subscription-manager-1.30.2-1.20241204124619878914.pr3476.25.g1d334ccc2

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-688): [#def1]
subscription-manager-1.30.2-build/subscription-manager-1.30.2/src/certificate.c: scope_hint: In function ‘get_extension_by_object’
subscription-manager-1.30.2-build/subscription-manager-1.30.2/src/certificate.c:273:33: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*output’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
#  271|   							  (ASN1_OCTET_STRING));
#  272|   				*output = malloc (octstr->length);
#  273|-> 				memcpy (*output, octstr->data, octstr->length);
#  274|   				size = octstr->length;
#  275|   				ASN1_OCTET_STRING_free (octstr);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def2]
subscription-manager-1.30.2-build/subscription-manager-1.30.2/src/certificate.c:273:33: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘value’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
#  271|   							  (ASN1_OCTET_STRING));
#  272|   				*output = malloc (octstr->length);
#  273|-> 				memcpy (*output, octstr->data, octstr->length);
#  274|   				size = octstr->length;
#  275|   				ASN1_OCTET_STRING_free (octstr);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def3]
subscription-manager-1.30.2-build/subscription-manager-1.30.2/src/daemons/rhsmcertd.c: scope_hint: In function ‘get_config’
subscription-manager-1.30.2-build/subscription-manager-1.30.2/src/daemons/rhsmcertd.c:693:39: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘config’
#  691|   
#  692|       // Set the default values
#  693|->     config->auto_reg_interval_seconds = DEFAULT_AUTO_REG_INTERVAL_SECONDS;
#  694|       config->cert_interval_seconds = DEFAULT_CERT_INTERVAL_SECONDS;
#  695|       config->splay = DEFAULT_SPLAY_ENABLED;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def4]
subscription-manager-1.30.2-build/subscription-manager-1.30.2/src/plugins/libdnf/product-id.c: scope_hint: In function ‘initRepoProductId’
subscription-manager-1.30.2-build/subscription-manager-1.30.2/src/plugins/libdnf/product-id.c:165:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘repoProductId’
subscription-manager-1.30.2-build/subscription-manager-1.30.2/src/plugins/libdnf/product-id.c:15: included_from: Included from here.
/usr/include/glib-2.0/glib.h:33: included_from: Included from here.
/usr/include/glib-2.0/gobject/gbinding.h:30: included_from: Included from here.
/usr/include/glib-2.0/glib-object.h:24: included_from: Included from here.
/usr/include/glib-2.0/gio/gioenums.h:30: included_from: Included from here.
/usr/include/glib-2.0/gio/giotypes.h:30: included_from: Included from here.
/usr/include/glib-2.0/gio/gio.h:28: included_from: Included from here.
/usr/include/libdnf/dnf-types.h:27: included_from: Included from here.
/usr/include/libdnf/plugin/plugin.h:24: included_from: Included from here.
#  163|   RepoProductId *initRepoProductId(void) {
#  164|       RepoProductId *repoProductId = (RepoProductId*) malloc(sizeof(RepoProductId));
#  165|->     repoProductId->repo = NULL;
#  166|       repoProductId->productIdPath = NULL;
#  167|       repoProductId->isInstalled = FALSE;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def5]
subscription-manager-1.30.2-build/subscription-manager-1.30.2/src/plugins/libdnf/productdb.c: scope_hint: In function ‘initProductDb’
subscription-manager-1.30.2-build/subscription-manager-1.30.2/src/plugins/libdnf/productdb.c:34:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘productDb’
#   32|   ProductDb *initProductDb() {
#   33|       ProductDb *productDb = malloc(sizeof(ProductDb));
#   34|->     productDb->path = NULL;
#   35|       // We do not provide method for freeing value, because it would be ineficient to
#   36|       // free and recreate GSList everytime we add/remove item in the list

Scan Properties