Task #2246 - osbuild-composer-114-1.20240729130750001817.main.3.g769b04b86/scan-results.err
back to task #2246download
Error: GCC_ANALYZER_WARNING (CWE-775):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘parse_proc_stringlist’
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/containers/storage/pkg/unshare/unshare.c:120:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
# 118| if (new_buf == NULL) {
# 119| free(buf);
# 120|-> fprintf(stderr, "realloc(%ld): out of memory\n", (long)(size + BUFSTEP));
# 121| return NULL;
# 122| }
Error: GCC_ANALYZER_WARNING (CWE-775):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/containers/storage/pkg/unshare/unshare.c:128:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
# 126| n = read(fd, buf + used, size - used - 1);
# 127| if (n < 0) {
# 128|-> fprintf(stderr, "read(): %m\n");
# 129| return NULL;
# 130| }
Error: GCC_ANALYZER_WARNING (CWE-401):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/containers/storage/pkg/unshare/unshare.c:128:25: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
# 126| n = read(fd, buf + used, size - used - 1);
# 127| if (n < 0) {
# 128|-> fprintf(stderr, "read(): %m\n");
# 129| return NULL;
# 130| }
Error: GCC_ANALYZER_WARNING (CWE-401):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/containers/storage/pkg/unshare/unshare.c:128:25: warning[-Wanalyzer-malloc-leak]: leak of ‘new_buf’
# 126| n = read(fd, buf + used, size - used - 1);
# 127| if (n < 0) {
# 128|-> fprintf(stderr, "read(): %m\n");
# 129| return NULL;
# 130| }
Error: GCC_ANALYZER_WARNING (CWE-401):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/containers/storage/pkg/unshare/unshare.c:145:17: warning[-Wanalyzer-malloc-leak]: leak of ‘new_buf’
# 143| ret = calloc(n_strings + 1, sizeof(char *));
# 144| if (ret == NULL) {
# 145|-> fprintf(stderr, "calloc(): out of memory\n");
# 146| return NULL;
# 147| }
Error: GCC_ANALYZER_WARNING (CWE-401):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘containers_reexec’
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/containers/storage/pkg/unshare/unshare.c:288:12: warning[-Wanalyzer-malloc-leak]: leak of ‘argv’
# 286| if (fd < 0)
# 287| fd = copy_self_proc_exe(argv);
# 288|-> if (fd < 0)
# 289| return fd;
# 290|
Error: GCC_ANALYZER_WARNING (CWE-476):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function 'New'
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/miekg/pkcs11/pkcs11.go:77:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'c'
# 75| CK_C_GetFunctionList list;
# 76| struct ctx *c = calloc(1, sizeof(struct ctx));
# 77|-> c->handle = dlopen(module, RTLD_LAZY);
# 78| if (c->handle == NULL) {
# 79| free(c);
Error: GCC_ANALYZER_WARNING (CWE-476):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function ‘New’
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/miekg/pkcs11/pkcs11.go:77:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘c’
# 75| CK_C_GetFunctionList list;
# 76| struct ctx *c = calloc(1, sizeof(struct ctx));
# 77|-> c->handle = dlopen(module, RTLD_LAZY);
# 78| if (c->handle == NULL) {
# 79| free(c);
Error: GCC_ANALYZER_WARNING (CWE-401):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function ‘GetAttributeValue.part.0’
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/miekg/pkcs11/pkcs11.go:316:32: warning[-Wanalyzer-malloc-leak]: leak of ‘*((CK_ATTRIBUTE *)temp).pValue’
# 314| continue;
# 315| }
# 316|-> temp[i].pValue = calloc(temp[i].ulValueLen, sizeof(CK_BYTE));
# 317| }
# 318| return c->sym->C_GetAttributeValue(session, object, temp, templen);
Error: GCC_ANALYZER_WARNING (CWE-688):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go: scope_hint: In function 'gnu_ext_crypt'
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go:60:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'ret' where non-null expected
<built-in>: note: argument 1 of '__builtin_strcpy' must be non-null
# 58|
# 59| ret = (char *)malloc((strlen(enc)+1) * sizeof(char)); // for trailing null
# 60|-> strcpy(ret, enc);
# 61| ret[strlen(enc)]= '\0';
# 62|
Error: GCC_ANALYZER_WARNING (CWE-688):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go: scope_hint: In function ‘gnu_ext_crypt’
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go:60:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘ret’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strcpy’ must be non-null
# 58|
# 59| ret = (char *)malloc((strlen(enc)+1) * sizeof(char)); // for trailing null
# 60|-> strcpy(ret, enc);
# 61| ret[strlen(enc)]= '\0';
# 62|
Error: GCC_ANALYZER_WARNING (CWE-476):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/ubccr/kerby/base64.c: scope_hint: In function ‘base64_encode’
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/ubccr/kerby/base64.c:49:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 47| while (vlen >= 3)
# 48| {
# 49|-> *out++ = basis_64[value[0] >> 2];
# 50| *out++ = basis_64[((value[0] << 4) & 0x30) | (value[1] >> 4)];
# 51| *out++ = basis_64[((value[1] << 2) & 0x3C) | (value[2] >> 6)];
Error: GCC_ANALYZER_WARNING (CWE-476):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/ubccr/kerby/base64.c:58:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 56| if (vlen > 0)
# 57| {
# 58|-> *out++ = basis_64[value[0] >> 2];
# 59| unsigned char oval = (value[0] << 4) & 0x30;
# 60| if (vlen > 1) oval |= value[1] >> 4;
Error: GCC_ANALYZER_WARNING (CWE-476):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/ubccr/kerby/base64.c:65:10: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 63| *out++ = '=';
# 64| }
# 65|-> *out = '\0';
# 66|
# 67| return result;
Error: GCC_ANALYZER_WARNING (CWE-476):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/ubccr/kerby/base64.c: scope_hint: In function ‘base64_decode’
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/ubccr/kerby/base64.c:106:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 104|
# 105| value += 4;
# 106|-> *out++ = (CHAR64(c1) << 2) | (CHAR64(c2) >> 4);
# 107| *rlen += 1;
# 108|
Error: GCC_ANALYZER_WARNING (CWE-476):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/ubccr/kerby/base64.c:121:13: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘result’
# 119|
# 120| base64_decode_error:
# 121|-> *result = 0;
# 122| *rlen = 0;
# 123|
Error: GCC_ANALYZER_WARNING (CWE-688):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/ubccr/kerby/kerberosgss.c: scope_hint: In function ‘authenticate_gss_client_step’
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/ubccr/kerby/kerberosgss.c:219:13: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*state.username’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strncpy’ must be non-null
# 217| } else {
# 218| state->username = (char *)malloc(name_token.length + 1);
# 219|-> strncpy(state->username, (char*) name_token.value, name_token.length);
# 220| state->username[name_token.length] = 0;
# 221| gss_release_buffer(&state->min_stat, &name_token);
Error: GCC_ANALYZER_WARNING (CWE-688):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/ubccr/kerby/kerberosgss.c: scope_hint: In function ‘authenticate_gss_server_step’
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/ubccr/kerby/kerberosgss.c:386:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*state.username’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strncpy’ must be non-null
# 384| }
# 385| state->username = (char *)malloc(output_token.length + 1);
# 386|-> strncpy(state->username, (char*) output_token.value, output_token.length);
# 387| state->username[output_token.length] = 0;
# 388|
Error: GCC_ANALYZER_WARNING (CWE-688):
osbuild-composer-114-build/osbuild-composer-114/vendor/github.com/ubccr/kerby/kerberosgss.c:408:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*state.targetname’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strncpy’ must be non-null
# 406| }
# 407| state->targetname = (char *)malloc(output_token.length + 1);
# 408|-> strncpy(
# 409| state->targetname, (char*) output_token.value, output_token.length
# 410| );