xorg-x11-xauth-1.1.2-6.fc40
List of Defects
Error: GCC_ANALYZER_WARNING (CWE-476): [#def1]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/gethost.c: scope_hint: In function ‘get_address_info’
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/gethost.c:235:28: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘c’
# 233| src = fulldpyname;
# 234| } else {
# 235|-> *c = '\0';
# 236| src = buf;
# 237| }
Error: CPPCHECK_WARNING: [#def2]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/parsedpy.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-122): [#def3]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/parsedpy.c: scope_hint: In function ‘copystring’
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/parsedpy.c:69:17: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
# 67| if (cp) {
# 68| if (src) memcpy (cp, src, len);
# 69|-> cp[len] = '\0';
# 70| }
# 71| return cp;
Error: CPPCHECK_WARNING: [#def4]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-476): [#def5]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c: scope_hint: In function ‘split_into_words’
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:291:15: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 289| jword = skip_space (src);
# 290| src = skip_nonspace (jword);
# 291|-> savec = *src;
# 292| *src = '\0';
# 293| if (cur == total) {
Error: GCC_ANALYZER_WARNING (CWE-762): [#def6]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:296:24: warning[-Wanalyzer-mismatching-deallocation]: ‘argv’ should have been deallocated with ‘free’ but was deallocated with ‘reallocarray’
# 294| const char **new_argv;
# 295| total += WORDSTOALLOC;
# 296|-> new_argv = reallocarray (argv, total, sizeof (char *));
# 297| if (new_argv != NULL) {
# 298| argv = new_argv;
Error: CLANG_WARNING: [#def7]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:453:12: warning[unix.Malloc]: Potential leak of memory pointed to by 'auth'
# 451| bad:
# 452| if (auth) XauDisposeAuth (auth); /* won't free null pointers */
# 453|-> return NULL;
# 454| }
# 455|
Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:537:28: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
# 535|
# 536| if (authl_cur == NULL) {
# 537|-> *authl = authl_cur = newal;
# 538| } else {
# 539| authl_cur->next = newal;
Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:537:28: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
# 535|
# 536| if (authl_cur == NULL) {
# 537|-> *authl = authl_cur = newal;
# 538| } else {
# 539| authl_cur->next = newal;
Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c: scope_hint: In function ‘get_displayname_auth’
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:537:28: warning[-Wanalyzer-malloc-leak]: leak of ‘proto_head’
# 535|
# 536| if (authl_cur == NULL) {
# 537|-> *authl = authl_cur = newal;
# 538| } else {
# 539| authl_cur->next = newal;
Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:544:29: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
# 542|
# 543| newal->next = NULL;
# 544|-> newal->auth = auth;
# 545|
# 546| auth->family = addrlist_cur->family;
Error: CLANG_WARNING: [#def12]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:602:4: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 600|
# 601| for (us = (unsigned char *) retval, i = len; i > 0; hexstr++) {
# 602|-> c = *hexstr;
# 603| if (isspace(c)) continue; /* already know it is ascii */
# 604| if (isupper(c))
Error: CLANG_WARNING: [#def13]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1081:6: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 1079| a->number_length == b->number_length &&
# 1080| a->name_length == b->name_length &&
# 1081|-> memcmp(a->address, b->address, a->address_length) == 0 &&
# 1082| memcmp(a->number, b->number, a->number_length) == 0 &&
# 1083| memcmp(a->name, b->name, a->name_length) == 0) ? 1 : 0);
Error: GCC_ANALYZER_WARNING (CWE-688): [#def14]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c: scope_hint: In function ‘eq_auth_dpy_and_name’
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1081:13: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:51: included_from: Included from here.
/usr/include/X11/Xos.h:62: included_from: Included from here.
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/xauth.h:29: included_from: Included from here.
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:37: included_from: Included from here.
/usr/include/string.h:64:12: note: argument 2 of ‘memcmp’ must be non-null
# 1079| a->number_length == b->number_length &&
# 1080| a->name_length == b->name_length &&
# 1081|-> memcmp(a->address, b->address, a->address_length) == 0 &&
# 1082| memcmp(a->number, b->number, a->number_length) == 0 &&
# 1083| memcmp(a->name, b->name, a->name_length) == 0) ? 1 : 0);
Error: GCC_ANALYZER_WARNING (CWE-688): [#def15]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1082:13: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
/usr/include/string.h:64:12: note: argument 2 of ‘memcmp’ must be non-null
# 1080| a->name_length == b->name_length &&
# 1081| memcmp(a->address, b->address, a->address_length) == 0 &&
# 1082|-> memcmp(a->number, b->number, a->number_length) == 0 &&
# 1083| memcmp(a->name, b->name, a->name_length) == 0) ? 1 : 0);
# 1084| }
Error: GCC_ANALYZER_WARNING (CWE-476): [#def16]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c: scope_hint: In function ‘match_auth_dpy’
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1097:37: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘b’
# 1095| match_auth_dpy(register Xauth *a, register Xauth *b)
# 1096| {
# 1097|-> if (a->family != FamilyWild && b->family != FamilyWild) {
# 1098| /* Both "a" and "b" are not FamilyWild, they are "normal" families. */
# 1099|
Error: GCC_ANALYZER_WARNING (CWE-688): [#def17]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1110:13: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
/usr/include/string.h:64:12: note: argument 2 of ‘memcmp’ must be non-null
# 1108| * "FamilyWild". */
# 1109| if (a->address_length != b->address_length ||
# 1110|-> memcmp(a->address, b->address, a->address_length) != 0)
# 1111| return 0;
# 1112| }
Error: CLANG_WARNING: [#def18]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1110:13: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 1108| * "FamilyWild". */
# 1109| if (a->address_length != b->address_length ||
# 1110|-> memcmp(a->address, b->address, a->address_length) != 0)
# 1111| return 0;
# 1112| }
Error: GCC_ANALYZER_WARNING (CWE-476): [#def19]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1114:35: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘b’
# 1112| }
# 1113|
# 1114|-> if (a->number_length != 0 && b->number_length != 0) {
# 1115| /* Both "a" and "b" have a number, make sure they match: */
# 1116| if (a->number_length != b->number_length ||
Error: CLANG_WARNING: [#def20]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1347:12: warning[unix.Malloc]: Potential leak of memory pointed to by 'tmp_auth'
# 1345| }
# 1346|
# 1347|-> return errors;
# 1348| }
# 1349|
Error: CLANG_WARNING: [#def21]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1550:39: warning[unix.Malloc]: Potential leak of memory pointed to by 'listtail'
# 1548| errors++;
# 1549| } else { /* link it in */
# 1550|-> add_to_list (listhead, listtail, head);
# 1551| }
# 1552|
Error: GCC_ANALYZER_WARNING (CWE-401): [#def22]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c: scope_hint: In function ‘do_generate’
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1958:26: warning[-Wanalyzer-malloc-leak]: leak of ‘authdata’
# 1956| authdatalen = strlen(hexdata);
# 1957| if (hexdata[0] == '"' && hexdata[authdatalen-1] == '"') {
# 1958|-> authdata = malloc(authdatalen-1);
# 1959| if (!authdata) {
# 1960| fprintf(stderr, "unable to allocate memory\n");
Error: CLANG_WARNING: [#def23]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/process.c:1964:3: warning[unix.Malloc]: Potential leak of memory pointed to by 'authdata'
# 1962| goto exit_generate;
# 1963| }
# 1964|-> strncpy(authdata, hexdata+1, authdatalen-2);
# 1965| authdata[authdatalen-2] = '\0';
# 1966| authdatalen -= 2;
Error: CPPCHECK_WARNING: [#def24]
xorg-x11-xauth-1.1.2-build/xauth-1.1.2/xauth.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Scan Properties
analyzer-version-clang | 18.1.7 |
analyzer-version-cppcheck | 2.14.2 |
analyzer-version-gcc | 14.1.1 |
analyzer-version-gcc-analyzer | 14.1.1 |
analyzer-version-shellcheck | 0.10.0 |
enabled-plugins | clang, cppcheck, gcc, shellcheck |
exit-code | 0 |
host | ip-172-16-1-150.us-west-2.compute.internal |
mock-config | fedora-41-x86_64 |
project-name | xorg-x11-xauth-1.1.2-6.fc40 |
store-results-to | /tmp/tmpslpn6fi0/xorg-x11-xauth-1.1.2-6.fc40.tar.xz |
time-created | 2024-07-03 19:43:23 |
time-finished | 2024-07-03 19:44:47 |
tool | csmock |
tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmpslpn6fi0/xorg-x11-xauth-1.1.2-6.fc40.tar.xz' '--gcc-analyze' '/tmp/tmpslpn6fi0/xorg-x11-xauth-1.1.2-6.fc40.src.rpm' |
tool-version | csmock-3.5.3-1.el9 |