Fixed findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1]
crun-1.19.1-build/crun-HEAD/src/libcrun/seccomp.c: scope_hint: In function 'store_seccomp_cache'
crun-1.19.1-build/crun-HEAD/src/libcrun/seccomp.c:461:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open_rundir_dirfd(*container_44->context.state_root,  err)'
crun-1.19.1-build/crun-HEAD/src/libcrun/utils.h:56:40: note: in definition of macro 'UNLIKELY'
crun-1.19.1-build/crun-HEAD/src/libcrun/seccomp.c: scope_hint: In function 'store_seccomp_cache'
crun-1.19.1-build/crun-HEAD/src/libcrun/seccomp.c: scope_hint: In function 'store_seccomp_cache'
crun-1.19.1-build/crun-HEAD/src/libcrun/utils.h:56:40: note: in definition of macro 'UNLIKELY'
#  459|   
#  460|     dir = libcrun_get_state_directory (state_root, NULL);
#  461|->   if (UNLIKELY (dir == NULL))
#  462|       return crun_make_error (err, 0, "cannot get state directory");
#  463|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def2]
crun-1.19.1-build/crun-HEAD/src/libcrun/seccomp.c: scope_hint: In function 'libcrun_open_seccomp_bpf'
crun-1.19.1-build/crun-HEAD/src/libcrun/seccomp.c:461:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open_rundir_dirfd(*container_50->context.state_root,  err)'
crun-1.19.1-build/crun-HEAD/src/libcrun/utils.h:56:40: note: in definition of macro 'UNLIKELY'
crun-1.19.1-build/crun-HEAD/src/libcrun/seccomp.c: scope_hint: In function 'libcrun_open_seccomp_bpf'
crun-1.19.1-build/crun-HEAD/src/libcrun/utils.h:56:40: note: in definition of macro 'UNLIKELY'
#  459|   
#  460|     dir = libcrun_get_state_directory (state_root, NULL);
#  461|->   if (UNLIKELY (dir == NULL))
#  462|       return crun_make_error (err, 0, "cannot get state directory");
#  463|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def3]
crun-1.19.1-build/crun-HEAD/src/libcrun/seccomp.c: scope_hint: In function 'open_rundir_dirfd'
crun-1.19.1-build/crun-HEAD/src/libcrun/seccomp.c:464:31: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(libcrun_get_state_directory(state_root, 0), 2686976)'
#  462|       return crun_make_error (err, 0, "cannot get state directory");
#  463|   
#  464|->   dirfd = TEMP_FAILURE_RETRY (open (dir, O_PATH | O_DIRECTORY | O_CLOEXEC));
#  465|     if (UNLIKELY (dirfd < 0))
#  466|       return crun_make_error (err, errno, "open `%s`", dir);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c: scope_hint: In function 'libcrun_container_delete_status'
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c:50:12: warning[-Wanalyzer-malloc-leak]: leak of 'get_run_directory(state_root)'
#   48|     if (state_root)
#   49|       root = xstrdup (state_root);
#   50|->   if (root == NULL)
#   51|       {
#   52|         const char *runtime_dir = getenv ("XDG_RUNTIME_DIR");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def5]
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c: scope_hint: In function 'libcrun_container_delete_status'
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c:536:36: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(get_run_directory(state_root), 2686976)'
#  534|       return crun_make_error (err, 0, "cannot get state directory");
#  535|   
#  536|->   rundir_dfd = TEMP_FAILURE_RETRY (open (dir, O_DIRECTORY | O_PATH | O_CLOEXEC));
#  537|     if (UNLIKELY (rundir_dfd < 0))
#  538|       return crun_make_error (err, errno, "cannot open run directory `%s`", dir);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c:583:9: warning[-Wanalyzer-malloc-leak]: leak of 'opendir(get_run_directory(state_root))'
#  581|   
#  582|     *ret = NULL;
#  583|->   dir = opendir (path);
#  584|     if (UNLIKELY (dir == NULL))
#  585|       return crun_make_error (err, errno, "cannot opendir `%s`", path);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def7]
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c: scope_hint: In function 'libcrun_get_containers_list'
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c:583:9: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
crun-1.19.1-build/crun-HEAD/src/libcrun/utils.h:27: included_from: Included from here.
/usr/include/dirent.h:141:13: note: argument 1 of 'opendir' must be non-null
#  581|   
#  582|     *ret = NULL;
#  583|->   dir = opendir (path);
#  584|     if (UNLIKELY (dir == NULL))
#  585|       return crun_make_error (err, errno, "cannot opendir `%s`", path);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
crun-1.19.1-build/crun-HEAD/src/libcrun/utils.h:222:6: warning[-Wanalyzer-malloc-leak]: leak of 'xstrdup(*_75->process.apparmor_profile)'
crun-1.19.1-build/crun-HEAD/src/libcrun/container.c: scope_hint: In function 'libcrun_container_exec_with_options'
crun-1.19.1-build/crun-HEAD/src/libcrun/container.c: scope_hint: In function 'libcrun_container_exec_with_options'
#  220|   
#  221|     ret = strdup (str);
#  222|->   if (ret == NULL)
#  223|       OOM ();
#  224|

Scan Properties

analyzer-version-clippy	1.84.0
analyzer-version-cppcheck	2.16.2
analyzer-version-gcc	15.0.1
analyzer-version-gcc-analyzer	15.0.1
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.84.0
diffbase-analyzer-version-cppcheck	2.16.2
diffbase-analyzer-version-gcc	15.0.1
diffbase-analyzer-version-gcc-analyzer	15.0.1
diffbase-analyzer-version-shellcheck	0.10.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-146.us-west-2.compute.internal
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	crun-1.19.1-1.20250128110000531170.pr1647.31.g3516089
diffbase-store-results-to	/tmp/tmpzjoiuvtw/crun-1.19.1-1.20250128110000531170.pr1647.31.g3516089.tar.xz
diffbase-time-created	2025-01-28 13:54:36
diffbase-time-finished	2025-01-28 13:59:07
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,shellcheck,clippy,unicontrol,cppcheck' '-o' '/tmp/tmpzjoiuvtw/crun-1.19.1-1.20250128110000531170.pr1647.31.g3516089.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '/tmp/tmpzjoiuvtw/crun-1.19.1-1.20250128110000531170.pr1647.31.g3516089.src.rpm'
diffbase-tool-version	csmock-3.8.0-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-146.us-west-2.compute.internal
mock-config	fedora-rawhide-x86_64
project-name	crun-1.19.1-1.20250128080600748977.main.27.g71c93c6
store-results-to	/tmp/tmpdh5_gw_l/crun-1.19.1-1.20250128080600748977.main.27.g71c93c6.tar.xz
time-created	2025-01-28 13:49:28
time-finished	2025-01-28 13:54:24
title	Fixed findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,shellcheck,clippy,unicontrol,cppcheck' '-o' '/tmp/tmpdh5_gw_l/crun-1.19.1-1.20250128080600748977.main.27.g71c93c6.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '/tmp/tmpdh5_gw_l/crun-1.19.1-1.20250128080600748977.main.27.g71c93c6.src.rpm'
tool-version	csmock-3.8.0-1.el9