 1115|   	/* Both "a" and "b" have a number, make sure they match: */
# 1116|   	if (a->number_length != b->number_length ||

Error: CLANG_WARNING:
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1347:12: warning[unix.Malloc]: Potential leak of memory pointed to by 'tmp_auth'
# 1345|       }
# 1346|   
# 1347|->     return errors;
# 1348|   }
# 1349|   

Error: CLANG_WARNING:
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1550:39: warning[unix.Malloc]: Potential leak of memory pointed to by 'listtail'
# 1548|   	    errors++;
# 1549|   	} else {			/* link it in */
# 1550|-> 	    add_to_list (listhead, listtail, head);
# 1551|    	}
# 1552|   

Error: GCC_ANALYZER_WARNING (CWE-401):
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c: scope_hint: In function ‘do_generate’
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1958:26: warning[-Wanalyzer-malloc-leak]: leak of ‘authdata’
# 1956|   	    authdatalen = strlen(hexdata);
# 1957|   	    if (hexdata[0] == '"' && hexdata[authdatalen-1] == '"') {
# 1958|-> 		authdata = malloc(authdatalen-1);
# 1959|   		if (!authdata) {
# 1960|   		    fprintf(stderr, "unable to allocate memory\n");

Error: CLANG_WARNING:
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1964:3: warning[unix.Malloc]: Potential leak of memory pointed to by 'authdata'
# 1962|   		    goto exit_generate;
# 1963|   		}
# 1964|-> 		strncpy(authdata, hexdata+1, authdatalen-2);
# 1965|   		authdata[authdatalen-2] = '\0';
# 1966|   		authdatalen -= 2;

Error: CPPCHECK_WARNING:
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/xauth.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Issues can be reported to the mailing list. User documentation can be found on the wiki.