Task #3952 - openscap-1.4.0-0.20240801074328123134.main.147.g66b58f11d/scan-results.err
back to task #3952download
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/compat/dev_to_tty.c: scope_hint: In function ‘load_drivers’
openscap-1.4.0-build/openscap-1.4.0/compat/dev_to_tty.c:87:15: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘tmn’
# 85| len = end - p;
# 86| tmn = malloc(sizeof(tty_map_node));
# 87|-> tmn->next = tty_map;
# 88| tty_map = tmn;
# 89| /* if we have a devfs type name such as /dev/tts/%d then strip the %d but
Error: COMPILER_WARNING:
openscap-1.4.0-build/openscap-1.4.0/src/source/public/oscap_source.h:26: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/CPE/public/cpe_dict.h:43: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:3786: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/redhat-linux-build/config.h:55:9: warning: "HAVE_CLOCK_GETTIME" redefined
/usr/include/python3.13/pyconfig-64.h:153:9: note: this is the location of the previous definition
# 53| #define HAVE_PTHREAD_SETNAME_NP
# 54| #define HAVE_PTHREAD_GETNAME_NP
# 55|-> #define HAVE_CLOCK_GETTIME
# 56|
# 57| #define HAVE_POSIX_MEMALIGN
Error: COMPILER_WARNING:
openscap-1.4.0-build/openscap-1.4.0/redhat-linux-build/config.h:70:9: warning: "HAVE_SYSLOG_H" redefined
/usr/include/python3.13/pyconfig-64.h:1326:9: note: this is the location of the previous definition
# 68| #endif
# 69|
# 70|-> #define HAVE_SYSLOG_H
# 71| #define HAVE_STDIO_EXT_H
# 72| #define CAP_FOUND
Error: COMPILER_WARNING:
openscap-1.4.0-build/openscap-1.4.0/redhat-linux-build/config.h:75:9: warning: "HAVE_SHADOW_H" redefined
/usr/include/python3.13/pyconfig-64.h:1170:9: note: this is the location of the previous definition
# 73| #define SELINUX_FOUND
# 74| /* #undef HAVE_PROC_DEVNAME_H */
# 75|-> #define HAVE_SHADOW_H
# 76| /* #undef HAVE_SYS_SYSTEMINFO_H */
# 77| #define HAVE_ACL_LIBACL_H
Error: COMPILER_WARNING:
openscap-1.4.0-build/openscap-1.4.0/redhat-linux-build/config.h:82:9: warning: "HAVE_SYS_XATTR_H" redefined
/usr/include/python3.13/pyconfig-64.h:1457:9: note: this is the location of the previous definition
# 80| #define HAVE_UIO_H
# 81| #define HAVE_ATTR_XATTR_H
# 82|-> #define HAVE_SYS_XATTR_H
# 83| /* #undef HAVE_SYS_EXTATTR_H */
# 84|
Error: COMPILER_WARNING (CWE-704):
openscap-1.4.0-build/openscap-1.4.0/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c: scope_hint: In function ‘agent_reporter_callback_wrapper’
openscap-1.4.0-build/openscap-1.4.0/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:4112:37: warning[-Wdiscarded-qualifiers]: passing argument 2 of ‘SWIG_Python_NewPointerObj’ discards ‘const’ qualifier from pointer target type
openscap-1.4.0-build/openscap-1.4.0/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:1140:89: note: in definition of macro ‘SWIG_NewPointerObj’
openscap-1.4.0-build/openscap-1.4.0/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:2808:49: note: expected ‘void *’ but argument is of type ‘const struct oval_result_definition *’
# 4110|
# 4111| state = PyGILState_Ensure();
# 4112|-> py_res_def = SWIG_NewPointerObj(res_def, SWIGTYPE_p_oval_result_definition, 1);
# 4113| data = (struct internal_usr *) arg;
# 4114| func = data->func;
Error: COMPILER_WARNING (CWE-477):
openscap-1.4.0-build/openscap-1.4.0/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c: scope_hint: In function ‘xccdf_session_set_rule_py’
openscap-1.4.0-build/openscap-1.4.0/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:4270:5: warning[-Wdeprecated-declarations]: ‘xccdf_session_set_rule’ is deprecated
openscap-1.4.0-build/openscap-1.4.0/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:3457: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/public/xccdf_session.h:113:33: note: declared here
openscap-1.4.0-build/openscap-1.4.0/src/common/public/oscap.h:45:33: note: in definition of macro ‘OSCAP_DEPRECATED’
# 4268|
# 4269| void xccdf_session_set_rule_py(struct xccdf_session *sess, char *rule) {
# 4270|-> xccdf_session_set_rule(sess, rule);
# 4271| }
# 4272|
Error: COMPILER_WARNING (CWE-477):
openscap-1.4.0-build/openscap-1.4.0/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c: scope_hint: In function ‘_wrap_xccdf_session_set_rule’
openscap-1.4.0-build/openscap-1.4.0/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:38442:3: warning[-Wdeprecated-declarations]: ‘xccdf_session_set_rule’ is deprecated
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/public/xccdf_session.h:113:33: note: declared here
openscap-1.4.0-build/openscap-1.4.0/src/common/public/oscap.h:45:33: note: in definition of macro ‘OSCAP_DEPRECATED’
#38440| }
#38441| arg2 = (char *)(buf2);
#38442|-> xccdf_session_set_rule(arg1,(char const *)arg2);
#38443| resultobj = SWIG_Py_Void();
#38444| if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
Error: COMPILER_WARNING (CWE-477):
openscap-1.4.0-build/openscap-1.4.0/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c: scope_hint: In function ‘_wrap_xccdf_session_set_remote_resources’
openscap-1.4.0-build/openscap-1.4.0/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:39000:3: warning[-Wdeprecated-declarations]: ‘xccdf_session_set_remote_resources’ is deprecated
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/public/xccdf_session.h:262:33: note: declared here
openscap-1.4.0-build/openscap-1.4.0/src/common/public/oscap.h:45:33: note: in definition of macro ‘OSCAP_DEPRECATED’
#38998| }
#38999| }
#39000|-> xccdf_session_set_remote_resources(arg1,arg2,arg3);
#39001| resultobj = SWIG_Py_Void();
#39002| return resultobj;
Error: COMPILER_WARNING (CWE-477):
openscap-1.4.0-build/openscap-1.4.0/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c: scope_hint: In function ‘_wrap_oval_session_set_remote_resources’
openscap-1.4.0-build/openscap-1.4.0/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:61080:3: warning[-Wdeprecated-declarations]: ‘oval_session_set_remote_resources’ is deprecated
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/public/oval_session.h:242:33: note: declared here
openscap-1.4.0-build/openscap-1.4.0/src/common/public/oscap.h:45:33: note: in definition of macro ‘OSCAP_DEPRECATED’
#61078| }
#61079| }
#61080|-> oval_session_set_remote_resources(arg1,arg2,arg3);
#61081| resultobj = SWIG_Py_Void();
#61082| return resultobj;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpe_ctx_priv.c: scope_hint: In function ‘cpe_parser_ctx_from_reader’
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpe_ctx_priv.c:48:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘calloc(1, 24)’
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpe_ctx_priv.c: scope_hint: In function ‘cpe_parser_ctx_from_reader’
# 46| {
# 47| struct cpe_parser_ctx *ctx = _cpe_parser_ctx_new();
# 48|-> ctx->reader = reader;
# 49| ctx->owns_reader = false;
# 50| return ctx;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpe_session.c: scope_hint: In function ‘cpe_session_new’
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpe_session.c:52:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘cpe’
# 50| {
# 51| struct cpe_session *cpe = calloc(1, sizeof(struct cpe_session));
# 52|-> cpe->dicts = oscap_list_new();
# 53| cpe->lang_models = oscap_list_new();
# 54| cpe->oval_sessions = oscap_htable_new();
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_ext_priv.c: scope_hint: In function ‘cpe_ext_deprecation_new’
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_ext_priv.c:100:36: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘deprecation’
# 98| {
# 99| struct cpe_ext_deprecation *deprecation = calloc(1, sizeof(struct cpe_ext_deprecation));
# 100|-> deprecation->deprecatedbys = oscap_list_new();
# 101| return deprecation;
# 102| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_ext_priv.c: scope_hint: In function ‘cpe23_item_new’
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_ext_priv.c:107:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘item’
# 105| {
# 106| struct cpe23_item *item = calloc(1, sizeof(struct cpe23_item));
# 107|-> item->deprecations = oscap_list_new();
# 108| return item;
# 109| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_ext_priv.c: scope_hint: In function ‘cpe_ext_deprecatedby_parse’
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_ext_priv.c:128:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘calloc(1, 16)’
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_ext_priv.c: scope_hint: In function ‘cpe_ext_deprecatedby_parse’
# 126|
# 127| struct cpe_ext_deprecatedby *deprecatedby = cpe_ext_deprecatedby_new();
# 128|-> deprecatedby->name = (char *) xmlTextReaderGetAttribute(reader, BAD_CAST ATTR_NAME_STR);
# 129| char *type = (char *) xmlTextReaderGetAttribute(reader, BAD_CAST ATTR_TYPE_STR);
# 130| if (type == NULL) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_notes_new’
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_priv.c:385:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘notes’
# 383| {
# 384| struct cpe_notes *notes = calloc(1, sizeof(struct cpe_notes));
# 385|-> notes->notes = oscap_list_new();
# 386| return notes;
# 387| }
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_vendor_parse’
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_priv.c:902:41: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_product_new()’
# 900| else if (oscap_strcasecmp((const char *)data, "o") == 0)
# 901| product->part = CPE_PART_OS;
# 902|-> else if (oscap_strcasecmp((const char *)data, "a") == 0)
# 903| product->part = CPE_PART_APP;
# 904| else {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_priv.c:919:40: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cpe_version_new()’
# 917| // initialization
# 918| version = cpe_version_new();
# 919|-> version->value = (char *)xmlTextReaderGetAttribute(reader, ATTR_VALUE_STR);
# 920| oscap_list_add(product->versions, version);
# 921| } else if (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_UPDATE_STR) == 0) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_priv.c:920:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘product’
# 918| version = cpe_version_new();
# 919| version->value = (char *)xmlTextReaderGetAttribute(reader, ATTR_VALUE_STR);
# 920|-> oscap_list_add(product->versions, version);
# 921| } else if (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_UPDATE_STR) == 0) {
# 922| // initialization
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_priv.c:924:39: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cpe_update_new()’
# 922| // initialization
# 923| update = cpe_update_new();
# 924|-> update->value = (char *)xmlTextReaderGetAttribute(reader, ATTR_VALUE_STR);
# 925| oscap_list_add(version->updates, update);
# 926| } else if (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_EDITION_STR) == 0) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_priv.c:925:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘version’
# 923| update = cpe_update_new();
# 924| update->value = (char *)xmlTextReaderGetAttribute(reader, ATTR_VALUE_STR);
# 925|-> oscap_list_add(version->updates, update);
# 926| } else if (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_EDITION_STR) == 0) {
# 927| // initialization
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_priv.c:929:40: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cpe_edition_new()’
# 927| // initialization
# 928| edition = cpe_edition_new();
# 929|-> edition->value = (char *)xmlTextReaderGetAttribute(reader, ATTR_VALUE_STR);
# 930| oscap_list_add(update->editions, edition);
# 931| } else if (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_LANGUAGE_STR) == 0) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_priv.c:930:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘update’
# 928| edition = cpe_edition_new();
# 929| edition->value = (char *)xmlTextReaderGetAttribute(reader, ATTR_VALUE_STR);
# 930|-> oscap_list_add(update->editions, edition);
# 931| } else if (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_LANGUAGE_STR) == 0) {
# 932| // initialization
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_priv.c:934:41: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cpe_language_new()’
# 932| // initialization
# 933| language = cpe_language_new();
# 934|-> language->value = (char *)xmlTextReaderGetAttribute(reader, ATTR_VALUE_STR);
# 935| oscap_list_add(edition->languages, language);
# 936| } else {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpedict_priv.c:935:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘edition’
# 933| language = cpe_language_new();
# 934| language->value = (char *)xmlTextReaderGetAttribute(reader, ATTR_VALUE_STR);
# 935|-> oscap_list_add(edition->languages, language);
# 936| } else {
# 937| oscap_seterr(OSCAP_EFAMILY_OSCAP, "Unknown XML element withinin CPE vendor element, local name is '%s'.",
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpelang_priv.c: scope_hint: In function ‘cpe_testexpr_parse’
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpelang_priv.c:401:39: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cpe_testexpr_new()’
# 399| // fill the structure
# 400| struct cpe_testexpr *subexpr = cpe_testexpr_new();
# 401|-> subexpr->oper = CPE_LANG_OPER_MATCH;
# 402| temp = xmlTextReaderGetAttribute(reader, ATTR_NAME_STR);
# 403| subexpr->meta.cpe = cpe_name_new((char *)temp);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpelang_priv.c:410:39: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cpe_testexpr_new()’
# 408| xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) {
# 409| struct cpe_testexpr *subexpr = cpe_testexpr_new();
# 410|-> subexpr->oper = CPE_LANG_OPER_CHECK;
# 411| subexpr->meta.check.system = (char*)xmlTextReaderGetAttribute(reader, ATTR_SYSTEM_STR);
# 412| subexpr->meta.check.href = (char*)xmlTextReaderGetAttribute(reader, ATTR_HREF_STR);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpename.c: scope_hint: In function ‘cpe_urlencode’
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpename.c:396:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpename.c:40: included_from: Included from here.
# 394| for (const char *in = str; *in != '\0'; ++in, ++out) {
# 395| if (isalnum(*in) || strchr("-._~", *in))
# 396|-> *out = *in;
# 397| else {
# 398| // this char shall be %-encoded
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpename.c:407:14: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 405| // if the last character was non-alphanum we will have 2 consecutive
# 406| // \0s at the end of the string which doesn't hurt anything
# 407|-> *out = '\0';
# 408|
# 409| return result;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpename.c: scope_hint: In function ‘cpestring_comp_encode’
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpename.c:460:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 458| for (const char *in = str; *in != '\0'; ++in, ++out) {
# 459| if (isalnum(*in) || strchr("._~", *in)) {
# 460|-> *out = *in;
# 461| }
# 462| else if (*in == '\\') {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpename.c:464:34: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 462| else if (*in == '\\') {
# 463| // anything escaped stays escaped
# 464|-> *(out++) = *(in++);
# 465| *(out) = *(in);
# 466| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpename.c:468:34: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 466| }
# 467| else if (*in == ':') {
# 468|-> *(out++) = '\\';
# 469| *(out) = *in;
# 470| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpename.c:472:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 470| }
# 471| else if (*in == '*') {
# 472|-> *out = *in;
# 473| }
# 474| else if (*in == '-') {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpename.c:475:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 473| }
# 474| else if (*in == '-') {
# 475|-> *out = *in;
# 476| }
# 477| else {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpename.c:487:14: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 485| // if the last character was non-alphanum we will have 2 consecutive
# 486| // \0s at the end of the string which doesn't hurt anything
# 487|-> *out = '\0';
# 488|
# 489| return result;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpename.c: scope_hint: In function ‘cpe_name_get_as_format’
openscap-1.4.0-build/openscap-1.4.0/src/CPE/cpename.c:670:32: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 668| part[i] = cpestring_comp_encode(as_str(cpe_get_field(cpe, i)));
# 669|
# 670|-> len += strlen(part[i]);
# 671| }
# 672|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/DS/ds_rds_session.c: scope_hint: In function ‘ds_rds_session_new_from_source’
openscap-1.4.0-build/openscap-1.4.0/src/DS/ds_rds_session.c:57:29: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘rds_session’
# 55| }
# 56| struct ds_rds_session *rds_session = (struct ds_rds_session *) calloc(1, sizeof(struct ds_rds_session));
# 57|-> rds_session->source = source;
# 58| rds_session->component_sources = oscap_htable_new();
# 59| return rds_session;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/DS/ds_sds_session.c: scope_hint: In function ‘ds_sds_session_new_from_source’
openscap-1.4.0-build/openscap-1.4.0/src/DS/ds_sds_session.c:75:29: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘sds_session’
# 73| }
# 74| struct ds_sds_session *sds_session = (struct ds_sds_session *) calloc(1, sizeof(struct ds_sds_session));
# 75|-> sds_session->source = source;
# 76| sds_session->component_sources = oscap_htable_new();
# 77| sds_session->component_uris = oscap_htable_new();
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/DS/rds.c: scope_hint: In function ‘ds_rds_create_source’
openscap-1.4.0-build/openscap-1.4.0/src/DS/rds.c:850:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘tailoring_doc_timestamp’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/DS/rds.c:44: included_from: Included from here.
/usr/include/time.h:99:15: note: argument 1 of ‘strftime’ must be non-null
# 848| const size_t max_timestamp_len = 32;
# 849| tailoring_doc_timestamp = malloc(max_timestamp_len);
# 850|-> strftime(tailoring_doc_timestamp, max_timestamp_len, "%Y-%m-%dT%H:%M:%S", localtime(&file_stat.st_mtime));
# 851| }
# 852| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/DS/rds_asset_index.c: scope_hint: In function ‘rds_asset_index_new’
openscap-1.4.0-build/openscap-1.4.0/src/DS/rds_asset_index.c:48:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
# 46| struct rds_asset_index *ret = calloc(1, sizeof(struct rds_asset_index));
# 47| ret->id = NULL;
# 48|-> ret->reports = oscap_list_new();
# 49|
# 50| return ret;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/DS/rds_index.c: scope_hint: In function ‘rds_index_new’
openscap-1.4.0-build/openscap-1.4.0/src/DS/rds_index.c:49:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
# 47| {
# 48| struct rds_index *ret = calloc(1, sizeof(struct rds_index));
# 49|-> ret->report_requests = oscap_list_new();
# 50| ret->assets = oscap_list_new();
# 51| ret->reports = oscap_list_new();
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/DS/rds_index.c: scope_hint: In function ‘rds_index_get_report_request’
openscap-1.4.0-build/openscap-1.4.0/src/DS/rds_index.c:104:21: warning[-Wanalyzer-null-argument]: use of NULL ‘id’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h:34: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/common/list.h:34: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/DS/rds_index.c:28: included_from: Included from here.
/usr/include/string.h:156:12: note: argument 2 of ‘strcmp’ must be non-null
# 102| {
# 103| struct rds_report_request_index* rr_index = rds_report_request_index_iterator_next(it);
# 104|-> if (strcmp(rds_report_request_index_get_id(rr_index), id) == 0) {
# 105| ret = rr_index;
# 106| break;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/DS/rds_report_index.c: scope_hint: In function ‘rds_report_index_parse’
openscap-1.4.0-build/openscap-1.4.0/src/DS/rds_report_index.c:88:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘rds_report_index_new()’
# 86| struct rds_report_index *ret = rds_report_index_new();
# 87|
# 88|-> ret->id = (char*)xmlTextReaderGetAttribute(reader, BAD_CAST "id");
# 89| return ret;
# 90| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/DS/rds_report_request_index.c: scope_hint: In function ‘rds_report_request_index_parse’
openscap-1.4.0-build/openscap-1.4.0/src/DS/rds_report_request_index.c:77:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘rds_report_request_index_new()’
# 75| struct rds_report_request_index* ret = rds_report_request_index_new();
# 76|
# 77|-> ret->id = (char*)xmlTextReaderGetAttribute(reader, BAD_CAST "id");
# 78| return ret;
# 79| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/DS/sds.c: scope_hint: In function ‘ds_sds_mangle_filepath’
openscap-1.4.0-build/openscap-1.4.0/src/DS/sds.c:844:35: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘dst_it’
# 842| if (*src_it == '/')
# 843| {
# 844|-> *dst_it++ = '-';
# 845| *dst_it++ = '-';
# 846| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/DS/sds.c:848:35: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘dst_it’
# 846| }
# 847| else if (*src_it == '@') {
# 848|-> *dst_it++ = '-';
# 849| *dst_it++ = '-';
# 850| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/DS/sds.c:853:35: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘dst_it’
# 851| else
# 852| {
# 853|-> *dst_it++ = *src_it;
# 854| }
# 855|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/DS/sds.c:859:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘dst_it’
# 857| }
# 858|
# 859|-> *dst_it = '\0';
# 860|
# 861| return ret;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/DS/sds_index.c: scope_hint: In function ‘ds_stream_index_new’
openscap-1.4.0-build/openscap-1.4.0/src/DS/sds_index.c:55:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
# 53| struct ds_stream_index* ret = malloc(sizeof(struct ds_stream_index));
# 54|
# 55|-> ret->id = NULL;
# 56| ret->timestamp = NULL;
# 57| ret->version = NULL;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/DS/sds_index.c: scope_hint: In function ‘ds_sds_index_new’
openscap-1.4.0-build/openscap-1.4.0/src/DS/sds_index.c:218:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
# 216| {
# 217| struct ds_sds_index* ret = malloc(sizeof(struct ds_sds_index));
# 218|-> ret->streams = oscap_list_new();
# 219|
# 220| ret->benchmark_id_to_component_id = oscap_htable_new();
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/adt/oval_collection.c: scope_hint: In function ‘oval_collection_iterator’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/adt/oval_collection.c:131:38: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘iterator_frame’
# 129| (struct _oval_collection_item_frame *)malloc(sizeof(_oval_collection_item_frame_t));
# 130|
# 131|-> iterator_frame->next = iterator->item_iterator_frame;
# 132| iterator_frame->item = collection_frame->item;
# 133| iterator->item_iterator_frame = iterator_frame;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/adt/oval_smc_iterator.c: scope_hint: In function ‘oval_smc_iterator_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/adt/oval_smc_iterator.c:53:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘it’
# 51| struct oval_smc_iterator *it = calloc(1, sizeof(struct oval_smc_iterator));
# 52|
# 53|-> it->primary_col = oval_string_map_collect_values((struct oval_string_map *) mapping, NULL);
# 54| it->primary_it = oval_collection_iterator(it->primary_col);
# 55| it->secondary_it = NULL;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_affected.c: scope_hint: In function ‘oval_affected_set_family’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_affected.c:171:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘affected’
# 169| __attribute__nonnull__(affected);
# 170|
# 171|-> affected->family = family;
# 172| }
# 173|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_agent.c: scope_hint: In function ‘oval_agent_new_session’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_agent.c:103:27: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ag_sess’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_agent.c: scope_hint: In function ‘oval_agent_new_session’
# 101|
# 102| oval_agent_session_t *ag_sess = malloc(sizeof(oval_agent_session_t));
# 103|-> ag_sess->filename = oscap_strdup(name);
# 104| ag_sess->def_model = model;
# 105| ag_sess->cur_var_model = NULL;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_behavior.c: scope_hint: In function ‘oval_behavior_set_keyval’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_behavior.c:130:23: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘behavior’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_behavior.c: scope_hint: In function ‘oval_behavior_set_keyval’
# 128| __attribute__nonnull__(behavior);
# 129|
# 130|-> behavior->key = oscap_strdup(key);
# 131| behavior->value = oscap_strdup(value);
# 132| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘oval_component_get_type’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:275:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’
# 273| __attribute__nonnull__(component);
# 274|
# 275|-> return component->type;
# 276| }
# 277|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘oval_component_set_variable’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:939:22: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’
# 937|
# 938| /* type == OVAL_COMPONENT_VARREF */
# 939|-> if (component->type == OVAL_COMPONENT_VARREF) {
# 940| oval_component_VARREF_t *varref = (oval_component_VARREF_t *) component;
# 941| varref->variable = variable;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_ARITHMETIC_tag’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1028:31: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’
# 1026| oval_arithmetic_operation_t operation = oval_arithmetic_operation_parse(reader, "arithmetic_operation",
# 1027| OVAL_ARITHMETIC_UNKNOWN);
# 1028|-> arithmetic->operation = operation;
# 1029| return _oval_component_parse_FUNCTION_tag(reader, context, component);
# 1030| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_BEGEND_tag’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1039:27: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’
# 1037|
# 1038| oval_component_BEGEND_t *begend = (oval_component_BEGEND_t *) component;
# 1039|-> begend->character = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "character");
# 1040|
# 1041| return _oval_component_parse_FUNCTION_tag(reader, context, component);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_SPLIT_tag’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1051:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’
# 1049|
# 1050| oval_component_SPLIT_t *split = (oval_component_SPLIT_t *) component;
# 1051|-> split->delimiter = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "delimiter");
# 1052|
# 1053| return _oval_component_parse_FUNCTION_tag(reader, context, component);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_GLOB_TO_REGEX_tag’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1063:38: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’
# 1061|
# 1062| oval_component_GLOB_t *glob_to_regex = (oval_component_GLOB_t *) component;
# 1063|-> glob_to_regex->glob_noescape = oval_parser_boolean_attribute(reader, "glob_noescape", 0);
# 1064|
# 1065| return _oval_component_parse_FUNCTION_tag(reader, context, component);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_SUBSTRING_tag’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1084:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’
# 1082| if (length_text != NULL)
# 1083| free(length_text);
# 1084|-> substring->start = start;
# 1085| substring->length = length;
# 1086|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_TIMEDIF_tag’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1101:27: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’
# 1099| oval_datetime_format_t format_2 = oval_datetime_format_parse(reader, "format_2",
# 1100| OVAL_DATETIME_YEAR_MONTH_DAY);
# 1101|-> timedif->format_1 = format_1;
# 1102| timedif->format_2 = format_2;
# 1103|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_REGEX_CAPTURE_tag’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1115:24: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’
# 1113| oval_component_REGEX_CAPTURE_t *regex = (oval_component_REGEX_CAPTURE_t *) component;
# 1114|
# 1115|-> regex->pattern = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "pattern");
# 1116|
# 1117| return _oval_component_parse_FUNCTION_tag(reader, context, component);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_evaluate_CONCAT’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1599:39: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘component_colls’
# 1597| oval_syschar_collection_flag_t subflag = oval_component_eval_common(argu, subcomp, subcoll);
# 1598| flag = _AGG_FLAG(flag, subflag);
# 1599|-> component_colls[idx0] = subcoll;
# 1600| }
# 1601| bool not_finished = (len_subcomps > 0) && _HAS_VALUES(flag);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1612:38: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘counts’
# 1610| struct oval_value_iterator *comp_values =
# 1611| (struct oval_value_iterator *)oval_collection_iterator(component_colls[idx0]);
# 1612|-> counts[idx0] = oval_value_iterator_remaining(comp_values);
# 1613| if (counts[idx0]) {
# 1614| /* int dbgnum = catnum; <-- unused variable */
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1616:46: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘values’
# 1614| /* int dbgnum = catnum; <-- unused variable */
# 1615| catnum = catnum * counts[idx0];
# 1616|-> values[idx0] = comp_values;
# 1617| texts[idx0] = oval_value_get_text(oval_value_iterator_next(comp_values));
# 1618| not_finished = true;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1617:45: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘texts’
# 1615| catnum = catnum * counts[idx0];
# 1616| values[idx0] = comp_values;
# 1617|-> texts[idx0] = oval_value_get_text(oval_value_iterator_next(comp_values));
# 1618| not_finished = true;
# 1619| } else {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1624:46: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘values’
# 1622| (oscap_destruct_func) oval_value_free);
# 1623| component_colls[idx0] = NULL;
# 1624|-> values[idx0] = NULL;
# 1625| texts[idx0] = NULL;
# 1626| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1625:45: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘texts’
# 1623| component_colls[idx0] = NULL;
# 1624| values[idx0] = NULL;
# 1625|-> texts[idx0] = NULL;
# 1626| }
# 1627| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1634:33: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘concat’
# 1632| len_cat += strlen(texts[idx0]);
# 1633| char *concat = malloc(len_cat);
# 1634|-> *concat = '\0';
# 1635| for (idx0 = 0; idx0 < len_subcomps; idx0++)
# 1636| if (texts[idx0])
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1671:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘component_colls’
# 1669| } else {
# 1670| for (idx0 = 0; idx0 < len_subcomps; ++idx0)
# 1671|-> oval_collection_free_items(component_colls[idx0], (oscap_destruct_func) oval_value_free);
# 1672| }
# 1673| free(component_colls);
Error: GCC_ANALYZER_WARNING (CWE-457):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1671:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
# 1669| } else {
# 1670| for (idx0 = 0; idx0 < len_subcomps; ++idx0)
# 1671|-> oval_collection_free_items(component_colls[idx0], (oscap_destruct_func) oval_value_free);
# 1672| }
# 1673| free(component_colls);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_evaluate_COUNT’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1694:39: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘component_colls’
# 1692| oval_syschar_collection_flag_t subflag = oval_component_eval_common(argu, subcomp, subcoll);
# 1693| flag = _AGG_FLAG(flag, subflag);
# 1694|-> component_colls[idx0] = subcoll;
# 1695| }
# 1696| bool not_finished = (len_subcomps > 0) && _HAS_VALUES(flag);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1717:11: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘component_colls’
# 1715|
# 1716| for (idx0 = 0; idx0 < len_subcomps; ++idx0)
# 1717|-> oval_collection_free_items(component_colls[idx0], (oscap_destruct_func) oval_value_free);
# 1718|
# 1719| free(component_colls);
Error: GCC_ANALYZER_WARNING (CWE-457):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1717:11: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
# 1715|
# 1716| for (idx0 = 0; idx0 < len_subcomps; ++idx0)
# 1717|-> oval_collection_free_items(component_colls[idx0], (oscap_destruct_func) oval_value_free);
# 1718|
# 1719| free(component_colls);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_evaluate_UNIQUE’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1738:39: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘component_colls’
# 1736| oval_syschar_collection_flag_t subflag = oval_component_eval_common(argu, subcomp, subcoll);
# 1737| flag = _AGG_FLAG(flag, subflag);
# 1738|-> component_colls[idx0] = subcoll;
# 1739| }
# 1740|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1768:11: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘component_colls’
# 1766|
# 1767| for (idx0 = 0; idx0 < len_subcomps; ++idx0)
# 1768|-> oval_collection_free_items(component_colls[idx0], (oscap_destruct_func) oval_value_free);
# 1769|
# 1770| free(component_colls);
Error: GCC_ANALYZER_WARNING (CWE-457):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1768:11: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
# 1766|
# 1767| for (idx0 = 0; idx0 < len_subcomps; ++idx0)
# 1768|-> oval_collection_free_items(component_colls[idx0], (oscap_destruct_func) oval_value_free);
# 1769|
# 1770| free(component_colls);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_evaluate_SPLIT’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1782:25: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 1780| struct oval_component_iterator *subcomps = oval_component_get_function_components(component);
# 1781| char *delimiter = oval_component_get_split_delimiter(component);
# 1782|-> int len_delim = strlen(delimiter);
# 1783| if (oval_component_iterator_has_more(subcomps)) { /* Only first component is considered */
# 1784| struct oval_component *subcomp = oval_component_iterator_next(subcomps);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1794:41: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘split’
# 1792| char *split = malloc(strlen(text) + 2);
# 1793| char *split0 = split;
# 1794|-> *split0 = '\0';
# 1795| strcat(split0, text);
# 1796| split0[strlen(text) + 1] = '\0'; /*last two characters are EOS */
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_evaluate_SUBSTRING’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:1851:33: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘substr’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strncpy’ must be non-null
# 1849| char *substr = malloc(sublen + 1);
# 1850|
# 1851|-> strncpy(substr, text + beg, sublen);
# 1852| substr[sublen] = '\0';
# 1853|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_evaluate_ESCAPE_REGEX’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:2158:51: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘insert’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_evaluate_ESCAPE_REGEX’
# 2156| while (*text) {
# 2157| if (_isEscape(*text))
# 2158|-> *insert++ = '\\';
# 2159| *insert++ = *text++;
# 2160| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:2159:43: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘insert’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_evaluate_ESCAPE_REGEX’
# 2157| if (_isEscape(*text))
# 2158| *insert++ = '\\';
# 2159|-> *insert++ = *text++;
# 2160| }
# 2161| *insert = '\0';
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:2161:33: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘insert’
# 2159| *insert++ = *text++;
# 2160| }
# 2161|-> *insert = '\0';
# 2162| value = oval_value_new(OVAL_DATATYPE_STRING, string);
# 2163| free(string);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_evaluate_REGEX_CAPTURE’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:2253:33: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘nval’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 2251|
# 2252| nval = malloc(substr_len + 1);
# 2253|-> memcpy(nval, text + ovector[2], substr_len);
# 2254| nval[substr_len] = '\0';
# 2255| } else {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_evaluate_ARITHMETIC’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_component.c:2376:34: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘vcl_elm’
# 2374| flag = oval_component_eval_common(argu, subcomp, val_col);
# 2375| vcl_elm = malloc(sizeof (struct val_col_lst_s));
# 2376|-> vcl_elm->val_col = val_col;
# 2377| vcl_elm->next = vcl_root;
# 2378| vcl_root = vcl_elm;
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_defModel.c: scope_hint: In function ‘oval_definition_model_clone’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_defModel.c:121:26: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_defModel.c: scope_hint: In function ‘oval_definition_model_clone’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_defModel.c: scope_hint: In function ‘oval_definition_model_clone’
# 119| _oval_definition_model_clone
# 120| (oldmodel->variable_map, newmodel, (_oval_clone_func) oval_variable_clone);
# 121|-> newmodel->schema = oscap_strdup(oldmodel->schema);
# 122| newmodel->vardef_map = NULL;
# 123| return newmodel;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_definition.c: scope_hint: In function ‘oval_definition_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_definition.c:153:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘definition’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_definition.c: scope_hint: In function ‘oval_definition_new’
# 151| struct oval_definition *definition = (struct oval_definition *)malloc(sizeof(oval_definition_t));
# 152|
# 153|-> definition->id = oscap_strdup(id);
# 154| definition->version = 0;
# 155| definition->class = OVAL_CLASS_UNKNOWN;
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_directives.c: scope_hint: In function ‘oval_directives_model_get_new_classdir’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_directives.c:185:59: warning[-Wanalyzer-malloc-leak]: leak of ‘*model.class_directives[(int)(<unknown> + (oval_definition_class_t)4294967295)]’
# 183| if (classind < NUMBER_OF_CLASSES) {
# 184| if (model->class_directives[classind] == NULL)
# 185|-> model->class_directives[classind] = oval_result_directives_new();
# 186|
# 187| return model->class_directives[classind];
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_entity.c: scope_hint: In function ‘oval_entity_set_datatype’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_entity.c:230:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘entity’
# 228| {
# 229| __attribute__nonnull__(entity);
# 230|-> entity->datatype = datatype;
# 231| }
# 232|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_entity.c: scope_hint: In function ‘oval_entity_set_name’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_entity.c:272:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘entity’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘oval_entity_set_name’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_entity.c: scope_hint: In function ‘oval_entity_set_name’
# 270| {
# 271| __attribute__nonnull__(entity);
# 272|-> if (entity->name != NULL)
# 273| free(entity->name);
# 274| entity->name = (name == NULL) ? NULL : oscap_strdup(name);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_enumerations.c: scope_hint: In function ‘oval_family_to_namespace’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_enumerations.c:436:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘family_uri’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_sprintf’ must be non-null
# 434| /* We need to allocate memory also for '#' and '\0'. */
# 435| char *family_uri = malloc(strlen(schema_ns) + 1 + strlen(family_text) + 1);
# 436|-> sprintf(family_uri,"%s#%s", schema_ns, family_text);
# 437| xmlNs *ns = xmlSearchNsByHref(doc, parent, BAD_CAST family_uri);
# 438| free(family_uri);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_filter.c: scope_hint: In function ‘oval_filter_set_state’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_filter.c:122:23: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘filter’
# 120| {
# 121| __attribute__nonnull__(filter);
# 122|-> filter->state = state;
# 123| }
# 124|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_filter.c: scope_hint: In function ‘oval_filter_set_filter_action’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_filter.c:128:24: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘filter’
# 126| {
# 127| __attribute__nonnull__(filter);
# 128|-> filter->action = action;
# 129| }
# 130|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_generator.c: scope_hint: In function ‘oval_generator_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_generator.c:60:27: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘gen’
# 58| struct oval_generator *gen;
# 59| gen = malloc(sizeof(struct oval_generator));
# 60|-> gen->product_name = NULL;
# 61| gen->product_version = NULL;
# 62| gen->core_schema_version = oscap_strdup(OVAL_SUPPORTED);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_generator.c: scope_hint: In function ‘oval_generator_clone’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_generator.c:87:31: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_gen’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_generator.c: scope_hint: In function ‘oval_generator_clone’
# 85|
# 86| new_gen = malloc(sizeof(*new_gen));
# 87|-> new_gen->product_name = oscap_strdup(old_generator->product_name);
# 88| new_gen->product_version = oscap_strdup(old_generator->product_version);
# 89| new_gen->core_schema_version = oscap_strdup(old_generator->core_schema_version);
Error: COMPILER_WARNING (CWE-457):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_generator.c:203:36: warning[-Wmaybe-uninitialized]: ‘version’ may be used uninitialized
# 203 | xmlNode *sv_node = xmlNewTextChild(gen_node, ns_common,
# | ^
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_generator.c:201:40: note: ‘version’ was declared here
# 201 | const char *platform, *version;
# | ^
# 201| const char *platform, *version;
# 202| oscap_htable_iterator_next_kv(sv_itr, &platform, (void **) &version);
# 203|-> xmlNode *sv_node = xmlNewTextChild(gen_node, ns_common,
# 204| BAD_CAST "schema_version", BAD_CAST version);
# 205| size_t namespace_uri_length = strlen(namespace_uri) + 1 + strlen(platform) + 1;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_message.c: scope_hint: In function ‘oval_message_set_level’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_message.c:129:24: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘message’
# 127| {
# 128| __attribute__nonnull__(message);
# 129|-> message->level = level;
# 130| }
# 131|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_object.c: scope_hint: In function ‘oval_object_set_comment’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_object.c:269:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘object’
# 267| {
# 268| __attribute__nonnull__(object);
# 269|-> if (object->comment != NULL)
# 270| free(object->comment);
# 271| object->comment = (comm == NULL) ? NULL : oscap_strdup(comm);
Error: GCC_ANALYZER_WARNING (CWE-457):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_object.c:269:19: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*object.comment’
# 267| {
# 268| __attribute__nonnull__(object);
# 269|-> if (object->comment != NULL)
# 270| free(object->comment);
# 271| object->comment = (comm == NULL) ? NULL : oscap_strdup(comm);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_object.c: scope_hint: In function ‘oval_object_to_dom’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_object.c:393:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘object_name’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_sprintf’ must be non-null
# 391| const char *subtype_text = oval_subtype_get_text(subtype);
# 392| char *object_name = malloc(strlen(subtype_text) + 8);
# 393|-> sprintf(object_name, "%s_object", subtype_text);
# 394|
# 395| oval_family_t family = oval_object_get_family(object);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_object.c: scope_hint: In function ‘oval_object_create_internal’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_object.c:461:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘new_obj_id’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 459| sid_len = strlen(set_id);
# 460| new_obj_id = malloc(oid_len + sid_len + 2);
# 461|-> memcpy(new_obj_id, obj->id, oid_len);
# 462| new_obj_id[oid_len] = 'i';
# 463| memcpy(new_obj_id + oid_len + 1, set_id, sid_len);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_objectContent.c: scope_hint: In function ‘oval_object_content_set_field_name’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_objectContent.c:275:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘content’
# 273| {
# 274| __attribute__nonnull__(content);
# 275|-> if (content->fieldName != NULL)
# 276| free(content->fieldName);
# 277| content->fieldName = (name == NULL) ? NULL : oscap_strdup(name);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_probe_ext.c: scope_hint: In function ‘oval_pdtbl_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_probe_ext.c:89:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘p_tbl’
# 87| {
# 88| oval_pdtbl_t *p_tbl = malloc(sizeof(oval_pdtbl_t));
# 89|-> p_tbl->memb = NULL;
# 90| p_tbl->count = 0;
# 91| p_tbl->ctx = SEAP_CTX_new();
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_probe_ext.c: scope_hint: In function ‘oval_pdtbl_add’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_probe_ext.c:136:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘pd’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_probe_ext.c:44: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’
openscap-1.4.0-build/openscap-1.4.0/src/common/debug_priv.h:61:17: note: in expansion of macro ‘oscap_dlprintf’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_probe_ext.c:776:25: note: in expansion of macro ‘dI’
# 134|
# 135| oval_pd_t *pd = malloc(sizeof(oval_pd_t));
# 136|-> pd->subtype = type;
# 137| pd->sd = sd;
# 138| pd->uri = oscap_strdup(uri);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_probe_handler.c: scope_hint: In function ‘oval_phtbl_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_probe_handler.c:42:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘phtbl’
# 40| {
# 41| oval_phtbl_t *phtbl = malloc(sizeof(oval_phtbl_t));
# 42|-> phtbl->ph = NULL;
# 43| phtbl->sz = 0;
# 44|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_probe_session.c: scope_hint: In function ‘oval_probe_session_init’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_probe_session.c:130:18: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘sess’
# 128| static void oval_probe_session_init(oval_probe_session_t *sess, struct oval_syschar_model *model)
# 129| {
# 130|-> sess->ph = oval_phtbl_new();
# 131| sess->sys_model = model;
# 132| sess->flg = 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_reference.c: scope_hint: In function ‘oval_reference_set_source’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_reference.c:137:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ref’
# 135| {
# 136| __attribute__nonnull__(ref);
# 137|-> if (ref->source != NULL)
# 138| free(ref->source);
# 139| ref->source = (source == NULL) ? NULL : oscap_strdup(source);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_reference.c: scope_hint: In function ‘oval_reference_set_id’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_reference.c:145:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ref’
# 143| {
# 144| __attribute__nonnull__(ref);
# 145|-> if (ref->id != NULL)
# 146| free(ref->id);
# 147| ref->id = (id == NULL) ? NULL : oscap_strdup(id);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_reference.c: scope_hint: In function ‘oval_reference_set_url’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_reference.c:153:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ref’
# 151| {
# 152| __attribute__nonnull__(ref);
# 153|-> if (ref->url != NULL)
# 154| free(ref->url);
# 155| ref->url = (url == NULL) ? NULL : oscap_strdup(url);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_schema_version.c: scope_hint: In function ‘_parse_int’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_schema_version.c:42:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘buffer’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strncpy’ must be non-null
# 40| /* Pay attention that substring_length != strlen(substring) */
# 41| char *buffer = malloc(substring_length + 1); // +1 for a zero byte
# 42|-> strncpy(buffer, substring, substring_length);
# 43| buffer[substring_length] = '\0';
# 44| int i = atoi(buffer);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_session.c: scope_hint: In function ‘oval_session_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_session.c:97:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘session’
# 95| session = (struct oval_session *) calloc(1, sizeof(struct oval_session));
# 96|
# 97|-> session->source = oscap_source_new_from_file(filename);
# 98| if ((scap_type = oscap_source_get_scap_type(session->source)) == OSCAP_DOCUMENT_UNKNOWN) {
# 99| oval_session_free(session);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_set.c: scope_hint: In function ‘oval_setobject_set_type’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_set.c:217:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘set’
# 215| __attribute__nonnull__(set);
# 216|
# 217|-> set->type = type;
# 218| switch (type) {
# 219| case OVAL_SET_AGGREGATE:{
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_set.c:223:44: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(8)’
# 221| (oval_set_AGGREGATE_t *) (set->extension =
# 222| malloc(sizeof(oval_set_AGGREGATE_t)));
# 223|-> aggregate->subsets = oval_collection_new();
# 224| }
# 225| break;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_set.c: scope_hint: In function ‘oval_setobject_set_type.part.0’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_set.c:230:45: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(16)’
# 228| (oval_set_COLLECTIVE_t *) (set->extension =
# 229| malloc(sizeof(oval_set_COLLECTIVE_t)));
# 230|-> collective->filters = oval_collection_new();
# 231| collective->objects = oval_collection_new();
# 232| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_set.c: scope_hint: In function ‘oval_setobject_set_operation’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_set.c:242:24: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘set’
# 240| {
# 241| __attribute__nonnull__(set);
# 242|-> set->operation = operation;
# 243| }
# 244|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_state.c: scope_hint: In function ‘oval_state_set_deprecated’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_state.c:235:27: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘state’
# 233| {
# 234| __attribute__nonnull__(state);
# 235|-> state->deprecated = deprecated;
# 236| }
# 237|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_state.c: scope_hint: In function ‘oval_state_to_dom’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_state.c:340:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘state_name’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_sprintf’ must be non-null
# 338| const char *subtype_text = oval_subtype_get_text(subtype);
# 339| char *state_name = malloc(strlen(subtype_text) + 7);
# 340|-> sprintf(state_name, "%s_state", subtype_text);
# 341|
# 342| oval_family_t family = oval_state_get_family(state);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_stateContent.c: scope_hint: In function ‘oval_state_content_set_entcheck’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_stateContent.c:179:28: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘content’
# 177| {
# 178| __attribute__nonnull__(content);
# 179|-> content->ent_check = check;
# 180| }
# 181|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysEnt.c: scope_hint: In function ‘oval_sysent_set_name’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysEnt.c:177:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysent’
# 175| {
# 176| __attribute__nonnull__(sysent);
# 177|-> if (sysent->name != NULL)
# 178| free(sysent->name);
# 179| sysent->name = name;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysEnt.c: scope_hint: In function ‘oval_sysent_set_datatype’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysEnt.c:191:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysent’
# 189| {
# 190| __attribute__nonnull__(sysent);
# 191|-> sysent->datatype = datatype;
# 192| }
# 193|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysEnt.c: scope_hint: In function ‘oval_sysent_set_value’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysEnt.c:203:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysent’
# 201| {
# 202| __attribute__nonnull__(sysent);
# 203|-> if (sysent->value != NULL)
# 204| free(sysent->value);
# 205| sysent->value = oscap_strdup(value);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInfo.c: scope_hint: In function ‘oval_sysinfo_clone’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInfo.c:95:37: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘oval_sysinfo_new(new_model)’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInfo.c: scope_hint: In function ‘oval_sysinfo_clone’
# 93|
# 94| if (old_sysinfo->anyxml)
# 95|-> new_sysinfo->anyxml = oscap_strdup(old_sysinfo->anyxml);
# 96|
# 97| return new_sysinfo;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInfo.c: scope_hint: In function ‘oval_sysinfo_set_os_name’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInfo.c:156:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysinfo’
# 154| __attribute__nonnull__(sysinfo);
# 155|
# 156|-> if (sysinfo->osName != NULL)
# 157| free(sysinfo->osName);
# 158| sysinfo->osName = oscap_strdup(osName);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInfo.c: scope_hint: In function ‘oval_sysinfo_set_os_version’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInfo.c:169:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysinfo’
# 167| {
# 168| __attribute__nonnull__(sysinfo);
# 169|-> if (sysinfo->osVersion != NULL)
# 170| free(sysinfo->osVersion);
# 171| sysinfo->osVersion = oscap_strdup(osVersion);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInfo.c: scope_hint: In function ‘oval_sysinfo_set_os_architecture’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInfo.c:182:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysinfo’
# 180| {
# 181| __attribute__nonnull__(sysinfo);
# 182|-> if (sysinfo->osArchitecture != NULL)
# 183| free(sysinfo->osArchitecture);
# 184| sysinfo->osArchitecture = oscap_strdup(osArchitecture);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInfo.c: scope_hint: In function ‘oval_sysinfo_set_primary_host_name’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInfo.c:196:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysinfo’
# 194| {
# 195| __attribute__nonnull__(sysinfo);
# 196|-> if (sysinfo->primaryHostName != NULL)
# 197| free(sysinfo->primaryHostName);
# 198| sysinfo->primaryHostName = oscap_strdup(primaryHostName);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInfo.c: scope_hint: In function ‘oval_sysinfo_add_interface’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInfo.c:212:50: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysinfo’
# 210| {
# 211| __attribute__nonnull__(sysinfo);
# 212|-> oval_collection_add(sysinfo->interfaces, oval_sysint_clone(sysinfo->model, interface));
# 213| }
# 214|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInterface.c: scope_hint: In function ‘oval_sysint_set_name’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInterface.c:79:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysint’
# 77| {
# 78| __attribute__nonnull__(sysint);
# 79|-> if (sysint->name != NULL)
# 80| free(sysint->name);
# 81| sysint->name = oscap_strdup(name);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInterface.c: scope_hint: In function ‘oval_sysint_set_ip_address’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInterface.c:94:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysint’
# 92| {
# 93| __attribute__nonnull__(sysint);
# 94|-> if (sysint->ipAddress != NULL)
# 95| free(sysint->ipAddress);
# 96| sysint->ipAddress = oscap_strdup(ip_address);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInterface.c: scope_hint: In function ‘oval_sysint_set_mac_address’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysInterface.c:107:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysint’
# 105| {
# 106| __attribute__nonnull__(sysint);
# 107|-> if (sysint->macAddress != NULL)
# 108| free(sysint->macAddress);
# 109| sysint->macAddress = oscap_strdup(mac_address);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysItem.c: scope_hint: In function ‘oval_sysitem_add_message’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysItem.c:164:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘item’
# 162| {
# 163| __attribute__nonnull__(item);
# 164|-> oval_collection_add(item->messages, message);
# 165| }
# 166|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysItem.c: scope_hint: In function ‘oval_sysitem_set_status’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysItem.c:189:22: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘data’
# 187| {
# 188| __attribute__nonnull__(data);
# 189|-> data->status = status;
# 190| }
# 191|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysItem.c: scope_hint: In function ‘oval_sysitem_to_dom’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysItem.c:261:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘tagname’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_sprintf’ must be non-null
# 259| const char *subtype_text = oval_subtype_get_text(subtype);
# 260| char *tagname = malloc(strlen(subtype_text) + 6);
# 261|-> sprintf(tagname, "%s_item", subtype_text);
# 262|
# 263| oval_family_t family = oval_subtype_get_family(subtype);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysModel.c: scope_hint: In function ‘oval_syschar_model_set_sysinfo’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_sysModel.c:204:18: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘model’
# 202| {
# 203| __attribute__nonnull__(model);
# 204|-> if (model->sysinfo)
# 205| oval_sysinfo_free(model->sysinfo);
# 206| model->sysinfo = oval_sysinfo_clone(model, sysinfo);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_syschar.c: scope_hint: In function ‘oval_syschar_set_flag’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_syschar.c:68:23: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘syschar’
# 66| void oval_syschar_set_flag(struct oval_syschar *syschar, oval_syschar_collection_flag_t flag) {
# 67| __attribute__nonnull__(syschar);
# 68|-> syschar->flag = flag;
# 69| }
# 70|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_test.c: scope_hint: In function ‘oval_test_set_deprecated’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_test.c:274:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘test’
# 272| {
# 273| __attribute__nonnull__(test);
# 274|-> test->deprecated = deprecated;
# 275| }
# 276|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_test.c: scope_hint: In function ‘oval_test_to_dom’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_test.c:454:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘test_name’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_sprintf’ must be non-null
# 452| const char *subtype_text = oval_subtype_get_text(subtype);
# 453| char *test_name = malloc(strlen(subtype_text) + 6);
# 454|-> sprintf(test_name, "%s_test", subtype_text);
# 455|
# 456| oval_family_t family = oval_test_get_family(test);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_varModel.c: scope_hint: In function ‘oval_variable_model_add’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_varModel.c:175:50: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘model’
# 173|
# 174| struct _oval_variable_model_frame *frame =
# 175|-> (struct _oval_variable_model_frame *)oval_string_map_get_value(model->varmap, varid);
# 176| if (frame == NULL) {
# 177| frame = _oval_variable_model_frame_new(varid, comm, datatype);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_possible_value_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c:111:18: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘pv’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_possible_value_new’
# 109| struct oval_variable_possible_value *pv;
# 110| pv = malloc(sizeof(oval_variable_possible_value_t));
# 111|-> pv->hint = oscap_strdup(hint);
# 112| pv->value = oscap_strdup(value);
# 113| return pv;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_possible_restriction_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c:163:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘pr’
# 161| struct oval_variable_possible_restriction *pr;
# 162| pr = malloc(sizeof(oval_variable_possible_restriction_t));
# 163|-> pr->operator = operator;
# 164| pr->hint = oscap_strdup(hint);
# 165| pr->restrictions = oval_collection_new();
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_restriction’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c:187:60: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_variable_possible_restriction_new(*<unknown>.operator, *<unknown>.hint)’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_restriction’
# 185| struct oval_variable_restriction_iterator *oval_variable_possible_restriction_get_restrictions2(struct oval_variable_possible_restriction *possible_restriction)
# 186| {
# 187|-> return (struct oval_variable_restriction_iterator*)oval_collection_iterator(possible_restriction->restrictions);
# 188| }
# 189|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_restriction_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c:230:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘r’
# 228| struct oval_variable_restriction *r;
# 229| r = malloc(sizeof(oval_variable_restriction_t));
# 230|-> r->operation = operation;
# 231| r->value = oscap_strdup(value);
# 232| return r;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_set_comment’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c:822:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘variable’
# 820| __attribute__nonnull__(variable);
# 821|
# 822|-> if (variable->comment != NULL)
# 823| free(variable->comment);
# 824| variable->comment = oscap_strdup(comm);
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c:857:21: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_variable_possible_value_new(*<unknown>.hint, *<unknown>.value)’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_value’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_value’
# 855| void oval_variable_add_possible_value(struct oval_variable *variable, struct oval_variable_possible_value *pv)
# 856| {
# 857|-> if (variable->type == OVAL_VARIABLE_EXTERNAL) {
# 858| oval_variable_EXTERNAL_t *var = (oval_variable_EXTERNAL_t *) variable;
# 859| oval_collection_add(var->possible_values, pv);
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_value’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c:857:21: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_variable_possible_value_new(xmlTextReaderGetAttribute(reader, "hint"), xmlTextReaderValue(reader))’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_value’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_value’
# 855| void oval_variable_add_possible_value(struct oval_variable *variable, struct oval_variable_possible_value *pv)
# 856| {
# 857|-> if (variable->type == OVAL_VARIABLE_EXTERNAL) {
# 858| oval_variable_EXTERNAL_t *var = (oval_variable_EXTERNAL_t *) variable;
# 859| oval_collection_add(var->possible_values, pv);
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c:861:1: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_value’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_value’
# 859| oval_collection_add(var->possible_values, pv);
# 860| }
# 861|-> }
# 862|
# 863| void oval_variable_add_possible_restriction(struct oval_variable *variable, struct oval_variable_possible_restriction *pr)
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_restriction’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c:869:1: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_restriction’
# 867| oval_collection_add(var->possible_restrictions, pr);
# 868| }
# 869|-> }
# 870|
# 871| void oval_variable_clear_values(struct oval_variable *variable)
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variableBinding.c: scope_hint: In function ‘oval_variable_binding_set_variable’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variableBinding.c:96:27: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘binding’
# 94| __attribute__nonnull__(binding);
# 95|
# 96|-> binding->variable = variable;
# 97| }
# 98|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variableBinding.c: scope_hint: In function ‘oval_variable_binding_add_value’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variableBinding.c:104:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘binding’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/oval_variableBinding.c: scope_hint: In function ‘oval_variable_binding_add_value’
# 102| __attribute__nonnull__(value);
# 103|
# 104|-> oval_collection_add(binding->values, value);
# 105| }
# 106|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/bitmap.c: scope_hint: In function ‘bitmap_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/bitmap.c:47:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘bitmap’
# 45|
# 46| bitmap_t *bitmap = malloc(sizeof(bitmap_t));
# 47|-> bitmap->size = (size / BITMAP_CELLSIZE) + 1;
# 48| bitmap->realsize = 0;
# 49| bitmap->cells = NULL;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/common.c: scope_hint: In function ‘xmemdup’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/common.c:42:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘new’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 40|
# 41| new = malloc(len);
# 42|-> memcpy (new, src, len);
# 43|
# 44| return (new);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/spb.c: scope_hint: In function ‘spb_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/spb.c:40:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘spb’
# 38| spb_t *spb = malloc(sizeof(spb_t));
# 39|
# 40|-> spb->balloc = (balloc == 0 ? SPB_DEFAULT_BALLOC : balloc);
# 41| spb->buffer = malloc(sizeof(spb_item_t) * spb->balloc);
# 42| spb->bflags = 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/spb.c:46:37: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc((long unsigned int)<unknown> * 16)’
# 44| if (buffer != NULL && buflen > 0) {
# 45| spb->btotal = 1;
# 46|-> spb->buffer[0].base = buffer;
# 47| spb->buffer[0].gend = (spb_size_t)(buflen - 1);
# 48| } else {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/strbuf.c:90:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘blk’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/strbuf.c: scope_hint: In function ‘__strbuf_add’
# 88|
# 89| blk = malloc (sizeof (struct strblk *) + sizeof (size_t) + (sizeof (char) * len));
# 90|-> blk->next = NULL;
# 91| blk->size = 0;
# 92|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/strto.c: scope_hint: In function ‘strto_int64’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/strto.c:79:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘null_str’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 77| char *null_str = calloc(len + 1, sizeof(*str));
# 78|
# 79|-> memcpy(null_str, str, len);
# 80| errno = 0;
# 81| result = strtoll(null_str, endptr, base);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/strto.c: scope_hint: In function ‘strto_uint64’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/strto.c:95:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘null_str’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 93| char *null_str = calloc(len + 1, sizeof(*str));
# 94|
# 95|-> memcpy(null_str, str, len);
# 96| errno = 0;
# 97| result = strtoull(null_str, endptr, base);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/strto.c: scope_hint: In function ‘strto_double’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/strto.c:111:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘null_str’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 109| char *null_str = calloc(len + 1, sizeof(*str));
# 110|
# 111|-> memcpy(null_str, str, len);
# 112| errno = 0;
# 113| result = strtod(null_str, endptr);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/xbase64.c: scope_hint: In function ‘__b64_enc3’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/xbase64.c:236:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 234| #define B(n) (*(in+(n)))
# 235| static inline void __b64_enc3 (const uint8_t in[3], char out[4]) {
# 236|-> out[0] = b64_enc_alphabet[(B(0) & 0xfc) >> 2];
# 237| out[1] = b64_enc_alphabet[(B(0) & 0x03) << 4 | (B(1) & 0xf0) >> 4];
# 238| out[2] = b64_enc_alphabet[(B(1) & 0x0f) << 2 | (B(2) & 0xc0) >> 6];
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/xbase64.c: scope_hint: In function ‘__b64_enc2’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/xbase64.c:244:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 242|
# 243| static inline void __b64_enc2 (const uint8_t in[2], char out[4]) {
# 244|-> out[0] = b64_enc_alphabet[(B(0) & 0xfc) >> 2];
# 245| out[1] = b64_enc_alphabet[(B(0) & 0x03) << 4 | (B(1) & 0xf0) >> 4];
# 246| out[2] = b64_enc_alphabet[(B(1) & 0x0f) << 2];
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/xbase64.c:252:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*buffer’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/xbase64.c: scope_hint: In function ‘base64_encode’
# 250|
# 251| static inline void __b64_enc1 (const uint8_t in, char out[4]) {
# 252|-> out[0] = b64_enc_alphabet[(in & 0xfc) >> 2];
# 253| out[1] = b64_enc_alphabet[(in & 0x03) << 4];
# 254| out[2] = BASE64_PADDING_CHAR;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/xbase64.c: scope_hint: In function ‘__b64_dec4’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/xbase64.c:262:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 260| #define B(n) ((*(in+(n)) - 48) % 75)
# 261| static inline void __b64_dec4 (const char in[4], uint8_t out[3]) {
# 262|-> out[0] = b64_dec_alphabet[B(0)] << 2 | ((b64_dec_alphabet[B(1)] & 0x30) >> 4);
# 263| out[1] = ((b64_dec_alphabet[B(1)] & 0x0f) << 4) | ((b64_dec_alphabet[B(2)] & 0x3c) >> 2);
# 264| out[2] = ((b64_dec_alphabet[B(2)] & 0x03) << 6) | b64_dec_alphabet[B(3)];
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/xbase64.c: scope_hint: In function ‘__b64_dec3’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/xbase64.c:269:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 267|
# 268| static inline void __b64_dec3 (const char in[3], uint8_t out[2]) {
# 269|-> out[0] = b64_dec_alphabet[B(0)] << 2 | ((b64_dec_alphabet[B(1)] & 0x30) >> 4);
# 270| out[1] = ((b64_dec_alphabet[B(1)] & 0x0f) << 4) | ((b64_dec_alphabet[B(2)] & 0x3c) >> 2);
# 271| return;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/xbase64.c: scope_hint: In function ‘__b64_dec2’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/xbase64.c:275:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 273|
# 274| static inline void __b64_dec2 (const char in[2], uint8_t out[1]) {
# 275|-> out[0] = ((b64_dec_alphabet[B(0)] & 0x03) << 6) | b64_dec_alphabet[B(1)];
# 276| return;
# 277| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/xbase64.c: scope_hint: In function ‘base64_encode’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/generic/xbase64.c:301:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*buffer’
# 299| }
# 300|
# 301|-> (*buffer)[(i * 4)] = '\0';
# 302| return (i * 4);
# 303| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sch_queue.c: scope_hint: In function ‘sch_queue_connect’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sch_queue.c:42:32: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘data’
# 40| sch_queuedata_t *data = malloc(sizeof(sch_queuedata_t));
# 41|
# 42|-> data->from_probe_queue = oscap_queue_new();
# 43| data->from_probe_cnt = 0;
# 44| pthread_cond_init(&data->from_probe_cond, NULL);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sch_queue.c:55:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘arg’
# 53|
# 54| struct probe_common_main_argument *arg = malloc(sizeof(struct probe_common_main_argument));
# 55|-> arg->subtype = desc->subtype;
# 56| arg->queuedata = data;
# 57| desc->arg = arg;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-command.c: scope_hint: In function ‘SEAP_cmdrec_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-command.c:121:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘r’
# 119| {
# 120| SEAP_cmdrec_t *r = malloc(sizeof(SEAP_cmdrec_t));
# 121|-> r->code = 0;
# 122| r->func = NULL;
# 123| r->arg = NULL;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-command.c: scope_hint: In function ‘SEAP_cmdtbl_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-command.c:137:18: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘t’
# 135| SEAP_cmdtbl_t *t = malloc(sizeof(SEAP_cmdtbl_t));
# 136|
# 137|-> t->table = NULL;
# 138| t->maxcnt = 0;
# 139|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-command.c: scope_hint: In function ‘SEAP_cmdjob_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-command.c:504:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘j’
# 502| {
# 503| SEAP_cmdjob_t *j = malloc(sizeof(SEAP_cmdjob_t));
# 504|-> j->ctx = NULL;
# 505| j->sd = -1;
# 506|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-descriptor.c: scope_hint: In function ‘SEAP_desctable_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-descriptor.c:36:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘t’
# 34| {
# 35| SEAP_desctable_t *t = malloc(sizeof(SEAP_desctable_t));
# 36|-> t->tree = NULL;
# 37| t->bmap = NULL;
# 38|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-descriptor.c: scope_hint: In function ‘SEAP_desc_add’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-descriptor.c:62:33: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘sd_dsc’
# 60| sd_dsc = malloc(sizeof(SEAP_desc_t));
# 61|
# 62|-> sd_dsc->next_id = 0;
# 63| /* sd_dsc->sexpcnt = 0; */
# 64| sd_dsc->scheme = scheme;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-error.c: scope_hint: In function ‘SEAP_error_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-error.c:31:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘e’
# 29| SEAP_err_t *e = malloc(sizeof(SEAP_err_t));
# 30|
# 31|-> e->id = 0;
# 32| e->code = 0;
# 33| e->type = 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-message.c: scope_hint: In function ‘SEAP_msg_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-message.c:37:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new’
# 35| {
# 36| SEAP_msg_t *new = malloc(sizeof(SEAP_msg_t));
# 37|-> new->id = 0;
# 38| new->attrs = NULL;
# 39| new->attrs_cnt = 0;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-message.c: scope_hint: In function ‘SEAP_msg_clone’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-message.c:50:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘new’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 48|
# 49| SEAP_msg_t *new = malloc(sizeof(SEAP_msg_t));
# 50|-> memcpy (new, msg, sizeof (SEAP_msg_t));
# 51|
# 52| new->attrs = malloc(sizeof(SEAP_attr_t) * new->attrs_cnt);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-message.c:55:37: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc((long unsigned int)*new.attrs_cnt * 16)’
# 53|
# 54| for (i = 0; i < new->attrs_cnt; ++i) {
# 55|-> new->attrs[i].name = strdup (msg->attrs[i].name);
# 56| new->attrs[i].value = SEXP_ref (msg->attrs[i].value);
# 57| }
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-packet.c: scope_hint: In function ‘SEAP_packet_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-packet.c:43:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘p’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memset’ must be non-null
# 41| {
# 42| SEAP_packet_t *p = malloc(sizeof(SEAP_packet_t));
# 43|-> memset (p, 0, sizeof (SEAP_packet_t));
# 44| p->type = SEAP_PACKET_INV;
# 45|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-packet.c: scope_hint: In function ‘SEAP_packet_sexp2msg’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-packet.c:169:63: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*seap_msg.attrs + attr_i * 16’
# 167| SEXP_free (attr_val);
# 168| } else {
# 169|-> seap_msg->attrs[attr_i].name = SEXP_string_subcstr (attr_name, 1, 0);
# 170| seap_msg->attrs[attr_i].value = SEXP_list_nth (sexp_msg, msg_n + 1);
# 171|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-packet.c:196:55: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*seap_msg.attrs + attr_i * 16’
# 194| ++msg_n;
# 195| } else {
# 196|-> seap_msg->attrs[attr_i].name = SEXP_string_cstr (attr_name);
# 197| seap_msg->attrs[attr_i].value = NULL;
# 198|
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-packet.c:211:33: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
# 209| void *new_attrs = realloc(seap_msg->attrs, sizeof(SEAP_attr_t) * seap_msg->attrs_cnt);
# 210| if (new_attrs != NULL || seap_msg->attrs_cnt == 0)
# 211|-> seap_msg->attrs = new_attrs;
# 212| seap_msg->sexp = SEXP_list_last (sexp_msg);
# 213|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-packetq.c: scope_hint: In function ‘SEAP_packetq_item_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-packetq.c:38:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘i’
# 36| struct SEAP_packetq_item *i = malloc(sizeof(struct SEAP_packetq_item));
# 37|
# 38|-> i->next = NULL;
# 39| i->prev = NULL;
# 40| i->packet = NULL;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap.c: scope_hint: In function ‘SEAP_CTX_initdefault’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap.c:56:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ctx’
# 54| _A(ctx != NULL);
# 55|
# 56|-> ctx->fmt_in = SEXP_FMT_CANONICAL;
# 57| ctx->fmt_out = SEXP_FMT_CANONICAL;
# 58|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap.c: scope_hint: In function ‘SEAP_recvmsg’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap.c:372:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘msg’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 370|
# 371| (*seap_msg) = malloc(sizeof(SEAP_msg_t));
# 372|-> memcpy ((*seap_msg), SEAP_packet_msg (packet), sizeof (SEAP_msg_t));
# 373|
# 374| SEAP_packet_free (packet);
Error: COMPILER_WARNING (CWE-457):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-ID.c:59:23: warning[-Wmaybe-uninitialized]: ‘resbuf’ may be used uninitialized
# 59 | return (resbuf[part]);
# | ^
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-ID.c: scope_hint: In function ‘SEXP_ID_v_callback’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-ID.c:51:18: note: ‘resbuf’ declared here
# 51 | uint64_t resbuf[2];
# | ^
# 57| MurmurHash3_x86_128(buf, (int)len, (uint32_t)((0x7C0FFEE7 ^ seed) ^ (seed >> 32)), resbuf);
# 58|
# 59|-> return (resbuf[part]);
# 60| }
# 61|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-datatype.c: scope_hint: In function ‘SEXP_datatype_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-datatype.c:156:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘d’
# 154| {
# 155| SEXP_datatype_t *d = malloc(sizeof(SEXP_datatype_t));
# 156|-> d->dt_flg = 0;
# 157|
# 158| return(d);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c: scope_hint: In function ‘SEXP_string_cstr’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c:778:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘str’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 776| char *str = malloc(len + 1); // + 1 for terminating '\0'
# 777|
# 778|-> memcpy (str, v_dsc.mem, sizeof (char) * len);
# 779|
# 780| str[len] = '\0';
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c: scope_hint: In function ‘SEXP_string_subcstr’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c:850:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘s_str’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 848| s_str = malloc(s_len + 1);
# 849|
# 850|-> memcpy (s_str, ((char *) v_dsc.mem) + beg, sizeof (char) * s_len);
# 851|
# 852| s_str[s_len] = '\0';
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c: scope_hint: In function ‘SEXP_string_cmp’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c:888:13: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c:39: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c:36: included_from: Included from here.
/usr/include/string.h:156:12: note: argument 1 of ‘strcmp’ must be non-null
# 886| b = SEXP_string_cstr (str_b);
# 887|
# 888|-> c = strcmp (a, b);
# 889|
# 890| free(a);
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c: scope_hint: In function ‘SEXP_list_pop’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c:993:35: warning[-Wanalyzer-malloc-leak]: leak of ‘SEXP_list_first(list)’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c:44: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/_sexp-value.h:91:50: note: in definition of macro ‘SEXP_LCASTP’
# 991| SEXP_VALIDATE(list);
# 992|
# 993|-> SEXP_val_dsc (&v_dsc, list->s_valp);
# 994|
# 995| if (v_dsc.type != SEXP_VALTYPE_LIST) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c: scope_hint: In function ‘SEXP_list_it_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c:1341:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘it’
# 1339|
# 1340| SEXP_list_it *it = malloc(sizeof(SEXP_list_it));
# 1341|-> it->block = SEXP_LCASTP(v_dsc.mem)->b_addr;
# 1342| it->index = SEXP_LCASTP(v_dsc.mem)->offset;
# 1343| it->count = it->block != NULL ? it->block->real : 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c: scope_hint: In function ‘SEXP_list_it_next’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c:1352:15: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘it’
# 1350| SEXP_t *item;
# 1351|
# 1352|-> if (it->block == NULL)
# 1353| return (NULL);
# 1354|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c: scope_hint: In function ‘SEXP_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c:1508:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘s_exp’
# 1506| {
# 1507| SEXP_t *s_exp = malloc(sizeof(SEXP_t));
# 1508|-> s_exp->s_type = NULL;
# 1509| s_exp->s_valp = 0;
# 1510|
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c: scope_hint: In function ‘SEXP_softref’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip.c:1595:34: warning[-Wanalyzer-malloc-leak]: leak of ‘SEXP_new()’
# 1593|
# 1594| s_exp_r = SEXP_new ();
# 1595|-> s_exp_r->s_type = s_exp_o->s_type;
# 1596| s_exp_r->s_valp = s_exp_o->s_valp;
# 1597|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip_r.c: scope_hint: In function ‘SEXP_list_new_rv’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-manip_r.c:329:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sexp_mem’
# 327| SEXP_init(sexp_mem);
# 328| sexp_mem->s_type = NULL;
# 329|-> sexp_mem->s_valp = v_dsc.ptr;
# 330|
# 331| SEXP_VALIDATE(sexp_mem);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-value.c: scope_hint: In function ‘SEXP_val_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-value.c:40:24: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/public/sexp-manip.h:46: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/public/sexp.h:28: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/public/sexp-datatype.h:29: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/_sexp-datatype.h:27: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/_sexp-types.h:31: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/_sexp-value.h:30: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-value.c:31: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-value.c: scope_hint: In function ‘SEXP_val_new’
# 38| SEXP_val_dsc (dst, (uintptr_t) s_val);
# 39|
# 40|-> dst->hdr->refs = 1;
# 41| dst->hdr->size = vmemsize;
# 42| dst->type = type;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-value.c: scope_hint: In function ‘SEXP_rawval_lblk_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-value.c:112:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 110| sizeof(struct SEXP_val_lblk),
# 111| SEXP_LBLK_ALIGN);
# 112|-> lblk->memb = malloc(sizeof(SEXP_t) * (1 << sz));
# 113|
# 114| lblk->nxsz = ((uintptr_t)(NULL) & SEXP_LBLKP_MASK) | ((uintptr_t)sz & SEXP_LBLKS_MASK);
Error: GCC_ANALYZER_WARNING (CWE-835):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-value.c: scope_hint: In function ‘SEXP_rawval_lblk_copy’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sexp-value.c:467:28: warning[-Wanalyzer-infinite-loop]: infinite loop
# 465|
# 466| while (lb_old != NULL) {
# 467|-> if ((lb_old->real - off_o) == 0) {
# 468| /*
# 469| * move to the next old block
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/crapi/digest.c: scope_hint: In function ‘crapi_digest_init’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/crapi/digest.c:220:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ctx’
# 218| int lib_alg = crapi_alg_t_to_lib_arg(alg);
# 219| #if defined(HAVE_NSS3)
# 220|-> ctx->ctx = HASH_Create(lib_alg);
# 221| #elif defined(HAVE_GCRYPT)
# 222| if (gcry_md_open(&ctx->ctx, lib_alg, 0) != 0) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/crapi/digest.c: scope_hint: In function ‘crapi_mdigest_fd’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/crapi/digest.c:299:29: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ctbl’
# 297| }
# 298| for (i = 0; i < num; ++i)
# 299|-> ctbl[i].ctx = NULL;
# 300|
# 301| va_start(ap, num);
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/fsdev.c: scope_hint: In function ‘__fsdev_init’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/fsdev.c:239:18: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
# 237| return (NULL);
# 238| }
# 239|-> lfs->ids = new_ids;
# 240| lfs->cnt = i;
# 241|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/independent/filehash58_probe.c: scope_hint: In function ‘filehash58_probe_init’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/independent/filehash58_probe.c:260:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘filehash58_probe_mutex’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-descriptor.h:28: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sch_queue.h:28: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/_seap.h:28: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/independent/filehash58_probe.c:38: included_from: Included from here.
/usr/include/pthread.h:781:12: note: argument 1 of ‘pthread_mutex_init’ must be non-null
# 258| */
# 259| pthread_mutex_t *filehash58_probe_mutex = malloc(sizeof(pthread_mutex_t));
# 260|-> switch (pthread_mutex_init(filehash58_probe_mutex, NULL)) {
# 261| case 0:
# 262| return ((void *)filehash58_probe_mutex);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/independent/system_info_probe.c: scope_hint: In function ‘__sysinfo_saneval’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/independent/system_info_probe.c:482:20: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘s’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 480| real_length = space_count = i = 0;
# 481|
# 482|-> for (; i < strlen(s); ++i) {
# 483| /* check for space */
# 484| if (isspace(s[i])) {
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/independent/textfilecontent54_probe.c: scope_hint: In function ‘process_file’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/independent/textfilecontent54_probe.c:139:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘whole_path’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 137| whole_path = malloc(path_len + file_len + 2);
# 138|
# 139|-> memcpy(whole_path, path, path_len);
# 140|
# 141| if (whole_path[path_len - 1] != FILE_SEPARATOR) {
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/independent/textfilecontent_probe.c: scope_hint: In function ‘process_file’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/independent/textfilecontent_probe.c:166:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘whole_path’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 164| filename_len = strlen(filename);
# 165| whole_path = malloc(path_len + filename_len + 2);
# 166|-> memcpy(whole_path, path, path_len);
# 167| if (whole_path[path_len - 1] != FILE_SEPARATOR) {
# 168| whole_path[path_len] = FILE_SEPARATOR;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/independent/xmlfilecontent_probe.c: scope_hint: In function ‘process_file’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/independent/xmlfilecontent_probe.c:164:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘whole_path’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 162| whole_path = malloc(sizeof (char) * (path_len + filename_len + 2));
# 163|
# 164|-> memcpy (whole_path, path, sizeof (char) * path_len);
# 165|
# 166| if (whole_path[path_len - 1] != FILE_SEPARATOR) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/oval_fts.c: scope_hint: In function ‘OVAL_FTSENT_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/oval_fts.c:96:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ofts_ent’
# 94| OVAL_FTSENT *ofts_ent = calloc(1, sizeof(OVAL_FTSENT));
# 95|
# 96|-> ofts_ent->fts_info = fts_ent->fts_info;
# 97| /* The 'shift' variable stores length of the prefix if the prefix
# 98| * is defined, otherwise it is set to 0. The value of 'shift' gives
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/oval_fts.c:108:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘malloc((long unsigned int)pathlen - <unknown> + 1)’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strncpy’ must be non-null
# 106| if (ofts_ent->path_len > 0) {
# 107| ofts_ent->path = malloc(ofts_ent->path_len + 1);
# 108|-> strncpy(ofts_ent->path, fts_ent->fts_path + shift, ofts_ent->path_len);
# 109| ofts_ent->path[ofts_ent->path_len] = '\0';
# 110| } else {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/oval_fts.c: scope_hint: In function ‘oval_fts_read_match_path’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/oval_fts.c:839:75: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘*<unknown>.fts_statp’
# 837| if (ofts->filesystem == OVAL_RECURSE_FS_DEFINED
# 838| && (fts_ent->fts_info == FTS_D || fts_ent->fts_info == FTS_SL)
# 839|-> && ofts->ofts_recurse_path_devid != fts_ent->fts_statp->st_dev) {
# 840| fts_set(ofts->ofts_recurse_path_fts, fts_ent, FTS_SKIP);
# 841| continue;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/oval_fts.c: scope_hint: In function ‘oval_fts_read_recurse_path’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/oval_fts.c:1127:91: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘*<unknown>.fts_statp’
# 1125| #endif
# 1126| if (ofts->filesystem == OVAL_RECURSE_FS_DEFINED
# 1127|-> && ofts->ofts_recurse_path_devid != fts_ent->fts_statp->st_dev)
# 1128| break;
# 1129|
Error: GCC_ANALYZER_WARNING (CWE-685):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe-api.c: scope_hint: In function ‘probe_attr_creat’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe-api.c:332:21: warning[-Wanalyzer-va-list-exhausted]: ‘ap’ has no more arguments (1 consumed)
# 330|
# 331| name = va_arg(ap, const char *);
# 332|-> val = va_arg(ap, SEXP_t *);
# 333| }
# 334|
Error: GCC_ANALYZER_WARNING (CWE-404):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe-api.c: scope_hint: In function ‘probe_item_create’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe-api.c:1434:24: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
# 1432| if (subtype_name == NULL) {
# 1433| dE("Invalid/Unknown subtype: %d", (int)item_subtype);
# 1434|-> return (NULL);
# 1435| }
# 1436|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe/icache.c: scope_hint: In function ‘icache_add_to_tree’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe/icache.c:158:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘cached’
# 156|
# 157| probe_citem_t *cached = malloc(sizeof(probe_citem_t));
# 158|-> cached->item = malloc(sizeof(SEXP_t *));
# 159| cached->item[0] = pair->p.item;
# 160| cached->count = 1;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe/icache.c:159:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(8)’
# 157| probe_citem_t *cached = malloc(sizeof(probe_citem_t));
# 158| cached->item = malloc(sizeof(SEXP_t *));
# 159|-> cached->item[0] = pair->p.item;
# 160| cached->count = 1;
# 161|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe/icache.c: scope_hint: In function ‘probe_icache_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe/icache.c:315:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘cache’
# 313| {
# 314| probe_icache_t *cache = malloc(sizeof(probe_icache_t));
# 315|-> cache->tree = rbt_i64_new();
# 316|
# 317| if (pthread_mutex_init(&cache->queue_mutex, NULL) != 0) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe/input_handler.c: scope_hint: In function ‘probe_input_handler’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe/input_handler.c:161:53: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘pair’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe/input_handler.c:27: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe/input_handler.c:111:17: note: in expansion of macro ‘TH_CANCEL_OFF’
# 159|
# 160| probe_pwpair_t *pair = malloc(sizeof(probe_pwpair_t));
# 161|-> pair->probe = probe;
# 162| pair->pth = probe_worker_new();
# 163| pair->pth->sid = SEAP_msg_id(seap_request);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe/ncache.c: scope_hint: In function ‘probe_ncache_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe/ncache.c:88:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘cache’
# 86| }
# 87|
# 88|-> cache->name = calloc (PROBE_NCACHE_INIT_SIZE, sizeof (SEXP_t *));
# 89| cache->size = PROBE_NCACHE_INIT_SIZE;
# 90| cache->real = 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe/probe_main.c: scope_hint: In function ‘probe_common_main’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe/probe_main.c:233:33: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘probe.option’
# 231| probe.optcnt = PROBE_OPTION_INITCOUNT;
# 232|
# 233|-> probe.option[0].option = PROBEOPT_VARREF_HANDLING;
# 234| probe.option[0].handler = &probe_opthandler_varref;
# 235| probe.option[1].option = PROBEOPT_RESULT_CACHING;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe/rcache.c: scope_hint: In function ‘probe_rcache_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe/rcache.c:39:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘cache’
# 37|
# 38| cache = malloc(sizeof(probe_rcache_t));
# 39|-> cache->tree = rbt_str_new();
# 40|
# 41| return (cache);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/file_probe.c: scope_hint: In function ‘gr_sexps_init’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/file_probe.c:98:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘s’
# 96| {
# 97| struct gr_sexps *s = malloc(sizeof(struct gr_sexps));
# 98|-> s->gr_t_reg = SEXP_string_new(STRLEN_PAIR(STR_REGULAR));
# 99| s->gr_t_dir = SEXP_string_new(STRLEN_PAIR(STR_DIRECTORY));
# 100| s->gr_t_lnk = SEXP_string_new(STRLEN_PAIR(STR_SYMLINK));
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/file_probe.c: scope_hint: In function ‘ID_cache_init’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/file_probe.c:198:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘cache’
# 196| {
# 197| struct ID_cache *cache = malloc(sizeof(struct ID_cache));
# 198|-> cache->max = max;
# 199| cache->tree = rbt_i32_new();
# 200| return cache;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/file_probe.c: scope_hint: In function ‘file_probe_init’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/file_probe.c:436:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘file_probe_mutex’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-descriptor.h:28: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sch_queue.h:28: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/_seap.h:28: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/file_probe.c:37: included_from: Included from here.
/usr/include/pthread.h:781:12: note: argument 1 of ‘pthread_mutex_init’ must be non-null
# 434| */
# 435| pthread_mutex_t *file_probe_mutex = malloc(sizeof(pthread_mutex_t));
# 436|-> switch (pthread_mutex_init (file_probe_mutex, NULL)) {
# 437| case 0:
# 438| return ((void *)file_probe_mutex);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/fileextendedattribute_probe.c: scope_hint: In function ‘fileextendedattribute_probe_init’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/fileextendedattribute_probe.c:373:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘mutex’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-descriptor.h:28: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sch_queue.h:28: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/_seap.h:28: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/fileextendedattribute_probe.c:34: included_from: Included from here.
/usr/include/pthread.h:781:12: note: argument 1 of ‘pthread_mutex_init’ must be non-null
# 371| */
# 372| pthread_mutex_t *mutex = malloc(sizeof(pthread_mutex_t));
# 373|-> switch (pthread_mutex_init(mutex, NULL)) {
# 374| case 0:
# 375| return (void *)mutex;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/fwupdsecattr_probe.c:209:45: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
/usr/include/string.h:159:12: note: argument 1 of ‘strncmp’ must be non-null
# 207| switch (arg_type) {
# 208| case DBUS_TYPE_UINT32:
# 209|-> if(!strncmp(property_name, "HsiResult", strlen("HsiResult"))) {
# 210| _DBusBasicValue hsiresult_value;
# 211| dbus_message_iter_get_basic(&value_variant, &hsiresult_value);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/fwupdsecattr_probe.c: scope_hint: In function ‘get_all_security_attributes’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/fwupdsecattr_probe.c:209:45: warning[-Wanalyzer-null-argument]: use of NULL ‘appstream_name’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/fwupdsecattr_probe.c:47: included_from: Included from here.
/usr/include/string.h:159:12: note: argument 1 of ‘strncmp’ must be non-null
# 207| switch (arg_type) {
# 208| case DBUS_TYPE_UINT32:
# 209|-> if(!strncmp(property_name, "HsiResult", strlen("HsiResult"))) {
# 210| _DBusBasicValue hsiresult_value;
# 211| dbus_message_iter_get_basic(&value_variant, &hsiresult_value);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/fwupdsecattr_probe.c:216:45: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
/usr/include/string.h:159:12: note: argument 1 of ‘strncmp’ must be non-null
# 214| break;
# 215| case DBUS_TYPE_STRING:
# 216|-> if(!strncmp(property_name, "AppstreamId", strlen("AppstreamId"))) {
# 217| free(appstream_name);
# 218| appstream_name = oval_dbus_value_to_string(&value_variant);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/fwupdsecattr_probe.c:216:45: warning[-Wanalyzer-null-argument]: use of NULL ‘appstream_name’ where non-null expected
/usr/include/string.h:159:12: note: argument 1 of ‘strncmp’ must be non-null
# 214| break;
# 215| case DBUS_TYPE_STRING:
# 216|-> if(!strncmp(property_name, "AppstreamId", strlen("AppstreamId"))) {
# 217| free(appstream_name);
# 218| appstream_name = oval_dbus_value_to_string(&value_variant);
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/iflisteners_probe.c: scope_hint: In function ‘collect_process_info’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/iflisteners_probe.c:297:1: warning[-Wanalyzer-malloc-leak]: leak of ‘node.cmd’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/iflisteners_probe.c: scope_hint: In function ‘collect_process_info’
# 295| closedir(d);
# 296| return 0;
# 297|-> }
# 298|
# 299| static void report_finding(struct result_info *res, llist *l, probe_ctx *ctx, oval_schema_version_t over)
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/iflisteners_probe.c:470:16: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/iflisteners_probe.c: scope_hint: In function ‘iflisteners_probe_main’
# 468| SEXP_free(interface_name_ent);
# 469|
# 470|-> return err;
# 471| }
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/iflisteners_probe.c: scope_hint: In function ‘iflisteners_probe_main’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/iflisteners_probe.c:470:16: warning[-Wanalyzer-malloc-leak]: leak of ‘ll.cur’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/iflisteners_probe.c: scope_hint: In function ‘iflisteners_probe_main’
# 468| SEXP_free(interface_name_ent);
# 469|
# 470|-> return err;
# 471| }
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c: scope_hint: In function ‘collect_process_info’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c:305:1: warning[-Wanalyzer-malloc-leak]: leak of ‘node.cmd’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c: scope_hint: In function ‘collect_process_info’
# 303| closedir(d);
# 304| return 0;
# 305|-> }
# 306|
# 307| static int eval_data(const char *type, const char *local_address,
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/rpmverify_probe.c: scope_hint: In function ‘rpmverify_probe_init’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/rpmverify_probe.c:251:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘g_rpm’
# 249|
# 250| struct rpm_probe_global *g_rpm = malloc(sizeof(struct rpm_probe_global));
# 251|-> g_rpm->rpmts = rpmtsCreate();
# 252|
# 253| pthread_mutex_init(&(g_rpm->mutex), NULL);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/selinuxsecuritycontext_probe.c: scope_hint: In function ‘split_level’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/selinuxsecuritycontext_probe.c:64:23: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘level’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strchr’ must be non-null
# 62| char *level_split;
# 63|
# 64|-> level_split = strchr(level, ':');
# 65| if (level_split == NULL) {
# 66| *sensitivity = strdup(level);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c: scope_hint: In function ‘property_callback’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c:193:21: warning[-Wanalyzer-null-argument]: use of NULL ‘property’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c:38: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/systemdshared.h: scope_hint: In function ‘property_callback’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/public/sexp.h:28: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/public/sexp-datatype.h:29: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/_sexp-datatype.h:27: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/_sexp-types.h:31: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/seap-descriptor.h:33: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/sch_queue.h:28: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/_seap.h:28: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/probe/probe.h:37: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c:35: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/public/sexp-manip.h:262:15: note: argument 2 of ‘SEXP_strcmp’ must be non-null
# 191| // a new one for the current property.
# 192| //
# 193|-> if (SEXP_strcmp(vars->se_property, property) == 0) {
# 194| SEXP_t *se_value = SEXP_string_new(value, strlen(value));
# 195| probe_item_ent_add(vars->item, "value", NULL, se_value);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c:193:21: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘property’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/systemdshared.h: scope_hint: In function ‘property_callback’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c: scope_hint: In function ‘property_callback’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/SEAP/public/sexp-manip.h:262:15: note: argument 2 of ‘SEXP_strcmp’ must be non-null
# 191| // a new one for the current property.
# 192| //
# 193|-> if (SEXP_strcmp(vars->se_property, property) == 0) {
# 194| SEXP_t *se_value = SEXP_string_new(value, strlen(value));
# 195| probe_item_ent_add(vars->item, "value", NULL, se_value);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c:206:31: warning[-Wanalyzer-null-argument]: use of NULL ‘property’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/systemdshared.h: scope_hint: In function ‘property_callback’
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 204| }
# 205|
# 206|-> SEXP_t *se_property = SEXP_string_new(property, strlen(property));
# 207|
# 208| if (probe_entobj_cmp(vars->property_entity, se_property) != OVAL_RESULT_TRUE) {
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c:206:31: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘property’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/systemdshared.h: scope_hint: In function ‘property_callback’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c: scope_hint: In function ‘property_callback’
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 204| }
# 205|
# 206|-> SEXP_t *se_property = SEXP_string_new(property, strlen(property));
# 207|
# 208| if (probe_entobj_cmp(vars->property_entity, se_property) != OVAL_RESULT_TRUE) {
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c: scope_hint: In function ‘unit_callback’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c:225:27: warning[-Wanalyzer-null-argument]: use of NULL ‘unit’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 223| {
# 224| struct unit_callback_vars *vars = (struct unit_callback_vars *)cbarg;
# 225|-> SEXP_t *se_unit = SEXP_string_new(unit, strlen(unit));
# 226|
# 227| if (probe_entobj_cmp(vars->unit_entity, se_unit) != OVAL_RESULT_TRUE) {
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/process58_probe.c: scope_hint: In function ‘get_posix_capability’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/process58_probe.c:344:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/process58_probe.c:61: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/process58_probe.c:103: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’
openscap-1.4.0-build/openscap-1.4.0/src/common/debug_priv.h:63:17: note: in expansion of macro ‘oscap_dlprintf’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/process58_probe.c:343:17: note: in expansion of macro ‘dE’
# 342| if (new_ret == NULL) {
# 343| dE("Unable to re-allocate memory for ret");
# 344|-> free(ret);
# 345| ret = NULL;
# 346| goto exit;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/runlevel_probe.c: scope_hint: In function ‘get_runlevel_sysv’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/runlevel_probe.c:225:47: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘rep_lst’
# 223| }
# 224|
# 225|-> rep_lst->service_name = strdup(service_name);
# 226| rep_lst->runlevel = strdup(runlevel);
# 227| rep_lst->start = start;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/sysctl_probe.c: scope_hint: In function ‘sysctl_probe_main’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/sysctl_probe.c:179:26: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘mib’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 177| mibstart += strlen(PROC_SYS_DIR)+1;
# 178| mib = strdup(mibpath + mibstart);
# 179|-> miblen = strlen(mib);
# 180|
# 181| while (miblen > 0) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c: scope_hint: In function ‘xiconf_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:368:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xiconf’
# 366| {
# 367| xiconf_t *xiconf = malloc(sizeof(xiconf_t));
# 368|-> xiconf->cfile = malloc(sizeof(xiconf_file_t *));
# 369| xiconf->count = 0;
# 370| xiconf->stree = rbt_str_new();
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c: scope_hint: In function ‘xiconf_service_new’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:381:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘service’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
# 379| xiconf_service_t *service = malloc(sizeof(xiconf_service_t));
# 380|
# 381|-> service->id = NULL;
# 382| service->type = NULL;
# 383| service->flags = NULL;
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c: scope_hint: In function ‘xiconf_parse’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:493:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xiconf_new()’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:823:25: note: in expansion of macro ‘tmpbuf_free’
# 491| }
# 492|
# 493|-> if ((st.st_mode & S_IFMT) != S_IFREG) {
# 494| dE("Not a regular file: %s", path);
# 495| close (fd);
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c: scope_hint: In function ‘xiconf_getservice’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:493:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xiconf_parse(path, 32)’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:823:25: note: in expansion of macro ‘tmpbuf_free’
# 491| }
# 492|
# 493|-> if ((st.st_mode & S_IFMT) != S_IFREG) {
# 494| dE("Not a regular file: %s", path);
# 495| close (fd);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c: scope_hint: In function ‘xiconf_read’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:509:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘file’
# 507|
# 508| /* initialize items that don't need to have extra memory allocated for them */
# 509|-> file->fd = fd;
# 510| file->inlen = (size_t)st.st_size;
# 511| file->inoff = 0;
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:531:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
# 529| /* Can't read the contents of the file */
# 530| close (fd);
# 531|-> free(file);
# 532| return (NULL);
# 533| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c: scope_hint: In function ‘xiconf_parse’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:617:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*<unknown>.cfile’
# 615|
# 616| xifile->depth = 0;
# 617|-> xiconf->cfile[0] = xifile;
# 618| xiconf->count = 1;
# 619|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:634:34: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘l_pbeg’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strchr’ must be non-null
# 632| /* locate end-of-line & compute the line lenght */
# 633| l_pbeg = xifile->inmem + xifile->inoff;
# 634|-> l_pend = strchr(l_pbeg, '\n');
# 635|
# 636| if (l_pend == NULL) {
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:651:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘<unknown>’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 649| buffer = tmpbuf_get(l_size + 1);
# 650| bufidx = 0;
# 651|-> memcpy (buffer, l_pbeg, l_size);
# 652| buffer[l_size] = ' ';
# 653| *strchr(buffer, ' ') = '\0';
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:653:47: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
# 651| memcpy (buffer, l_pbeg, l_size);
# 652| buffer[l_size] = ' ';
# 653|-> *strchr(buffer, ' ') = '\0';
# 654|
# 655| /* skip whitespaces before the keyword */
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:679:71: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
# 677| }
# 678|
# 679|-> *strchr(buffer + bufidx, ' ') = '\0';
# 680|
# 681| if (xiconf_parse_section (xiconf, xifile, XICONF_SECTION_SERVICE, buffer + bufidx) != 0) {
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c: scope_hint: In function ‘xiconf_parse_section’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:909:32: warning[-Wanalyzer-malloc-leak]: leak of ‘xiconf_service_new()’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
# 907| * Find out the line boundaries.
# 908| */
# 909|-> l_pbeg = xifile->inmem + xifile->inoff;
# 910| l_pend = strchr(l_pbeg, '\n');
# 911|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:928:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘<unknown>’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:925:26: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:925:26: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:925:26: note: in expansion of macro ‘tmpbuf_get’
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 926| bufidx = 0;
# 927|
# 928|-> memcpy (buffer, l_pbeg, l_size);
# 929|
# 930| buffer[l_size] = '\0';
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:940:20: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:925:26: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:925:26: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:925:26: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:41: included_from: Included from here.
# 938| */
# 939| key = strdup(buffer + bufidx);
# 940|-> if (key == NULL)
# 941| exit(ENOMEM);
# 942|
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:990:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:925:26: note: in expansion of macro ‘tmpbuf_get’
# 988| }
# 989|
# 990|-> switch (xiattr->pass_arg) {
# 991| case XIATTR_OPARG_LOCAL:
# 992| opvar = (void *)xiattr_ptr(snew, xiattr->offset);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:1152:33: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘st’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:1041:17: note: in expansion of macro ‘tmpbuf_free’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:53: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’
openscap-1.4.0-build/openscap-1.4.0/src/common/debug_priv.h:62:17: note: in expansion of macro ‘oscap_dlprintf’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:1045:17: note: in expansion of macro ‘dW’
openscap-1.4.0-build/openscap-1.4.0/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’
openscap-1.4.0-build/openscap-1.4.0/src/common/debug_priv.h:64:17: note: in expansion of macro ‘oscap_dlprintf’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:1149:25: note: in expansion of macro ‘dD’
# 1150|
# 1151| st = malloc(sizeof(xiconf_strans_t));
# 1152|-> st->cnt = 1;
# 1153| st->srv = malloc (sizeof (xiconf_service_t *));
# 1154| st->srv[0] = scur;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:1154:36: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(8)’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:1041:17: note: in expansion of macro ‘tmpbuf_free’
openscap-1.4.0-build/openscap-1.4.0/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’
openscap-1.4.0-build/openscap-1.4.0/src/common/debug_priv.h:62:17: note: in expansion of macro ‘oscap_dlprintf’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:1045:17: note: in expansion of macro ‘dW’
openscap-1.4.0-build/openscap-1.4.0/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’
openscap-1.4.0-build/openscap-1.4.0/src/common/debug_priv.h:64:17: note: in expansion of macro ‘oscap_dlprintf’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:1149:25: note: in expansion of macro ‘dD’
# 1152| st->cnt = 1;
# 1153| st->srv = malloc (sizeof (xiconf_service_t *));
# 1154|-> st->srv[0] = scur;
# 1155|
# 1156| if (rbt_str_add (xiconf->ttree, strdup(st_key), st) != 0) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c: scope_hint: In function ‘xiconf_dump’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/probes/unix/xinetd_probe.c:1254:18: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘res’
# 1252|
# 1253| xiconf_strans_t *res = malloc(sizeof(xiconf_strans_t));
# 1254|-> res->cnt = rbt_str_size(xiconf->stree);
# 1255| res->srv = malloc(sizeof(xiconf_service_t *) * res->cnt);
# 1256|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/results/oval_cmp_ip_address.c: scope_hint: In function ‘ipv4addr_parse’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/results/oval_cmp_ip_address.c:213:15: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘s’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strchr’ must be non-null
# 211|
# 212| s = strdup(oval_ipv4_string);
# 213|-> pfx = strchr(s, '/');
# 214| if (pfx) {
# 215| int cnt;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/results/oval_cmp_ip_address.c: scope_hint: In function ‘ipv6addr_parse’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/results/oval_cmp_ip_address.c:253:15: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘s’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strchr’ must be non-null
# 251|
# 252| s = strdup(oval_ipv6_string);
# 253|-> pfx = strchr(s, '/');
# 254| if (pfx) {
# 255| *pfx++ = '\0';
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/results/oval_resultDefinition.c: scope_hint: In function ‘oval_result_definition_set_result’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/results/oval_resultDefinition.c:199:28: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘definition’
# 197| {
# 198| __attribute__nonnull__(definition);
# 199|-> definition->result = result;
# 200| }
# 201|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/results/oval_resultDefinition.c: scope_hint: In function ‘oval_result_definition_set_instance’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/results/oval_resultDefinition.c:205:30: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘definition’
# 203| {
# 204| __attribute__nonnull__(definition);
# 205|-> definition->instance = instance;
# 206| // When a new variable_instance is set, we usually want to reset the hint
# 207| definition->variable_instance_hint = instance;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/results/oval_resultDefinition.c: scope_hint: In function ‘oval_result_definition_set_criteria’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/results/oval_resultDefinition.c:213:23: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘definition’
# 211| {
# 212| __attribute__nonnull__(definition);
# 213|-> if (definition->criteria) {
# 214| if (oval_result_criteria_node_get_type(criteria) == OVAL_NODETYPE_CRITERIA) {
# 215| oval_result_criteria_node_free(definition->criteria);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/results/oval_resultDefinition.c: scope_hint: In function ‘oval_result_definition_add_message.part.0’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/results/oval_resultDefinition.c:224:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘definition’
# 222| __attribute__nonnull__(definition);
# 223| if (message)
# 224|-> oval_collection_add(definition->messages, message);
# 225| }
# 226|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/results/oval_resultItem.c: scope_hint: In function ‘oval_result_item_set_result’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/results/oval_resultItem.c:147:22: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘item’
# 145| {
# 146| __attribute__nonnull__(item);
# 147|-> item->result = result;
# 148| }
# 149|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/results/oval_resultItem.c: scope_hint: In function ‘oval_result_item_add_message’
openscap-1.4.0-build/openscap-1.4.0/src/OVAL/results/oval_resultItem.c:153:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘item’
# 151| {
# 152| __attribute__nonnull__(item);
# 153|-> oval_collection_add(item->messages, message);
# 154| }
# 155|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/SCE/sce_engine.c: scope_hint: In function ‘sce_check_result_new’
openscap-1.4.0-build/openscap-1.4.0/src/SCE/sce_engine.c:81:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
# 79| {
# 80| struct sce_check_result* ret = malloc(sizeof(struct sce_check_result));
# 81|-> ret->href = NULL;
# 82| ret->basename = NULL;
# 83| ret->std_out = NULL;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/SCE/sce_engine.c: scope_hint: In function ‘sce_session_new’
openscap-1.4.0-build/openscap-1.4.0/src/SCE/sce_engine.c:225:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
# 223| {
# 224| struct sce_session* ret = malloc(sizeof(struct sce_session));
# 225|-> ret->results = oscap_list_new();
# 226|
# 227| return ret;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/SCE/sce_engine.c: scope_hint: In function ‘sce_parameters_new’
openscap-1.4.0-build/openscap-1.4.0/src/SCE/sce_engine.c:281:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
# 279| {
# 280| struct sce_parameters *ret = malloc(sizeof(struct sce_parameters));
# 281|-> ret->xccdf_directory = NULL;
# 282| ret->session = NULL;
# 283|
Error: GCC_ANALYZER_WARNING (CWE-775):
openscap-1.4.0-build/openscap-1.4.0/src/SCE/sce_engine.c: scope_hint: In function ‘sce_engine_eval_rule’
openscap-1.4.0-build/openscap-1.4.0/src/SCE/sce_engine.c:390:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stderr_pipefd[0]’
# 388| "Expected location: '%s'.", href, tmp_href);
# 389| free(tmp_href);
# 390|-> return XCCDF_RESULT_NOT_CHECKED;
# 391| }
# 392|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/SCE/sce_engine.c:414:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘env_values’
# 412| const size_t index_of_first_env_value_not_compiled_in = 10;
# 413|
# 414|-> env_values[0] = "PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin";
# 415|
# 416| env_values[1] = "XCCDF_RESULT_PASS=101";
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/benchmark.c: scope_hint: In function ‘xccdf_plain_text_new_fill’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/benchmark.c:891:15: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_plain_text_new()’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/benchmark.c: scope_hint: In function ‘xccdf_plain_text_new_fill’
# 889| {
# 890| struct xccdf_plain_text *plain = xccdf_plain_text_new();
# 891|-> plain->id = oscap_strdup(id);
# 892| plain->text = oscap_strdup(text);
# 893| return plain;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/benchmark.c: scope_hint: In function ‘xccdf_plain_text_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/benchmark.c:909:15: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘plain’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/benchmark.c: scope_hint: In function ‘xccdf_plain_text_clone’
# 907| {
# 908| struct xccdf_plain_text *plain = calloc(1, sizeof(struct xccdf_plain_text));
# 909|-> plain->id = oscap_strdup(pt->id);
# 910| plain->text = oscap_strdup(pt->text);
# 911| return plain;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:40: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_get_type’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/helpers.h:52:86: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘item’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:918:1: note: in expansion of macro ‘XCCDF_ABSTRACT_GETTER’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:881:1: note: in expansion of macro ‘XCCDF_BENCHGETTER’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/helpers.h:31:52: note: in definition of macro ‘XBENCHMARK’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:881:1: note: in expansion of macro ‘XCCDF_BENCHGETTER’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/helpers.h:31:52: note: in definition of macro ‘XBENCHMARK’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:881:1: note: in expansion of macro ‘XCCDF_BENCHGETTER’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:918:1: note: in expansion of macro ‘XCCDF_ABSTRACT_GETTER’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:918:1: note: in expansion of macro ‘XCCDF_ABSTRACT_GETTER’
# 50| { return oscap_iterator_new(item->MNAME); }
# 51| #define XCCDF_ABSTRACT_GETTER(RTYPE,TNAME,MNAME,MEMBER) \
# 52|-> RTYPE xccdf_##TNAME##_get_##MNAME(const struct xccdf_##TNAME* item) { return (RTYPE)(XITEM(item)->MEMBER); }
# 53| #define XCCDF_ITERATOR_GETTER(ITYPE,TNAME,MNAME,MEMBER) \
# 54| struct xccdf_##ITYPE##_iterator* xccdf_##TNAME##_get_##MNAME(const struct xccdf_##TNAME* item) \
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_new’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:128:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘item’
# 126|
# 127| item = calloc(1, size);
# 128|-> item->type = type;
# 129| item->item.title = oscap_list_new();
# 130| item->item.description = oscap_list_new();
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:151:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_item’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_clone’
# 149|
# 150| xccdf_item_base_clone(&new_item->item, &(old_item->item));
# 151|-> new_item->type = old_item->type;
# 152|
# 153| switch (new_item->type) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_status_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:217:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_status’
# 215| {
# 216| struct xccdf_status *new_status = calloc(1, sizeof(struct xccdf_status));
# 217|-> new_status->status = old_status->status;
# 218| new_status->date = old_status->date;
# 219| return new_status;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_warning_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:226:27: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_warning’
# 224| {
# 225| struct xccdf_warning *new_warning = calloc(1, sizeof(struct xccdf_warning));
# 226|-> new_warning->text = oscap_text_clone(old_warning->text);
# 227| new_warning->category = old_warning->category;
# 228| return new_warning;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_add_applicable_platform’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:788:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘first_group’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strncpy’ must be non-null
# 786| size_t first_group_len = first_group_end - first_group_start;
# 787| char *first_group = malloc(first_group_len + 1); // + 1 for '\0'
# 788|-> strncpy(first_group, platform_idref + first_group_start, first_group_len);
# 789| first_group[first_group_len] = '\0';
# 790| const int second_group_start = ovector[4];
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:794:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘second_group’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strncpy’ must be non-null
# 792| size_t second_group_len = second_group_end - second_group_start;
# 793| char *second_group = malloc(second_group_len + 1); // + 1 for '\0'
# 794|-> strncpy(second_group, platform_idref + second_group_start, second_group_len);
# 795| second_group[second_group_len] = '\0';
# 796| char *alternate_platform_idref = oscap_sprintf("%s_%s", first_group, second_group);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_status_new_fill’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:1006:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
# 1004| return NULL;
# 1005| ret = calloc(1, sizeof(struct xccdf_status));
# 1006|-> if ((ret->status = oscap_string_to_enum(XCCDF_STATUS_MAP, status)) == XCCDF_STATUS_NOT_SPECIFIED) {
# 1007| free(ret);
# 1008| return NULL;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_model_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:1060:27: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_model’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_model_clone’
# 1058| {
# 1059| struct xccdf_model *new_model = calloc(1, sizeof(struct xccdf_model));
# 1060|-> new_model->system = oscap_strdup(old_model->system);
# 1061|
# 1062| //params maps char * to char * so we will need to oscap_strdup the items.
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_model_new’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:1071:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘model’
# 1069| {
# 1070| struct xccdf_model *model = calloc(1, sizeof(struct xccdf_model));
# 1071|-> model->params = oscap_htable_new();
# 1072| return model;
# 1073| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_warning_new’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:1119:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘w’
# 1117| {
# 1118| struct xccdf_warning *w = calloc(1, sizeof(struct xccdf_warning));
# 1119|-> w->category = XCCDF_WARNING_GENERAL;
# 1120| return w;
# 1121| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_value_instance_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:1217:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
# 1215| {
# 1216| struct xccdf_value_instance * clone = calloc(1, sizeof(struct xccdf_value_instance));
# 1217|-> clone->type = val->type;
# 1218|
# 1219| clone->value = oscap_strdup(val->value);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_identity_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:1248:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_identity_clone’
# 1246| clone->sub.authenticated = identity->sub.authenticated;
# 1247| clone->sub.privileged = identity->sub.privileged;
# 1248|-> clone->name = oscap_strdup(identity->name);
# 1249| return clone;
# 1250| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_target_fact_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:1255:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
# 1253| {
# 1254| struct xccdf_target_fact * clone = calloc(1, sizeof(struct xccdf_target_fact));
# 1255|-> clone->type = tf->type;
# 1256| clone->name = oscap_strdup(tf->name);
# 1257| clone->value = oscap_strdup(tf->value);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_override_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:1264:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
# 1262| {
# 1263| struct xccdf_override * clone = calloc(1, sizeof(struct xccdf_override));
# 1264|-> clone->time = override->time;
# 1265| clone->authority = oscap_strdup(clone->authority);
# 1266| clone->old_result = override->old_result;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_message_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:1275:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_message_clone’
# 1273| {
# 1274| struct xccdf_message * clone = calloc(1, sizeof(struct xccdf_message));
# 1275|-> clone->content = oscap_strdup(message->content);
# 1276| clone->severity = message->severity;
# 1277| return clone;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_instance_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:1283:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_instance_clone’
# 1281| {
# 1282| struct xccdf_instance * clone = calloc(1, sizeof(struct xccdf_instance));
# 1283|-> clone->context = oscap_strdup(instance->context);
# 1284| clone->parent_context = oscap_strdup(instance->parent_context);
# 1285| clone->content = oscap_strdup(instance->content);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:1292:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’
# 1290| {
# 1291| struct xccdf_rule_result * clone = calloc(1, sizeof(struct xccdf_rule_result));
# 1292|-> clone->idref = oscap_strdup(result->idref);
# 1293| clone->role = result->role;
# 1294| clone->time = oscap_strdup(result->time);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c: scope_hint: In function ‘xccdf_score_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.c:1311:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
# 1309| {
# 1310| struct xccdf_score * clone = calloc(1, sizeof(struct xccdf_score));
# 1311|-> clone->maximum = score->maximum;
# 1312| clone->score = score->score;
# 1313| clone->system = oscap_strdup(score->system);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_setvalue_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c:43:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_setvalue_clone’
# 41| {
# 42| struct xccdf_setvalue * clone = calloc(1, sizeof(struct xccdf_setvalue));
# 43|-> clone->item = oscap_strdup(old_value->item);
# 44| clone->value = oscap_strdup(old_value->value);
# 45| return clone;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_setvalue_new_parse’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c:54:18: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘sv’
# 52| return NULL;
# 53| struct xccdf_setvalue *sv = calloc(1, sizeof(struct xccdf_setvalue));
# 54|-> sv->item = oscap_strdup(id);
# 55| sv->value = oscap_element_string_copy(reader);
# 56| return sv;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_refine_value_new’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c:83:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘foo’
# 81| {
# 82| struct xccdf_refine_value *foo = calloc(1, sizeof(struct xccdf_refine_value));
# 83|-> foo->remarks = oscap_list_new();
# 84| return foo;
# 85| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_refine_value_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c:90:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_refine_value_clone’
# 88| {
# 89| struct xccdf_refine_value *clone = calloc(1, sizeof(struct xccdf_refine_value));
# 90|-> clone->item = oscap_strdup(value->item);
# 91| clone->selector = oscap_strdup(value->selector);
# 92| clone->oper = value->oper;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_refine_rule_new’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c:100:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘foo’
# 98| {
# 99| struct xccdf_refine_rule *foo = calloc(1, sizeof(struct xccdf_refine_rule));
# 100|-> foo->role = XCCDF_ROLE_FULL;
# 101| foo->remarks = oscap_list_new();
# 102| return foo;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_refine_rule_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c:108:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_refine_rule_clone’
# 106| {
# 107| struct xccdf_refine_rule * clone = calloc(1, sizeof(struct xccdf_refine_rule));
# 108|-> clone->item = oscap_strdup(rule->item);
# 109| clone->selector = oscap_strdup(rule->selector);
# 110| clone->role = rule->role;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_select_new’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c:125:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘foo’
# 123| {
# 124| struct xccdf_select *foo = calloc(1, sizeof(struct xccdf_select));
# 125|-> foo->remarks = oscap_list_new();
# 126| return foo;
# 127| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_select_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c:132:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_select_clone’
# 130| {
# 131| struct xccdf_select *clone = calloc(1, sizeof(struct xccdf_select));
# 132|-> clone->item = oscap_strdup(sel->item);
# 133| clone->remarks = oscap_list_clone(sel->remarks, (oscap_clone_func) oscap_text_clone);
# 134| clone->selected = sel->selected;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_profile_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/profile.c:211:27: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_profile’
# 209| struct xccdf_item *old = XITEM(old_profile);
# 210| xccdf_item_base_clone(&new_profile->item, &(old->item));
# 211|-> new_profile->type = old->type;
# 212| xccdf_profile_item_clone(&new_profile->sub.profile, &old->sub.profile);
# 213| return XPROFILE(new_profile);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c: scope_hint: In function ‘xccdf_score_new’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:665:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘score’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.h:29: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:73: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:1385:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’
# 663| {
# 664| struct xccdf_score *score = calloc(1, sizeof(struct xccdf_score));
# 665|-> score->score = NAN;
# 666| score->maximum = XCCDF_SCORE_MAX_DAFAULT;
# 667| return score;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c: scope_hint: In function ‘xccdf_target_identifier_set_xml_node’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:813:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ti’
# 811| bool xccdf_target_identifier_set_xml_node(struct xccdf_target_identifier *ti, void* node)
# 812| {
# 813|-> if (!ti->any_element) {
# 814| free(ti->system);
# 815| free(ti->href);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c: scope_hint: In function ‘xccdf_target_identifier_set_system’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:837:15: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ti’
# 835| bool xccdf_target_identifier_set_system(struct xccdf_target_identifier *ti, const char *newval)
# 836| {
# 837|-> if (ti->any_element) {
# 838| if (ti->element)
# 839| xmlFreeNode(ti->element);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c: scope_hint: In function ‘xccdf_instance_new’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:907:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘inst’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c: scope_hint: In function ‘xccdf_instance_new’
# 905| {
# 906| struct xccdf_instance *inst = calloc(1, sizeof(struct xccdf_instance));
# 907|-> inst->context = oscap_strdup(XCCDF_INSTANCE_DEFAULT_CONTEXT);
# 908| return inst;
# 909| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c: scope_hint: In function ‘xccdf_identity_new_parse’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:1351:37: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_identity_new()’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:1346:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’
# 1349| identity->sub.authenticated = xccdf_attribute_get_bool(reader, XCCDFA_AUTHENTICATED);
# 1350| identity->sub.privileged = xccdf_attribute_get_bool(reader, XCCDFA_PRIVILEDGED);
# 1351|-> identity->name = oscap_element_string_copy(reader);
# 1352| return identity;
# 1353| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c: scope_hint: In function ‘xccdf_target_fact_new_parse’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:1360:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_target_fact_new()’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:1357:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’
# 1358|
# 1359| struct xccdf_target_fact *fact = xccdf_target_fact_new();
# 1360|-> fact->type = oscap_string_to_enum(XCCDF_FACT_TYPE_MAP, xccdf_attribute_get(reader, XCCDFA_TYPE));
# 1361| fact->name = xccdf_attribute_copy(reader, XCCDFA_NAME);
# 1362| fact->value = oscap_element_string_copy(reader);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c: scope_hint: In function ‘xccdf_rule_result_new_parse’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:1402:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_rule_result_new()’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:1398:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’
# 1400| struct xccdf_rule_result *rr = xccdf_rule_result_new();
# 1401|
# 1402|-> rr->idref = xccdf_attribute_copy(reader, XCCDFA_IDREF);
# 1403| rr->role = oscap_string_to_enum(XCCDF_ROLE_MAP, xccdf_attribute_get(reader, XCCDFA_ROLE));
# 1404| rr->time = xccdf_attribute_copy(reader, XCCDFA_TIME);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c: scope_hint: In function ‘xccdf_override_new_parse’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:1622:29: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_override_new()’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:1618:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’
# 1620| struct xccdf_override *override = xccdf_override_new();
# 1621|
# 1622|-> override->time = xccdf_attribute_copy(reader, XCCDFA_TIME);
# 1623| override->authority = xccdf_attribute_copy(reader, XCCDFA_AUTHORITY);
# 1624|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c: scope_hint: In function ‘xccdf_message_new_parse’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:1682:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_message_new()’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:1679:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’
# 1680|
# 1681| struct xccdf_message *msg = xccdf_message_new();
# 1682|-> msg->severity = oscap_string_to_enum(XCCDF_LEVEL_MAP, xccdf_attribute_get(reader, XCCDFA_SEVERITY));
# 1683| msg->content = oscap_element_string_copy(reader);
# 1684| return msg;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_default_score’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c:91:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘score’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘xccdf_item_get_default_score’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_default_score’
# 89|
# 90| /* Count with this rule */
# 91|-> score->count = 1;
# 92|
# 93| /* If the test result is 'pass', assign the node a score of 100, otherwise assign a score of 0 */
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c:108:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘score’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘xccdf_item_get_default_score’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_default_score’
# 106| /* Init */
# 107| score = malloc(sizeof(struct xccdf_default_score));
# 108|-> score->count = 0;
# 109| score->score = 0.0;
# 110| score->accumulator = 0.0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c:192:39: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘score’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’
# 190| /* max possible score = sum of weights*/
# 191| if (unweighted)
# 192|-> score->weight = 1.0;
# 193| else score->weight =
# 194| xccdf_item_get_weight(item);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c:193:36: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘score’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’
# 191| if (unweighted)
# 192| score->weight = 1.0;
# 193|-> else score->weight =
# 194| xccdf_item_get_weight(item);
# 195|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c:210:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘score’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’
# 208| /* Init */
# 209| score = malloc(sizeof(struct xccdf_flat_score));
# 210|-> score->score = 0;
# 211| score->weight = 0.0;
# 212|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_result_calculate_score’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c:257:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘xccdf_result_calculate_score’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_result_calculate_score’
# 255| if (oscap_streq(score_system, "urn:xccdf:scoring:default")) {
# 256| struct xccdf_default_score * item_score = xccdf_item_get_default_score(benchmark, test_result);
# 257|-> xccdf_score_set_score(score, item_score->score);
# 258| free(item_score);
# 259| } else if (oscap_streq(score_system, "urn:xccdf:scoring:flat")) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c:261:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘xccdf_result_calculate_score’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_result_calculate_score’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘xccdf_result_calculate_score’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_result_calculate_score’
# 259| } else if (oscap_streq(score_system, "urn:xccdf:scoring:flat")) {
# 260| struct xccdf_flat_score * item_score = xccdf_item_get_flat_score(benchmark, test_result, false);
# 261|-> xccdf_score_set_maximum(score, item_score->weight);
# 262| xccdf_score_set_score(score, item_score->score);
# 263| free(item_score);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_rule_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:301:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_rule’
# 299| struct xccdf_item *old = XITEM(rule);
# 300| xccdf_item_base_clone(&new_rule->item, &(old->item));
# 301|-> new_rule->type = old->type;
# 302| xccdf_rule_item_clone(&new_rule->sub.rule, &old->sub.rule);
# 303| return XRULE(new_rule);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_rule_parse’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:339:46: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_profile_note_new()’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/item.h:29: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:33: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:308:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’
# 337| break;
# 338| struct xccdf_profile_note *note = xccdf_profile_note_new();
# 339|-> note->reftag = oscap_strdup(tag);
# 340| note->text = oscap_text_new_parse(XCCDF_TEXT_PROFNOTE, reader);
# 341| oscap_list_add(rule->sub.rule.profile_notes, note);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_ident_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:445:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_ident_new()’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_ident_clone’
# 443| {
# 444| struct xccdf_ident * clone = xccdf_ident_new();
# 445|-> clone->id = oscap_strdup(ident->id);
# 446| clone->system = oscap_strdup(ident->system);
# 447| return clone;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_ident_new_fill’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:458:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_ident_new()’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_ident_new_fill’
# 456| {
# 457| struct xccdf_ident *ident = xccdf_ident_new();
# 458|-> ident->id = oscap_strdup(id);
# 459| ident->system = oscap_strdup(sys);
# 460| return ident;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_profile_note_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:504:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_profile_note_new()’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_profile_note_clone’
# 502| {
# 503| struct xccdf_profile_note * clone = xccdf_profile_note_new();
# 504|-> clone->reftag = oscap_strdup(note->reftag);
# 505| clone->text = oscap_text_clone(note->text);
# 506| return clone;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_new’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:523:29: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘check’
# 521| {
# 522| struct xccdf_check *check = calloc(1, sizeof(struct xccdf_check));
# 523|-> check->content_refs = oscap_list_new();
# 524| check->imports = oscap_list_new();
# 525| check->exports = oscap_list_new();
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:535:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_check’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_clone’
# 533| struct xccdf_check *new_check = calloc(1, sizeof(struct xccdf_check));
# 534|
# 535|-> new_check->id = oscap_strdup(old_check->id);
# 536| new_check->system = oscap_strdup(old_check->system);
# 537| new_check->selector = oscap_strdup(old_check->selector);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_import_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:554:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_check_import_new()’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_import_clone’
# 552| {
# 553| struct xccdf_check_import *new_import = xccdf_check_import_new();
# 554|-> new_import->name = oscap_strdup(old_import->name);
# 555| if (old_import->xpath)
# 556| new_import->xpath = oscap_strdup(old_import->xpath);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_export_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:565:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_check_export_new()’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_export_clone’
# 563| {
# 564| struct xccdf_check_export *new_export = xccdf_check_export_new();
# 565|-> new_export->name = oscap_strdup(old_export->name);
# 566| new_export->value = oscap_strdup(old_export->value);
# 567| return new_export;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_content_ref_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:574:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_check_content_ref_new()’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_content_ref_clone’
# 572| {
# 573| struct xccdf_check_content_ref *new_ref = xccdf_check_content_ref_new();
# 574|-> new_ref->name = oscap_strdup(old_ref->name);
# 575| new_ref->href = oscap_strdup(old_ref->href);
# 576| return new_ref;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_parse’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:612:43: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_check_content_ref_new()’
# 610| break;
# 611| struct xccdf_check_content_ref *ref = xccdf_check_content_ref_new();
# 612|-> ref->name = xccdf_attribute_copy(reader, XCCDFA_NAME);
# 613| ref->href = oscap_strdup(href);
# 614| oscap_list_add(check->content_refs, ref);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:627:43: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_check_import_new()’
# 625| break;
# 626| struct xccdf_check_import *imp = xccdf_check_import_new();
# 627|-> imp->name = oscap_strdup(name);
# 628| if (xpath) // @import-xpath is just optional
# 629| imp->xpath = oscap_strdup(xpath);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:639:43: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_check_export_new()’
# 637| break;
# 638| struct xccdf_check_export *exp = xccdf_check_export_new();
# 639|-> exp->name = oscap_strdup(name);
# 640| exp->value = xccdf_attribute_copy(reader, XCCDFA_VALUE_ID);
# 641| oscap_list_add(check->exports, exp);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_fix_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:783:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_fix’
# 781| struct xccdf_fix *new_fix = calloc(1, sizeof(struct xccdf_fix));
# 782|
# 783|-> new_fix->reboot = old_fix->reboot;
# 784| new_fix->strategy = old_fix->strategy;
# 785| new_fix->disruption = old_fix->disruption;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_fix_parse’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:801:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_fix_new()’
# 799| {
# 800| struct xccdf_fix *fix = xccdf_fix_new();
# 801|-> fix->id = xccdf_attribute_copy(reader, XCCDFA_ID);
# 802| fix->system = xccdf_attribute_copy(reader, XCCDFA_SYSTEM);
# 803| fix->platform = xccdf_attribute_copy(reader, XCCDFA_PLATFORM);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_fixtext_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:820:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_fixtext_new()’
# 818| {
# 819| struct xccdf_fixtext * clone = xccdf_fixtext_new();
# 820|-> clone->reboot = fixtext->reboot;
# 821| clone->strategy = fixtext->strategy;
# 822| clone->disruption = fixtext->disruption;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_fixtext_parse’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/rule.c:832:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_fixtext_new()’
# 830| {
# 831| struct xccdf_fixtext *fix = xccdf_fixtext_new();
# 832|-> fix->fixref = xccdf_attribute_copy(reader, XCCDFA_FIXREF);
# 833| fix->text = oscap_text_new_parse(XCCDF_TEXT_HTMLSUB, reader);
# 834| fix->reboot = xccdf_attribute_get_bool(reader, XCCDFA_REBOOT);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/tailoring.c: scope_hint: In function ‘xccdf_tailoring_new’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/tailoring.c:44:34: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘tailoring’
# 42| tailoring->id = NULL;
# 43|
# 44|-> tailoring->benchmark_ref = NULL;
# 45| tailoring->benchmark_ref_version = NULL;
# 46|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/value.c: scope_hint: In function ‘xccdf_value_clone’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/value.c:64:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_value’
# 62| struct xccdf_item *old = XITEM(value);
# 63| xccdf_item_base_clone(&new_value->item, &old->item);
# 64|-> new_value->type = old->type;
# 65| xccdf_value_item_clone(&new_value->sub.value, &XITEM(value)->sub.value);
# 66| return XVALUE(new_value);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/value.c: scope_hint: In function ‘xccdf_value_instance_new’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/value.c:390:27: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘inst’
# 388| {
# 389| struct xccdf_value_instance *inst = calloc(1, sizeof(struct xccdf_value_instance));
# 390|-> inst->lower_bound = NAN;
# 391| inst->upper_bound = NAN;
# 392|
Error: GCC_ANALYZER_WARNING (CWE-126):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_oval_content_resources_free.part.0’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c:1001:40: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_oval_content_resources_free.part.0’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_oval_content_resources_free.part.0’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c:1001:40: note: read of 8 bytes from after the end of the region
# 999| {
# 1000| if (resources) {
# 1001|-> for (int i=0; resources[i]; i++) {
# 1002| free(resources[i]->href);
# 1003| if (resources[i]->source_owned) {
Error: GCC_ANALYZER_WARNING (CWE-126):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c:1003:38: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_oval_content_resources_free.part.0’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_oval_content_resources_free.part.0’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c:1003:38: note: read of 8 bytes from after the end of the region
# 1001| for (int i=0; resources[i]; i++) {
# 1002| free(resources[i]->href);
# 1003|-> if (resources[i]->source_owned) {
# 1004| oscap_source_free(resources[i]->source);
# 1005| }
Error: GCC_ANALYZER_WARNING (CWE-126):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c:1006:25: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_oval_content_resources_free.part.0’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_oval_content_resources_free.part.0’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c:1006:25: note: read of 8 bytes from after the end of the region
# 1004| oscap_source_free(resources[i]->source);
# 1005| }
# 1006|-> free(resources[i]);
# 1007| }
# 1008| free(resources);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_xccdf_session_get_oval_from_model’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c:1056:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘resources’
# 1054|
# 1055| resources = malloc(sizeof(struct oval_content_resource *));
# 1056|-> resources[idx] = NULL;
# 1057|
# 1058| files = xccdf_policy_model_get_systems_and_files(session->xccdf.policy_model);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c:1097:46: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*<unknown>’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_xccdf_session_get_oval_from_model’
# 1095| if (source != NULL) {
# 1096| resources[idx] = malloc(sizeof(struct oval_content_resource));
# 1097|-> resources[idx]->href = oscap_strdup(oscap_file_entry_get_file(file_entry));
# 1098| resources[idx]->source_owned = source_owned;
# 1099| resources[idx]->source = source;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c:1127:70: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(24)’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_xccdf_session_get_oval_from_model’
# 1125|
# 1126| resources[idx] = malloc(sizeof(struct oval_content_resource));
# 1127|-> resources[idx]->href = oscap_strdup(printable_path);
# 1128| resources[idx]->source = oscap_source_new_take_memory(data, data_size, printable_path);
# 1129| resources[idx]->source_owned = true;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/check_engine_plugin.c: scope_hint: In function ‘check_engine_plugin_load2’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/check_engine_plugin.c:60:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/check_engine_plugin.c: scope_hint: In function ‘check_engine_plugin_load2’
# 58| char *full_path = path_prefix ? oscap_sprintf("%s/%s", path_prefix, path) : oscap_strdup(path);
# 59| // NB: valgrind reports a leak on the next line, I have confirmed this to be a false positive
# 60|-> ret->module_handle = dlopen(full_path, RTLD_LAZY);
# 61| free(full_path);
# 62|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy.c: scope_hint: In function ‘xccdf_policy_model_platforms_are_applicable_dict’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy.c:860:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘usr’
# 858|
# 859| struct cpe_check_cb_usr* usr = malloc(sizeof(struct cpe_check_cb_usr));
# 860|-> usr->model = model;
# 861| usr->dict = dict;
# 862| usr->lang_model = NULL;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy.c: scope_hint: In function ‘xccdf_policy_model_platforms_are_applicable_lang_model’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy.c:903:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘usr’
# 901|
# 902| struct cpe_check_cb_usr* usr = malloc(sizeof(struct cpe_check_cb_usr));
# 903|-> usr->model = model;
# 904| usr->dict = NULL;
# 905| usr->lang_model = lang_model;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy.c: scope_hint: In function ‘oscap_file_entry_dup’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy.c:1289:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘oscap_file_entry_new()’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy.c: scope_hint: In function ‘oscap_file_entry_dup’
# 1287|
# 1288| struct oscap_file_entry *ret = oscap_file_entry_new();
# 1289|-> ret->system_name = oscap_strdup(source->system_name);
# 1290| ret->file = oscap_strdup(source->file);
# 1291|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy.c: scope_hint: In function ‘xccdf_check_get_systems_and_files’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy.c:1405:37: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘oscap_file_entry_new()’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy.c: scope_hint: In function ‘xccdf_check_get_systems_and_files’
# 1403|
# 1404| file_entry = (struct oscap_file_entry *) oscap_file_entry_new();
# 1405|-> file_entry->system_name = oscap_strdup(system_name);
# 1406| file_entry->file = oscap_strdup(href);
# 1407|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy.c: scope_hint: In function ‘xccdf_policy_evaluate’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy.c:2148:53: warning[-Wanalyzer-null-argument]: use of NULL ‘id’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy.c: scope_hint: In function ‘xccdf_policy_evaluate’
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 2146| rid_prefix = "OSCAP-Test-";
# 2147| }
# 2148|-> const size_t rid_len = strlen(rid_prefix) + strlen(id) + 1; // + 1 for terminating '\0'
# 2149| char *rid = malloc(rid_len);
# 2150| snprintf(rid, rid_len, "%s%s", rid_prefix, id);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_write_text_to_fd’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c:101:32: warning[-Wanalyzer-null-argument]: use of NULL ‘text’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘_write_text_to_fd’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_write_text_to_fd’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘_write_text_to_fd’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_write_text_to_fd’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_write_text_to_fd’
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 99|
# 100| ssize_t written = 0;
# 101|-> const ssize_t length = strlen(text);
# 102|
# 103| while (written < length) {
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c:101:32: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘text’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘_write_text_to_fd’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_write_text_to_fd’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘_write_text_to_fd’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_write_text_to_fd’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_write_text_to_fd’
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 99|
# 100| ssize_t written = 0;
# 101|-> const ssize_t length = strlen(text);
# 102|
# 103| while (written < length) {
Error: GCC_ANALYZER_WARNING (CWE-775):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c:411:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[0]’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_xccdf_fix_execute’
# 409| {
# 410| if (rr == NULL) {
# 411|-> return 1;
# 412| }
# 413|
Error: GCC_ANALYZER_WARNING (CWE-775):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c:411:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[1]’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF_POLICY/xccdf_policy_remediate.c:26: included_from: Included from here.
# 409| {
# 410| if (rr == NULL) {
# 411|-> return 1;
# 412| }
# 413|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/elements.c: scope_hint: In function ‘oscap_text_consumer’
openscap-1.4.0-build/openscap-1.4.0/src/common/elements.c:81:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newtext’
# 79| int size = strlen(platform) + strlen(text) + 1;
# 80| char *newtext = (char *) malloc(size * sizeof(char));
# 81|-> *newtext = 0;
# 82| strcat(newtext, platform);
# 83| strcat(newtext, text);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/error.c: scope_hint: In function ‘oscap_err_new’
openscap-1.4.0-build/openscap-1.4.0/src/common/error.c:57:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘err’
# 55| {
# 56| struct oscap_err_t *err = (struct oscap_err_t*)malloc(sizeof(struct oscap_err_t));
# 57|-> err->family = family;
# 58| err->desc = oscap_sprintf("%s [%s:%d]", desc, file, line);
# 59| err->func = func;
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c:37:35: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c: scope_hint: In function ‘oscap_create_lists’
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c: scope_hint: In function ‘oscap_create_lists’
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c: scope_hint: In function ‘oscap_create_lists’
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c: scope_hint: In function ‘oscap_create_lists’
# 35| struct oscap_list *oscap_list_new(void)
# 36| {
# 37|-> struct oscap_list *list = calloc(1, sizeof(struct oscap_list));
# 38| return list;
# 39| }
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c: scope_hint: In function ‘oscap_create_lists’
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c:48:1: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c: scope_hint: In function ‘oscap_create_lists’
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c: scope_hint: In function ‘oscap_create_lists’
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c: scope_hint: In function ‘oscap_create_lists’
# 46| *cur = oscap_list_new();
# 47| va_end(ap);
# 48|-> }
# 49|
# 50| bool oscap_list_add(struct oscap_list * list, void *value)
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c: scope_hint: In function ‘oscap_list_add.part.0’
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c:56:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘item’
# 54|
# 55| struct oscap_list_item *item = malloc(sizeof(struct oscap_list_item));
# 56|-> item->next = NULL;
# 57| item->data = value;
# 58| ++list->itemcount;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c:58:15: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘list’
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c: scope_hint: In function ‘oscap_list_add.part.0’
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c: scope_hint: In function ‘oscap_list_add.part.0’
# 56| item->next = NULL;
# 57| item->data = value;
# 58|-> ++list->itemcount;
# 59|
# 60| if (list->last == NULL)
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c: scope_hint: In function ‘oscap_list_prepend’
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c:75:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘item’
# 73|
# 74| struct oscap_list_item *item = malloc(sizeof(struct oscap_list_item));
# 75|-> item->next = NULL;
# 76| item->data = value;
# 77| ++list->itemcount;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c: scope_hint: In function ‘oscap_iterator_new’
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c:263:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘it’
# 261| struct oscap_iterator *it = calloc(1, sizeof(struct oscap_iterator));
# 262| it->cur = NULL;
# 263|-> it->filter = oscap_iterator_no_filter;
# 264| it->list = list;
# 265| return it;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c:264:18: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘it’
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c: scope_hint: In function ‘oscap_iterator_new_filter’
# 262| it->cur = NULL;
# 263| it->filter = oscap_iterator_no_filter;
# 264|-> it->list = list;
# 265| return it;
# 266| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c:399:40: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘p’
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c: scope_hint: In function ‘oscap_htable_add.part.0’
# 397| unsigned h = 0;
# 398| unsigned char *p;
# 399|-> for (p = (unsigned char *)str; *p != '\0'; p++)
# 400| h = (97 * h) + *p;
# 401| return h % htable_size;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c: scope_hint: In function ‘oscap_htable_add.part.0’
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c:489:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newhtitem’
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c: scope_hint: In function ‘oscap_htable_add.part.0’
# 487| struct oscap_htable_item *newhtitem;
# 488| newhtitem = malloc(sizeof(struct oscap_htable_item));
# 489|-> newhtitem->key = oscap_strdup(key);
# 490| newhtitem->value = item;
# 491| newhtitem->next = htable->table[hashcode];
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c: scope_hint: In function ‘oscap_htable_iterator_new’
openscap-1.4.0-build/openscap-1.4.0/src/common/list.c:582:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘hit’
# 580| {
# 581| struct oscap_htable_iterator *hit = calloc(1, sizeof(struct oscap_htable_iterator));
# 582|-> hit->htable = htable;
# 583| hit->cur = NULL;
# 584| hit->hpos = 0;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/common/oscap_acquire.c: scope_hint: In function ‘oscap_acquire_temp_dir’
openscap-1.4.0-build/openscap-1.4.0/src/common/oscap_acquire.c:119:13: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘strdup("/tmp/oscap.XXXXXX")’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/common/oscap_acquire.c: scope_hint: In function ‘oscap_acquire_temp_dir’
openscap-1.4.0-build/openscap-1.4.0/src/common/oscap_acquire.c:38: included_from: Included from here.
/usr/include/stdlib.h:870:14: note: argument 1 of ‘mkdtemp’ must be non-null
# 117| {
# 118| char *temp_dir = oscap_strdup(TEMP_DIR_TEMPLATE);
# 119|-> if (mkdtemp(temp_dir) == NULL) {
# 120| free(temp_dir);
# 121| oscap_seterr(OSCAP_EFAMILY_GLIBC, "Could not create temp directory " TEMP_DIR_TEMPLATE ". %s", strerror(errno));
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/oscap_buffer.c: scope_hint: In function ‘oscap_buffer_new’
openscap-1.4.0-build/openscap-1.4.0/src/common/oscap_buffer.c:51:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘s’
# 49| struct oscap_buffer *s;
# 50| s = malloc(sizeof(struct oscap_buffer));
# 51|-> s->data = malloc(INITIAL_CAPACITY);
# 52| s->data[0] = '\0';
# 53| s->length = 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/oscap_buffer.c:52:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(64)’
# 50| s = malloc(sizeof(struct oscap_buffer));
# 51| s->data = malloc(INITIAL_CAPACITY);
# 52|-> s->data[0] = '\0';
# 53| s->length = 0;
# 54| s->capacity = INITIAL_CAPACITY;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/oscap_pcre.c: scope_hint: In function ‘oscap_pcre_compile’
openscap-1.4.0-build/openscap-1.4.0/src/common/oscap_pcre.c:108:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘res’
# 106| int errno;
# 107| PCRE2_SIZE erroffset2;
# 108|-> res->re_ctx = NULL;
# 109| dD("pcre2_compile_8: patt=%s", pattern);
# 110| res->re = pcre2_compile_8((PCRE2_SPTR)pattern, PCRE2_ZERO_TERMINATED, _oscap_pcre_opts_to_pcre(options), &errno, &erroffset2, NULL);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/common/oscap_pcre.c: scope_hint: In function ‘oscap_pcre_get_substrings’
openscap-1.4.0-build/openscap-1.4.0/src/common/oscap_pcre.c:230:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘buf’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 228| len = ovector[2 * i + 1] - ovector[2 * i];
# 229| buf = malloc(len + 1);
# 230|-> memcpy(buf, str + ovector[2 * i], len);
# 231| buf[len] = '\0';
# 232| substrs[ret] = buf;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/oscap_pcre.c:232:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘substrs’
# 230| memcpy(buf, str + ovector[2 * i], len);
# 231| buf[len] = '\0';
# 232|-> substrs[ret] = buf;
# 233| ++ret;
# 234| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/oscap_queue.c: scope_hint: In function ‘oscap_queue_new’
openscap-1.4.0-build/openscap-1.4.0/src/common/oscap_queue.c:46:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘queue’
# 44| {
# 45| struct oscap_queue *queue = malloc(sizeof(struct oscap_queue));
# 46|-> queue->begin = NULL;
# 47| queue->end = NULL;
# 48| return queue;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/oscap_queue.c: scope_hint: In function ‘oscap_queue_add’
openscap-1.4.0-build/openscap-1.4.0/src/common/oscap_queue.c:54:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘temp’
# 52| {
# 53| struct oscap_queue_item *temp = malloc(sizeof(struct oscap_queue_item));
# 54|-> temp->data = data;
# 55| temp->next = NULL;
# 56| if (queue->begin == NULL) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/reference.c: scope_hint: In function ‘oscap_reference_new_parse’
openscap-1.4.0-build/openscap-1.4.0/src/common/reference.c:142:15: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ref’
# 140| xmlNode* ref_node = xmlTextReaderExpand(reader);
# 141|
# 142|-> ref->href = (char*) xmlGetProp(ref_node, BAD_CAST "href");
# 143|
# 144| for (xmlNode* cur = ref_node->children; cur != NULL; cur = cur->next)
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/reference.c: scope_hint: In function ‘oscap_reference_clone’
openscap-1.4.0-build/openscap-1.4.0/src/common/reference.c:189:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘oscap_reference_new()’
# 187| struct oscap_reference *new_ref = oscap_reference_new();
# 188|
# 189|-> new_ref->is_dublincore = ref->is_dublincore;
# 190| DC_ITEM_CLONE(title);
# 191| DC_ITEM_CLONE(creator);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/text.c: scope_hint: In function ‘oscap_text_new_full’
openscap-1.4.0-build/openscap-1.4.0/src/common/text.c:80:18: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘text’
# 78| {
# 79| struct oscap_text *text = calloc(1, sizeof(struct oscap_text));
# 80|-> text->traits = traits;
# 81| text->text = oscap_strdup(string);
# 82| text->lang = oscap_strdup(lang);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/tsort.c: scope_hint: In function ‘oscap_tsort_context_new’
openscap-1.4.0-build/openscap-1.4.0/src/common/tsort.c:44:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ctx’
# 42| {
# 43| struct oscap_tsort_context *ctx = calloc(1, sizeof(struct oscap_tsort_context));
# 44|-> ctx->visited = oscap_list_new();
# 45| ctx->cur_stack = oscap_list_new();
# 46| ctx->result = oscap_list_new();
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/common/util.c: scope_hint: In function ‘oscap_vsprintf’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.c:148:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘ret’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h:29: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/common/util.c:36: included_from: Included from here.
/usr/include/stdio.h:380:12: note: argument 1 of ‘vsprintf’ must be non-null
# 146|
# 147| ret = malloc(sizeof(char) * (length + 1));
# 148|-> vsprintf(ret, fmt, args);
# 149| assert(ret[length] == '\0');
# 150|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/util.c: scope_hint: In function ‘oscap_expand_ipv6’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.c:223:54: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘output_it’
# 221| *output_it++ = ':';
# 222|
# 223|-> *output_it++ = '0';
# 224| closed_component = true;
# 225| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/util.c:232:38: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘output_it’
# 230| }
# 231| else {
# 232|-> *output_it++ = *input_it;
# 233| }
# 234|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/util.c:239:38: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘output_it’
# 237| // if this was not the last char of the input add a separator
# 238| if (closed_component && *input_it)
# 239|-> *output_it++ = ':';
# 240| }
# 241|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/util.c:242:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘output_it’
# 240| }
# 241|
# 242|-> *output_it = '\0';
# 243|
# 244| return ret;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/common/util.c: scope_hint: In function ‘oscap_path_join’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.c:356:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘joined_path’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strncpy’ must be non-null
# 354| const size_t joined_path_len = path1_len + 1 + path2_len;
# 355| char *joined_path = malloc(joined_path_len + 1);
# 356|-> strncpy(joined_path, path1, path1_len);
# 357| joined_path[path1_len++] = PATH_SEPARATOR;
# 358| strncpy(joined_path + path1_len, path2 + path2_shift, path2_len);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/common/util.c: scope_hint: In function ‘oscap_path_startswith’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.c:455:28: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.c: scope_hint: In function ‘oscap_path_startswith’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.c: scope_hint: In function ‘oscap_path_startswith’
# 453| char **prefix_split = oscap_split(prefix_dup, del);
# 454| int i = 0, j = 0;
# 455|-> while (prefix_split[i] && path_split[j]) {
# 456| if (!strcmp(prefix_split[i], "")) {
# 457| ++i;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/common/util.c: scope_hint: In function ‘oscap_concat’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.c:485:9: warning[-Wanalyzer-null-argument]: use of NULL ‘str1’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/common/util.c:29: included_from: Included from here.
/usr/include/string.h:152:14: note: argument 1 of ‘strncat’ must be non-null
# 483| size_t str2_len = strlen(str2);
# 484| str1 = realloc(str1, str1_len + str2_len + 1);
# 485|-> strncat(str1, str2, str2_len);
# 486| return str1;
# 487| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/elements.h:29: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c: scope_hint: In function ‘xccdf_override_set_old_result’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h:225:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘obj’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h:232:9: note: in expansion of macro ‘OSCAP_SETTER_GENERIC_NODELETE’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h:259:43: note: in expansion of macro ‘OSCAP_SETTER_SIMPLE’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:699:1: note: in expansion of macro ‘OSCAP_ACCESSOR_SIMPLE’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h:194:55: note: in definition of macro ‘OSCAP_SETTER_HEADER’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h:232:9: note: in expansion of macro ‘OSCAP_SETTER_GENERIC_NODELETE’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h:259:43: note: in expansion of macro ‘OSCAP_SETTER_SIMPLE’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:699:1: note: in expansion of macro ‘OSCAP_ACCESSOR_SIMPLE’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h:232:9: note: in expansion of macro ‘OSCAP_SETTER_GENERIC_NODELETE’
openscap-1.4.0-build/openscap-1.4.0/src/common/util.h:259:43: note: in expansion of macro ‘OSCAP_SETTER_SIMPLE’
openscap-1.4.0-build/openscap-1.4.0/src/XCCDF/result.c:699:1: note: in expansion of macro ‘OSCAP_ACCESSOR_SIMPLE’
# 223| #define OSCAP_SETTER_GENERIC_NODELETE(SNAME, MTYPE, MNAME, ASSIGNER) \
# 224| OSCAP_SETTER_HEADER(SNAME, MTYPE, MNAME) \
# 225|-> { obj->MNAME = ASSIGNER(newval); return true; }
# 226|
# 227| /**
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/source/bz2.c: scope_hint: In function ‘bz2_fd_open’
openscap-1.4.0-build/openscap-1.4.0/src/source/bz2.c:60:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘b’
# 58| if (f) {
# 59| b = malloc(sizeof(struct bz2_file));
# 60|-> b->f = f;
# 61| b->file = BZ2_bzReadOpen(&bzerror, f, 0, 0, NULL, 0);
# 62| b->eof = false;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/source/bz2.c: scope_hint: In function ‘bz2_mem_open’
openscap-1.4.0-build/openscap-1.4.0/src/source/bz2.c:128:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘b’
# 126| {
# 127| struct bz2_mem *b = calloc(1, sizeof(struct bz2_mem));
# 128|-> b->stream = calloc(1, sizeof(bz_stream));
# 129| // next_in should point at the compressed data
# 130| b->stream->next_in = (char *) buffer;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/source/bz2.c:130:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘calloc(1, 80)’
# 128| b->stream = calloc(1, sizeof(bz_stream));
# 129| // next_in should point at the compressed data
# 130|-> b->stream->next_in = (char *) buffer;
# 131| // and avail_in should indicate how many bytes the library may read
# 132| b->stream->avail_in = size;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/source/oscap_source.c: scope_hint: In function ‘oscap_source_get_raw_memory’
openscap-1.4.0-build/openscap-1.4.0/src/source/oscap_source.c:461:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘ret’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 459| if (source->origin.memory != NULL) {
# 460| char *ret = (char*)malloc(source->origin.memory_size);
# 461|-> memcpy(ret, source->origin.memory, source->origin.memory_size);
# 462| *buffer = ret;
# 463| *size = source->origin.memory_size;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/source/signature.c: scope_hint: In function ‘oscap_signature_ctx_new’
openscap-1.4.0-build/openscap-1.4.0/src/source/signature.c:57:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ctx’
# 55| {
# 56| struct oscap_signature_ctx *ctx = malloc(sizeof(struct oscap_signature_ctx));
# 57|-> ctx->pubkey_pem = NULL;
# 58| ctx->pubkey_cert_pem = NULL;
# 59| return ctx;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/src/source/xslt.c: scope_hint: In function ‘apply_xslt_path_internal’
openscap-1.4.0-build/openscap-1.4.0/src/source/xslt.c:129:21: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘strdup(xsltfile)’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/src/source/xslt.c: scope_hint: In function ‘apply_xslt_path_internal’
openscap-1.4.0-build/openscap-1.4.0/src/source/xslt.c:36: included_from: Included from here.
/usr/include/unistd.h:287:12: note: argument 1 of ‘access’ must be non-null
# 127| if (strstr(xsltfile, "/") == xsltfile) {
# 128| xsltpath = oscap_strdup(xsltfile);
# 129|-> if (access(xsltpath, R_OK)) {
# 130| oscap_seterr(OSCAP_EFAMILY_OSCAP, "XSLT file '%s' not found when trying to transform '%s'",
# 131| xsltfile, oscap_source_readable_origin(source));
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/src/source/xslt.c:172:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘args’
openscap-1.4.0-build/openscap-1.4.0/src/source/xslt.c: scope_hint: In function ‘apply_xslt_path_internal’
# 170|
# 171| for (size_t i = 0; i < argc; i += 2) {
# 172|-> args[i] = (char*) params[i];
# 173| if (params[i+1]) args[i+1] = oscap_sprintf("'%s'", params[i+1]);
# 174| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/tests/API/CPE/name/test_api_cpe_uri.c: scope_hint: In function ‘main’
openscap-1.4.0-build/openscap-1.4.0/tests/API/CPE/name/test_api_cpe_uri.c:140:33: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cpes’
# 138|
# 139| for (i = 0; i < argc - 3; i++)
# 140|-> cpe_name_free(cpes[i]);
# 141| free(cpes);
# 142| cpe_name_free(candidate_cpe);
Error: GCC_ANALYZER_WARNING (CWE-775):
openscap-1.4.0-build/openscap-1.4.0/tests/API/crypt/test_crapi_digest.c: scope_hint: In function ‘main’
openscap-1.4.0-build/openscap-1.4.0/tests/API/crypt/test_crapi_digest.c:105:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(filename, 0)’
# 103| }
# 104|
# 105|-> if (crapi_init (NULL) != 0) {
# 106| fprintf (stderr, "crapi_init() != 0\n");
# 107| abort ();
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/tests/API/crypt/test_crapi_digest.c:122:13: warning[-Wanalyzer-null-argument]: use of NULL ‘comp_sum’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/tests/API/crypt/test_crapi_digest.c:30: included_from: Included from here.
/usr/include/string.h:156:12: note: argument 2 of ‘strcmp’ must be non-null
# 120| mem2hex (dst, dstlen, comp_sum, comp_sum_len);
# 121|
# 122|-> if (strcmp(orig_sum, comp_sum) != 0) {
# 123| fprintf (stderr, "crapi_digest::%s(%s) != %s (== %s)\n", algorithm_str, filename, orig_sum, comp_sum);
# 124| abort ();
Error: GCC_ANALYZER_WARNING (CWE-775):
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c:44:19: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "rb")’
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c:37:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c:37:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c:43:9: note: in expansion of macro ‘oscap_assert’
# 42|
# 43| oscap_assert(buffer != NULL);
# 44|-> *buffer = malloc(len + 1);
# 45| oscap_assert(*buffer != NULL);
# 46|
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c:44:19: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "rb")’
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c:37:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c:37:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c:43:9: note: in expansion of macro ‘oscap_assert’
# 42|
# 43| oscap_assert(buffer != NULL);
# 44|-> *buffer = malloc(len + 1);
# 45| oscap_assert(*buffer != NULL);
# 46|
Error: COMPILER_WARNING (CWE-252):
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c: scope_hint: In function ‘read_file’
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c:47:9: warning[-Wunused-result]: ignoring return value of ‘fread’ declared with attribute ‘warn_unused_result’
# 47 | fread(*buffer, len, 1, file);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 45| oscap_assert(*buffer != NULL);
# 46|
# 47|-> fread(*buffer, len, 1, file);
# 48| fclose(file);
# 49| return len;
Error: GCC_ANALYZER_WARNING (CWE-775):
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c:32: included_from: Included from here.
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c: scope_hint: In function ‘read_file’
openscap-1.4.0-build/openscap-1.4.0/tests/oscap_assert.h:30:12: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "rb")’
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c:43:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c:37:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c:37:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c:43:9: note: in expansion of macro ‘oscap_assert’
# 28| /* Unlike standard assert() macro this works even if NDEBUG is defined. */
# 29| #define oscap_assert(expr) \
# 30|-> if (!(expr)) { \
# 31| fprintf(stderr, "Assertion failed: %s, file %s, line %d, function %s.", #expr, __FILE__, __LINE__, __PRETTY_FUNCTION__); \
# 32| abort(); \
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/tests/oscap_assert.h:30:12: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "rb")’
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c:43:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c:37:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c:37:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.0-build/openscap-1.4.0/tests/bz2/test_bz2_memory_source.c:43:9: note: in expansion of macro ‘oscap_assert’
# 28| /* Unlike standard assert() macro this works even if NDEBUG is defined. */
# 29| #define oscap_assert(expr) \
# 30|-> if (!(expr)) { \
# 31| fprintf(stderr, "Assertion failed: %s, file %s, line %d, function %s.", #expr, __FILE__, __LINE__, __PRETTY_FUNCTION__); \
# 32| abort(); \
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-cpe.c: scope_hint: In function ‘getopt_cpe’
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-cpe.c:103:41: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*action.cpe_action’
# 101| }
# 102| action->cpe_action = malloc(sizeof(struct cpe_action));
# 103|-> action->cpe_action->name=argv[3];
# 104| action->cpe_action->dict=argv[4];
# 105| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-cpe.c:113:41: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*action.cpe_action’
# 111| }
# 112| action->cpe_action = malloc(sizeof(struct cpe_action));
# 113|-> action->cpe_action->name=argv[3];
# 114| }
# 115|
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-cpe.c:122:36: warning[-Wanalyzer-malloc-leak]: leak of ‘*action.cpe_action’
# 120| }
# 121|
# 122|-> action->cpe_action = malloc(sizeof(struct cpe_action));
# 123| action->cpe_action->dict=argv[3];
# 124| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-cpe.c:123:41: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*action.cpe_action’
# 121|
# 122| action->cpe_action = malloc(sizeof(struct cpe_action));
# 123|-> action->cpe_action->dict=argv[3];
# 124| }
# 125|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-ds.c: scope_hint: In function ‘getopt_ds’
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-ds.c:141:41: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*action.ds_action’
# 139| }
# 140| action->ds_action = malloc(sizeof(struct ds_action));
# 141|-> action->ds_action->file = argv[3];
# 142| }
# 143| else if (action->module == &DS_RDS_VALIDATE_MODULE) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-ds.c:149:41: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*action.ds_action’
# 147| }
# 148| action->ds_action = malloc(sizeof(struct ds_action));
# 149|-> action->ds_action->file = argv[optind];
# 150| }
# 151| return true;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-ds.c: scope_hint: In function ‘app_ds_rds_create’
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-ds.c:378:38: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘oval_result_files’
# 376| for (i = 0; i < action->ds_action->oval_result_count; ++i)
# 377| {
# 378|-> oval_result_files[i] = action->ds_action->oval_results[i];
# 379|
# 380| if (action->validate)
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-ds.c:392:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘oval_result_files’
# 390| }
# 391| }
# 392|-> oval_result_files[i] = NULL;
# 393|
# 394| ret = ds_rds_create(action->ds_action->file, action->ds_action->xccdf_result,
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-tool.c: scope_hint: In function ‘getopt_parse_env’
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-tool.c:320:20: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-tool.c: scope_hint: In function ‘getopt_parse_env’
# 318| eargc++;
# 319| void *new_eargv = realloc(eargv, eargc * sizeof(char *));
# 320|-> if (new_eargv == NULL)
# 321| goto exit;
# 322| eargv = new_eargv;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-tool.c:332:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘nargv’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-tool.c: scope_hint: In function ‘getopt_parse_env’
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 330| for (ofs = 0; strcmp((*argv)[ofs], OSCAP_OVAL_MODULE.name); ofs++);
# 331| ofs += 2;
# 332|-> memcpy(nargv, *argv, ofs * sizeof(char *));
# 333| /* copy env args */
# 334| memcpy(nargv + ofs, eargv, eargc * sizeof(char *));
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-tool.c:334:9: warning[-Wanalyzer-null-argument]: use of NULL ‘eargv’ where non-null expected
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-tool.c: scope_hint: In function ‘getopt_parse_env’
<built-in>: note: argument 2 of ‘__builtin_memcpy’ must be non-null
# 332| memcpy(nargv, *argv, ofs * sizeof(char *));
# 333| /* copy env args */
# 334|-> memcpy(nargv + ofs, eargv, eargc * sizeof(char *));
# 335| /* copy rest of the main args */
# 336| memcpy(nargv + ofs + eargc, *argv + ofs, (*argc - ofs) * sizeof(char *));
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-tool.c:343:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-tool.c: scope_hint: In function ‘getopt_parse_env’
# 341| exit:
# 342| free(opts);
# 343|-> free(eargv);
# 344| }
# 345|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-xccdf.c: scope_hint: In function ‘getopt_xccdf’
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-xccdf.c:1309:46: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*action.f_ovals’
# 1307| int i = 1;
# 1308| while (argc > (optind+i)) {
# 1309|-> action->f_ovals[i-1] = argv[optind + i];
# 1310| i++;
# 1311| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.0-build/openscap-1.4.0/utils/oscap-xccdf.c:1312:42: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*action.f_ovals’
# 1310| i++;
# 1311| }
# 1312|-> action->f_ovals[i-1] = NULL;
# 1313| } else {
# 1314| action->f_ovals = NULL;