Newly introduced findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1]
crun-1.19.1-build/crun-HEAD/src/libcrun/seccomp.c: scope_hint: In function 'store_seccomp_cache'
crun-1.19.1-build/crun-HEAD/src/libcrun/seccomp.c:462:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open_rundir_dirfd(*container_44->context.state_root,  err)'
crun-1.19.1-build/crun-HEAD/src/libcrun/utils.h:56:40: note: in definition of macro 'UNLIKELY'
crun-1.19.1-build/crun-HEAD/src/libcrun/seccomp.c: scope_hint: In function 'store_seccomp_cache'
crun-1.19.1-build/crun-HEAD/src/libcrun/seccomp.c: scope_hint: In function 'store_seccomp_cache'
crun-1.19.1-build/crun-HEAD/src/libcrun/utils.h:56:40: note: in definition of macro 'UNLIKELY'
#  460|   
#  461|     ret = libcrun_get_state_directory (&dir, state_root, NULL, err);
#  462|->   if (UNLIKELY (ret < 0))
#  463|       return ret;
#  464|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def2]
crun-1.19.1-build/crun-HEAD/src/libcrun/seccomp.c: scope_hint: In function 'libcrun_open_seccomp_bpf'
crun-1.19.1-build/crun-HEAD/src/libcrun/seccomp.c:462:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open_rundir_dirfd(*container_50->context.state_root,  err)'
crun-1.19.1-build/crun-HEAD/src/libcrun/utils.h:56:40: note: in definition of macro 'UNLIKELY'
crun-1.19.1-build/crun-HEAD/src/libcrun/seccomp.c: scope_hint: In function 'libcrun_open_seccomp_bpf'
crun-1.19.1-build/crun-HEAD/src/libcrun/utils.h:56:40: note: in definition of macro 'UNLIKELY'
#  460|   
#  461|     ret = libcrun_get_state_directory (&dir, state_root, NULL, err);
#  462|->   if (UNLIKELY (ret < 0))
#  463|       return ret;
#  464|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def3]
crun-1.19.1-build/crun-HEAD/src/libcrun/seccomp.c: scope_hint: In function 'open_rundir_dirfd'
crun-1.19.1-build/crun-HEAD/src/libcrun/seccomp.c:465:31: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(dir, 2686976)'
#  463|       return ret;
#  464|   
#  465|->   dirfd = TEMP_FAILURE_RETRY (open (dir, O_PATH | O_DIRECTORY | O_CLOEXEC));
#  466|     if (UNLIKELY (dirfd < 0))
#  467|       return crun_make_error (err, errno, "open `%s`", dir);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c: scope_hint: In function 'get_run_directory'
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c:86:1: warning[-Wanalyzer-malloc-leak]: leak of 'root'
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c:22: included_from: Included from here.
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c: scope_hint: In function 'get_run_directory'
#   84|   
#   85|     return 0;
#   86|-> }
#   87|   
#   88|   int

Error: GCC_ANALYZER_WARNING (CWE-775): [#def5]
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c: scope_hint: In function 'libcrun_container_delete_status'
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c:580:36: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(dir, 2686976)'
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c:83:3: note: in expansion of macro 'STEAL_POINTER'
#  578|       return ret;
#  579|   
#  580|->   rundir_dfd = TEMP_FAILURE_RETRY (open (dir, O_DIRECTORY | O_PATH | O_CLOEXEC));
#  581|     if (UNLIKELY (rundir_dfd < 0))
#  582|       return crun_make_error (err, errno, "cannot open run directory `%s`", dir);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c: scope_hint: In function 'libcrun_get_containers_list'
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c:633:9: warning[-Wanalyzer-malloc-leak]: leak of 'opendir(root)'
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c:83:3: note: in expansion of macro 'STEAL_POINTER'
#  631|       return ret;
#  632|   
#  633|->   dir = opendir (root);
#  634|     if (UNLIKELY (dir == NULL))
#  635|       return crun_make_error (err, errno, "cannot opendir `%s`", root);

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def7]
crun-1.19.1-build/crun-HEAD/src/libcrun/utils.h:105:25: warning[-Wanalyzer-fd-double-close]: double 'close' of file descriptor 'rundir_dfd'
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c:83:3: note: in expansion of macro 'STEAL_POINTER'
crun-1.19.1-build/crun-HEAD/src/libcrun/status.c: scope_hint: In function 'cleanup_closep.part.0'
crun-1.19.1-build/crun-HEAD/src/libcrun/utils.h: scope_hint: In function 'cleanup_closep.part.0'
#  103|     int *pp = (int *) p;
#  104|     if (*pp >= 0)
#  105|->     TEMP_FAILURE_RETRY (close (*pp));
#  106|   }
#  107|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
crun-1.19.1-build/crun-HEAD/src/libcrun/utils.h:222:6: warning[-Wanalyzer-malloc-leak]: leak of 'xstrdup("/run/crun")'
#  220|   
#  221|     ret = strdup (str);
#  222|->   if (ret == NULL)
#  223|       OOM ();
#  224|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
crun-1.19.1-build/crun-HEAD/src/libcrun/utils.h:222:6: warning[-Wanalyzer-malloc-leak]: leak of 'xstrdup(*_76->process.apparmor_profile)'
crun-1.19.1-build/crun-HEAD/src/libcrun/container.c: scope_hint: In function 'libcrun_container_exec_with_options'
crun-1.19.1-build/crun-HEAD/src/libcrun/container.c: scope_hint: In function 'libcrun_container_exec_with_options'
#  220|   
#  221|     ret = strdup (str);
#  222|->   if (ret == NULL)
#  223|       OOM ();
#  224|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
crun-1.19.1-build/crun-HEAD/src/libcrun/utils.h: scope_hint: In function 'get_run_directory'
crun-1.19.1-build/crun-HEAD/src/libcrun/utils.h:222:6: warning[-Wanalyzer-malloc-leak]: leak of 'xstrdup(state_root)'
#  220|   
#  221|     ret = strdup (str);
#  222|->   if (ret == NULL)
#  223|       OOM ();
#  224|

Scan Properties

analyzer-version-clippy	1.84.0
analyzer-version-cppcheck	2.16.2
analyzer-version-gcc	15.0.1
analyzer-version-gcc-analyzer	15.0.1
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.84.0
diffbase-analyzer-version-cppcheck	2.16.2
diffbase-analyzer-version-gcc	15.0.1
diffbase-analyzer-version-gcc-analyzer	15.0.1
diffbase-analyzer-version-shellcheck	0.10.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-206.us-west-2.compute.internal
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	crun-1.19.1-1.20250128080600748977.main.27.g71c93c6
diffbase-store-results-to	/tmp/tmpmrrmp3ok/crun-1.19.1-1.20250128080600748977.main.27.g71c93c6.tar.xz
diffbase-time-created	2025-01-28 12:49:00
diffbase-time-finished	2025-01-28 12:54:03
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,shellcheck,clippy,unicontrol,cppcheck' '-o' '/tmp/tmpmrrmp3ok/crun-1.19.1-1.20250128080600748977.main.27.g71c93c6.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '/tmp/tmpmrrmp3ok/crun-1.19.1-1.20250128080600748977.main.27.g71c93c6.src.rpm'
diffbase-tool-version	csmock-3.8.0-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-206.us-west-2.compute.internal
mock-config	fedora-rawhide-x86_64
project-name	crun-1.19.1-1.20250128122318402926.pr1647.31.g564dd37
store-results-to	/tmp/tmpuk5472bl/crun-1.19.1-1.20250128122318402926.pr1647.31.g564dd37.tar.xz
time-created	2025-01-28 12:54:28
time-finished	2025-01-28 12:59:09
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,shellcheck,clippy,unicontrol,cppcheck' '-o' '/tmp/tmpuk5472bl/crun-1.19.1-1.20250128122318402926.pr1647.31.g564dd37.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '/tmp/tmpuk5472bl/crun-1.19.1-1.20250128122318402926.pr1647.31.g564dd37.src.rpm'
tool-version	csmock-3.8.0-1.el9