Task #233 - jose-13-1.fc40/scan-results.err
back to task #233download
Error: CLANG_WARNING:
jose-13/cmd/alg.c:136:5: warning[core.VLASize]: Declared variable-length array (VLA) has zero size
# 134| }
# 135|
# 136|-> const char *names[len];
# 137|
# 138| for (const jose_hook_alg_t *a = jose_hook_alg_list(); a; a = a->next) {
Error: CPPCHECK_WARNING (CWE-457):
jose-13/cmd/alg.c:143: warning[uninitvar]: Uninitialized variable: names
# 141| }
# 142|
# 143|-> qsort(names, sizeof(names) / sizeof(*names), sizeof(*names), cmp);
# 144|
# 145| for (size_t i = 0; i < sizeof(names) / sizeof(*names); i++)
Error: CPPCHECK_WARNING:
jose-13/cmd/b64/dec.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING:
jose-13/cmd/b64/enc.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-775):
jose-13/cmd/fmt.c: scope_hint: In function ‘cmd_foreach’
jose-13/cmd/fmt.c:133:8: warning[-Wanalyzer-file-leak]: leak of FILE ‘file’
jose-13/include/jose/b64.h:27: included_from: Included from here.
jose-13/redhat-linux-build/include/jose/jose.h:38: included_from: Included from here.
jose-13/cmd/jose.h:20: included_from: Included from here.
jose-13/cmd/fmt.c:18: included_from: Included from here.
# 131|
# 132| egress:
# 133|-> if (strcmp(s, "-") != 0)
# 134| fclose(file);
# 135| return ret;
Error: GCC_ANALYZER_WARNING (CWE-401):
jose-13/cmd/fmt.c:133:8: warning[-Wanalyzer-malloc-leak]: leak of ‘file’
cc1: note: unrecognized command-line option ‘-Wno-unused-command-line-argument’ may have been intended to silence earlier diagnostics
# 131|
# 132| egress:
# 133|-> if (strcmp(s, "-") != 0)
# 134| fclose(file);
# 135| return ret;
Error: CPPCHECK_WARNING:
jose-13/cmd/jose.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-775):
jose-13/cmd/jose.c: scope_hint: In function ‘jcmd_opt_set_jwkt’
jose-13/cmd/jose.c:336:31: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(arg, "r")’
# 334| tmp = json_loadf(stdin, flags, NULL);
# 335| } else {
# 336|-> FILE_AUTO *file = fopen(arg, "r");
# 337| tmp = json_loadf(file, flags, NULL);
# 338| }
Error: GCC_ANALYZER_WARNING (CWE-401):
jose-13/cmd/jose.c:336:31: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(arg, "r")’
# 334| tmp = json_loadf(stdin, flags, NULL);
# 335| } else {
# 336|-> FILE_AUTO *file = fopen(arg, "r");
# 337| tmp = json_loadf(file, flags, NULL);
# 338| }
Error: GCC_ANALYZER_WARNING (CWE-775):
jose-13/cmd/jose.c: scope_hint: In function ‘jcmd_opt_set_jwks’
jose-13/cmd/jose.c:366:27: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(arg, "r")’
# 364| tmp = json_loadf(stdin, flags, NULL);
# 365| } else {
# 366|-> FILE_AUTO *file = fopen(arg, "r");
# 367| tmp = json_loadf(file, flags, NULL);
# 368| }
Error: GCC_ANALYZER_WARNING (CWE-401):
jose-13/cmd/jose.c:366:27: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(arg, "r")’
cc1: note: unrecognized command-line option ‘-Wno-unused-command-line-argument’ may have been intended to silence earlier diagnostics
# 364| tmp = json_loadf(stdin, flags, NULL);
# 365| } else {
# 366|-> FILE_AUTO *file = fopen(arg, "r");
# 367| tmp = json_loadf(file, flags, NULL);
# 368| }
Error: CLANG_WARNING:
jose-13/cmd/jose.c:511:5: warning[core.VLASize]: Declared variable-length array (VLA) has zero size
# 509| }
# 510|
# 511|-> const jcmd_t *all[len];
# 512|
# 513| for (const jcmd_t *c = cmds; c; c = c->next)
Error: CPPCHECK_WARNING (CWE-457):
jose-13/cmd/jose.c:516: warning[uninitvar]: Uninitialized variables: all.next, all.names, all.func, all.desc
# 514| all[--len] = c;
# 515|
# 516|-> qsort(all, sizeof(all) / sizeof(*all), sizeof(*all), cmp);
# 517|
# 518| fprintf(stderr, "Usage: jose COMMAND [OPTIONS] [ARGUMENTS]\n\n");
Error: CPPCHECK_WARNING:
jose-13/cmd/jwe/dec.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING:
jose-13/cmd/jwe/enc.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING (CWE-227):
jose-13/cmd/jwe/pwd.h:69: error[IOWithoutPositioning]: Read and write operations without a call to a positioning function (fseek, fsetpos or rewind) or fflush in between result in undefined behaviour.
# 67| memset(pwd, 0, sizeof(pwd));
# 68| for (size_t i = 0; i < sizeof(pwd) - 1; i++) {
# 69|-> int c = fgetc(tty);
# 70| if (c == EOF || !isprint(c) || isspace(c))
# 71| break;
Error: CPPCHECK_WARNING:
jose-13/cmd/jwk/exc.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING:
jose-13/cmd/jwk/thp.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING:
jose-13/cmd/jws/sig.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING:
jose-13/lib/b64.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/b64.c:211: error[memleak]: Memory leak: i
# 209|
# 210| i->next = jose_io_incref(next);
# 211|-> return jose_io_incref(io);
# 212| }
# 213|
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/b64.c:335: error[memleak]: Memory leak: i
# 333|
# 334| i->next = jose_io_incref(next);
# 335|-> return jose_io_incref(io);
# 336| }
# 337|
Error: GCC_ANALYZER_WARNING (CWE-401):
jose-13/lib/io.c: scope_hint: In function ‘jose_io_malloc’
jose-13/lib/io.c:54:9: warning[-Wanalyzer-malloc-leak]: leak of ‘i’
# 52|
# 53| jose_io_decref(*io);
# 54|-> *io = NULL;
# 55| }
# 56|
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/io.c:137: error[memleak]: Memory leak: i
# 135| i->buf = buf;
# 136| i->len = len;
# 137|-> return jose_io_incref(io);
# 138| }
# 139|
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/io.c:201: error[memleak]: Memory leak: i
# 199|
# 200| *len = 0;
# 201|-> return jose_io_incref(io);
# 202| }
# 203|
Error: CPPCHECK_WARNING:
jose-13/lib/jwe.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING:
jose-13/lib/jwk.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING:
jose-13/lib/jws.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING:
jose-13/lib/jws.c:200:24: warning[unix.Malloc]: Potential leak of memory pointed to by 'ios'
# 198| ios[i] = jose_jws_sig_io(cfg, jws, tmp, key);
# 199| if (!ios[i])
# 200|-> return NULL;
# 201| }
# 202|
Error: CLANG_WARNING:
jose-13/lib/jws.c:270:24: warning[unix.Malloc]: Potential leak of memory pointed to by 'ios'
# 268| j++;
# 269| else if (all)
# 270|-> return NULL;
# 271| }
# 272|
Error: CPPCHECK_WARNING:
jose-13/lib/openssl/aesgcm.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING:
jose-13/lib/openssl/aesgcmkw.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING:
jose-13/lib/openssl/ecdhes.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING:
jose-13/lib/openssl/ecdsa.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/openssl/ecdsa.c:252: error[memleak]: Memory leak: i
# 250| i->key = jose_openssl_jwk_to_EC_KEY(cfg, jwk);
# 251| if (!i->b || !i->h || !i->obj || !i->sig || !i->key)
# 252|-> return NULL;
# 253|
# 254| return jose_io_incref(io);
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/openssl/ecdsa.c:254: error[memleak]: Memory leak: i
# 252| return NULL;
# 253|
# 254|-> return jose_io_incref(io);
# 255| }
# 256|
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/openssl/ecdsa.c:283: error[memleak]: Memory leak: i
# 281| i->key = jose_openssl_jwk_to_EC_KEY(cfg, jwk);
# 282| if (!i->b || !i->h || !i->sig || !i->key)
# 283|-> return NULL;
# 284|
# 285| return jose_io_incref(io);
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/openssl/ecdsa.c:285: error[memleak]: Memory leak: i
# 283| return NULL;
# 284|
# 285|-> return jose_io_incref(io);
# 286| }
# 287|
Error: CPPCHECK_WARNING:
jose-13/lib/openssl/hmac.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/openssl/hmac.c:256: error[memleak]: Memory leak: i
# 254| i->hctx = jhmac(alg, cfg, sig, jwk);
# 255| if (!i->obj || !i->sig || !i->hctx)
# 256|-> return NULL;
# 257|
# 258| return jose_io_incref(io);
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/openssl/hmac.c:258: error[memleak]: Memory leak: i
# 256| return NULL;
# 257|
# 258|-> return jose_io_incref(io);
# 259| }
# 260|
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/openssl/hmac.c:280: error[memleak]: Memory leak: i
# 278| i->hctx = jhmac(alg, cfg, sig, jwk);
# 279| if (!i->sig || !i->hctx)
# 280|-> return NULL;
# 281|
# 282| return jose_io_incref(io);
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/openssl/hmac.c:282: error[memleak]: Memory leak: i
# 280| return NULL;
# 281|
# 282|-> return jose_io_incref(io);
# 283| }
# 284|
Error: CPPCHECK_WARNING:
jose-13/lib/openssl/jwk.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING:
jose-13/lib/openssl/misc.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING:
jose-13/lib/openssl/pbes2.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING:
jose-13/lib/openssl/pbes2.c:42:15: warning[deadcode.DeadStores]: Although the value stored to 'key' is used in the enclosing expression, the value is never actually read from 'key'
# 40|
# 41| if (json_is_string(jwk)) {
# 42|-> jwk = key = json_pack("{s:s,s:o}", "kty", "oct", "k",
# 43| jose_b64_enc(json_string_value(jwk),
# 44| json_string_length(jwk)));
Error: CPPCHECK_WARNING:
jose-13/lib/openssl/rsaes.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING:
jose-13/lib/openssl/rsassa.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/openssl/rsassa.c:244: error[memleak]: Memory leak: i
# 242| i->emc = setup(cfg, jwk, sig, alg->name, EVP_DigestSignInit);
# 243| if (!i->obj || !i->sig || !i->emc)
# 244|-> return NULL;
# 245|
# 246| return jose_io_incref(io);
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/openssl/rsassa.c:246: error[memleak]: Memory leak: i
# 244| return NULL;
# 245|
# 246|-> return jose_io_incref(io);
# 247| }
# 248|
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/openssl/rsassa.c:268: error[memleak]: Memory leak: i
# 266| i->emc = setup(cfg, jwk, sig, alg->name, EVP_DigestVerifyInit);
# 267| if (!i->sig || !i->emc)
# 268|-> return NULL;
# 269|
# 270| return jose_io_incref(io);
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/openssl/rsassa.c:270: error[memleak]: Memory leak: i
# 268| return NULL;
# 269|
# 270|-> return jose_io_incref(io);
# 271| }
# 272|
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/zlib/deflate.c:150: error[memleak]: Memory leak: i
# 148| i->next = jose_io_incref(next);
# 149| if (!i->next)
# 150|-> return NULL;
# 151|
# 152| if (deflateInit2(&i->strm, Z_DEFAULT_COMPRESSION, Z_DEFLATED,
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/zlib/deflate.c:154: error[memleak]: Memory leak: i
# 152| if (deflateInit2(&i->strm, Z_DEFAULT_COMPRESSION, Z_DEFLATED,
# 153| -MAX_WBITS, MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY) != Z_OK)
# 154|-> return NULL;
# 155|
# 156| return jose_io_incref(io);
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/zlib/deflate.c:156: error[memleak]: Memory leak: i
# 154| return NULL;
# 155|
# 156|-> return jose_io_incref(io);
# 157| }
# 158|
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/zlib/deflate.c:176: error[memleak]: Memory leak: i
# 174| i->next = jose_io_incref(next);
# 175| if (!i->next)
# 176|-> return NULL;
# 177|
# 178| if (inflateInit2(&i->strm, -MAX_WBITS) != Z_OK)
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/zlib/deflate.c:179: error[memleak]: Memory leak: i
# 177|
# 178| if (inflateInit2(&i->strm, -MAX_WBITS) != Z_OK)
# 179|-> return NULL;
# 180|
# 181| return jose_io_incref(io);
Error: CPPCHECK_WARNING (CWE-401):
jose-13/lib/zlib/deflate.c:181: error[memleak]: Memory leak: i
# 179| return NULL;
# 180|
# 181|-> return jose_io_incref(io);
# 182| }
# 183|
Error: CPPCHECK_WARNING (CWE-457):
jose-13/tests/alg_hash.c:102: warning[uninitvar]: Uninitialized variable: a
# 100| sscanf(&v[i].hsh[j * 2], "%02hhx", &a[j]);
# 101|
# 102|-> test(alg, v[i].msg, a, sizeof(a), false);
# 103| test(alg, v[i].msg, a, sizeof(a), true);
# 104| }
Error: CPPCHECK_WARNING:
jose-13/tests/api_b64.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.