Task #44972 - osbuild-composer-136-1.20250321120300298199.pr4650.19.g6dbd9d736/scan-results.err
back to task #44972download
Error: GCC_ANALYZER_WARNING (CWE-775):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘parse_proc_stringlist’
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/containers/storage/pkg/unshare/unshare.c:120:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
# 118| if (new_buf == NULL) {
# 119| free(buf);
# 120|-> fprintf(stderr, "realloc(%ld): out of memory\n", (long)(size + BUFSTEP));
# 121| return NULL;
# 122| }
Error: GCC_ANALYZER_WARNING (CWE-775):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/containers/storage/pkg/unshare/unshare.c:128:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
# 126| n = read(fd, buf + used, size - used - 1);
# 127| if (n < 0) {
# 128|-> fprintf(stderr, "read(): %m\n");
# 129| return NULL;
# 130| }
Error: GCC_ANALYZER_WARNING (CWE-401):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/containers/storage/pkg/unshare/unshare.c:128:25: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
# 126| n = read(fd, buf + used, size - used - 1);
# 127| if (n < 0) {
# 128|-> fprintf(stderr, "read(): %m\n");
# 129| return NULL;
# 130| }
Error: GCC_ANALYZER_WARNING (CWE-401):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/containers/storage/pkg/unshare/unshare.c:128:25: warning[-Wanalyzer-malloc-leak]: leak of ‘new_buf’
# 126| n = read(fd, buf + used, size - used - 1);
# 127| if (n < 0) {
# 128|-> fprintf(stderr, "read(): %m\n");
# 129| return NULL;
# 130| }
Error: GCC_ANALYZER_WARNING (CWE-401):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/containers/storage/pkg/unshare/unshare.c:145:17: warning[-Wanalyzer-malloc-leak]: leak of ‘new_buf’
# 143| ret = calloc(n_strings + 1, sizeof(char *));
# 144| if (ret == NULL) {
# 145|-> fprintf(stderr, "calloc(): out of memory\n");
# 146| return NULL;
# 147| }
Error: GCC_ANALYZER_WARNING (CWE-401):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘containers_reexec’
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/containers/storage/pkg/unshare/unshare.c:288:12: warning[-Wanalyzer-malloc-leak]: leak of ‘argv’
# 286| if (fd < 0)
# 287| fd = copy_self_proc_exe(argv);
# 288|-> if (fd < 0)
# 289| return fd;
# 290|
Error: CPPCHECK_WARNING (CWE-476):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/miekg/pkcs11/pkcs11.go:77: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: c
# 75| CK_C_GetFunctionList list;
# 76| struct ctx *c = calloc(1, sizeof(struct ctx));
# 77|-> c->handle = dlopen(module, RTLD_LAZY);
# 78| if (c->handle == NULL) {
# 79| free(c);
Error: GCC_ANALYZER_WARNING (CWE-476):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function 'New'
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/miekg/pkcs11/pkcs11.go:77:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'c'
# 75| CK_C_GetFunctionList list;
# 76| struct ctx *c = calloc(1, sizeof(struct ctx));
# 77|-> c->handle = dlopen(module, RTLD_LAZY);
# 78| if (c->handle == NULL) {
# 79| free(c);
Error: GCC_ANALYZER_WARNING (CWE-476):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function ‘New’
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/miekg/pkcs11/pkcs11.go:77:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘c’
# 75| CK_C_GetFunctionList list;
# 76| struct ctx *c = calloc(1, sizeof(struct ctx));
# 77|-> c->handle = dlopen(module, RTLD_LAZY);
# 78| if (c->handle == NULL) {
# 79| free(c);
Error: CPPCHECK_WARNING (CWE-476):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/miekg/pkcs11/pkcs11.go:78: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: c
# 76| struct ctx *c = calloc(1, sizeof(struct ctx));
# 77| c->handle = dlopen(module, RTLD_LAZY);
# 78|-> if (c->handle == NULL) {
# 79| free(c);
# 80| return NULL;
Error: CPPCHECK_WARNING (CWE-476):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/miekg/pkcs11/pkcs11.go:82: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: c
# 80| return NULL;
# 81| }
# 82|-> list = (CK_C_GetFunctionList) dlsym(c->handle, "C_GetFunctionList");
# 83| if (list == NULL) {
# 84| free(c);
Error: GCC_ANALYZER_WARNING (CWE-401):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function ‘GetAttributeValue.part.0’
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/miekg/pkcs11/pkcs11.go:316:32: warning[-Wanalyzer-malloc-leak]: leak of ‘*((CK_ATTRIBUTE *)temp).pValue’
# 314| continue;
# 315| }
# 316|-> temp[i].pValue = calloc(temp[i].ulValueLen, sizeof(CK_BYTE));
# 317| }
# 318| return c->sym->C_GetAttributeValue(session, object, temp, templen);
Error: CPPCHECK_WARNING (CWE-476):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go:60: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ret
# 58|
# 59| ret = (char *)malloc((strlen(enc)+1) * sizeof(char)); // for trailing null
# 60|-> strcpy(ret, enc);
# 61| ret[strlen(enc)]= '\0';
# 62|
Error: GCC_ANALYZER_WARNING (CWE-688):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go: scope_hint: In function 'gnu_ext_crypt'
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go:60:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'ret' where non-null expected
<built-in>: note: argument 1 of '__builtin_strcpy' must be non-null
# 58|
# 59| ret = (char *)malloc((strlen(enc)+1) * sizeof(char)); // for trailing null
# 60|-> strcpy(ret, enc);
# 61| ret[strlen(enc)]= '\0';
# 62|
Error: GCC_ANALYZER_WARNING (CWE-688):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go: scope_hint: In function ‘gnu_ext_crypt’
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go:60:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘ret’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strcpy’ must be non-null
# 58|
# 59| ret = (char *)malloc((strlen(enc)+1) * sizeof(char)); // for trailing null
# 60|-> strcpy(ret, enc);
# 61| ret[strlen(enc)]= '\0';
# 62|
Error: CPPCHECK_WARNING (CWE-476):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go:61: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ret
# 59| ret = (char *)malloc((strlen(enc)+1) * sizeof(char)); // for trailing null
# 60| strcpy(ret, enc);
# 61|-> ret[strlen(enc)]= '\0';
# 62|
# 63| return ret;
Error: CPPCHECK_WARNING (CWE-682):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/ubccr/kerby/base64.c:49: error[nullPointerArithmeticOutOfMemory]: If memory allocation fail: pointer addition with NULL pointer.
# 47| while (vlen >= 3)
# 48| {
# 49|-> *out++ = basis_64[value[0] >> 2];
# 50| *out++ = basis_64[((value[0] << 4) & 0x30) | (value[1] >> 4)];
# 51| *out++ = basis_64[((value[1] << 2) & 0x3C) | (value[2] >> 6)];
Error: CPPCHECK_WARNING (CWE-476):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/ubccr/kerby/base64.c:49: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: out++
# 47| while (vlen >= 3)
# 48| {
# 49|-> *out++ = basis_64[value[0] >> 2];
# 50| *out++ = basis_64[((value[0] << 4) & 0x30) | (value[1] >> 4)];
# 51| *out++ = basis_64[((value[1] << 2) & 0x3C) | (value[2] >> 6)];
Error: GCC_ANALYZER_WARNING (CWE-476):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/ubccr/kerby/base64.c: scope_hint: In function ‘base64_encode’
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/ubccr/kerby/base64.c:49:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 47| while (vlen >= 3)
# 48| {
# 49|-> *out++ = basis_64[value[0] >> 2];
# 50| *out++ = basis_64[((value[0] << 4) & 0x30) | (value[1] >> 4)];
# 51| *out++ = basis_64[((value[1] << 2) & 0x3C) | (value[2] >> 6)];
Error: GCC_ANALYZER_WARNING (CWE-476):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/ubccr/kerby/base64.c:58:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 56| if (vlen > 0)
# 57| {
# 58|-> *out++ = basis_64[value[0] >> 2];
# 59| unsigned char oval = (value[0] << 4) & 0x30;
# 60| if (vlen > 1) oval |= value[1] >> 4;
Error: GCC_ANALYZER_WARNING (CWE-476):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/ubccr/kerby/base64.c:65:10: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 63| *out++ = '=';
# 64| }
# 65|-> *out = '\0';
# 66|
# 67| return result;
Error: GCC_ANALYZER_WARNING (CWE-476):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/ubccr/kerby/base64.c: scope_hint: In function ‘base64_decode’
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/ubccr/kerby/base64.c:106:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 104|
# 105| value += 4;
# 106|-> *out++ = (CHAR64(c1) << 2) | (CHAR64(c2) >> 4);
# 107| *rlen += 1;
# 108|
Error: GCC_ANALYZER_WARNING (CWE-476):
osbuild-composer-136-build/osbuild-composer-136/vendor/github.com/ubccr/kerby/base64.c:121:13: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘result’
# 119|
# 120| base64_decode_error:
# 121|-> *result = 0;
# 122| *rlen = 0;
# 123|