libxcrypt-4.4.38-6.fc43

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1]
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha256.c: scope_hint: In function 'SHA256_Transform'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha256.c:94:14: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*<unknown>'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha256.c:83:36: note: in definition of macro 'RND'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha256.c:121:17: note: in expansion of macro 'RNDr'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha256.c:28: included_from: Included from here.
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha256.h:47:25: note: in expansion of macro 'libcperciva_HMAC_SHA256_Buf'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha256.c:465:1: note: in expansion of macro 'HMAC_SHA256_Buf'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha256.h:39:21: note: in expansion of macro 'libcperciva_SHA256_Init'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha256.c:356:17: note: in expansion of macro 'SHA256_Init'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha256.c: scope_hint: In function 'SHA256_Transform'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha256.c:34: included_from: Included from here.
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha256.c:112:9: note: in expansion of macro 'be32dec_vect'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:129:3: note: in definition of macro 'VECTOR_TO_CPU_'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:144:1: note: in expansion of macro 'VECTOR_TO_CPU'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:126:34: note: in expansion of macro 'VECTOR_TO_CPU_'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:144:1: note: in expansion of macro 'VECTOR_TO_CPU'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:133:16: note: in definition of macro 'VECTOR_TO_CPU_'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:144:1: note: in expansion of macro 'VECTOR_TO_CPU'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h: scope_hint: In function 'SHA256_Transform'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:126:34: note: in expansion of macro 'VECTOR_TO_CPU_'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:144:1: note: in expansion of macro 'VECTOR_TO_CPU'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:126:34: note: in expansion of macro 'VECTOR_TO_CPU_'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:144:1: note: in expansion of macro 'VECTOR_TO_CPU'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha256.c:112:9: note: in expansion of macro 'be32dec_vect'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha256.c:83:36: note: in definition of macro 'RND'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha256.c:121:17: note: in expansion of macro 'RNDr'
#   92|   	    S[(68 - i) % 8], S[(69 - i) % 8],	\
#   93|   	    S[(70 - i) % 8], S[(71 - i) % 8],	\
#   94|-> 	    W[i + ii] + Krnd[i + ii])
#   95|   
#   96|   /* Message schedule computation */

Error: GCC_ANALYZER_WARNING (CWE-457): [#def2]
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha512.c: scope_hint: In function 'SHA512_Transform'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha512.c:107:14: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'W[<unknown>]'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha512.c:96:36: note: in definition of macro 'RND'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha512.c:134:17: note: in expansion of macro 'RNDr'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha512.c:29: included_from: Included from here.
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha512.h:40:20: note: in expansion of macro 'libcperciva_SHA512_Buf'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha512.c:301:1: note: in expansion of macro 'SHA512_Buf'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha512.h:38:23: note: in expansion of macro 'libcperciva_SHA512_Update'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha512.c:307:9: note: in expansion of macro 'SHA512_Update'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha512.h:38:23: note: in expansion of macro 'libcperciva_SHA512_Update'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha512.c:236:1: note: in expansion of macro 'SHA512_Update'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha512.c:34: included_from: Included from here.
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha512.c:125:9: note: in expansion of macro 'be64dec_vect'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:129:3: note: in definition of macro 'VECTOR_TO_CPU_'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:145:1: note: in expansion of macro 'VECTOR_TO_CPU'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:126:34: note: in expansion of macro 'VECTOR_TO_CPU_'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:145:1: note: in expansion of macro 'VECTOR_TO_CPU'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:133:16: note: in definition of macro 'VECTOR_TO_CPU_'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:145:1: note: in expansion of macro 'VECTOR_TO_CPU'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:126:34: note: in expansion of macro 'VECTOR_TO_CPU_'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:145:1: note: in expansion of macro 'VECTOR_TO_CPU'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:126:34: note: in expansion of macro 'VECTOR_TO_CPU_'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/byteorder.h:145:1: note: in expansion of macro 'VECTOR_TO_CPU'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha512.c:125:9: note: in expansion of macro 'be64dec_vect'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha512.c:96:36: note: in definition of macro 'RND'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-sha512.c:134:17: note: in expansion of macro 'RNDr'
#  105|   	    S[(84 - i) % 8], S[(85 - i) % 8],	\
#  106|   	    S[(86 - i) % 8], S[(87 - i) % 8],	\
#  107|-> 	    W[i + ii] + K[i + ii])
#  108|   
#  109|   /* Message schedule computation */

Error: GCC_ANALYZER_WARNING (CWE-476): [#def3]
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-yescrypt-opt.c: scope_hint: In function 'yescrypt_kdf_body'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-yescrypt-opt.c:1320:17: warning[-Wanalyzer-null-dereference]: dereference of NULL 'B'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-yescrypt-opt.c:31: included_from: Included from here.
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-yescrypt-opt.c:1445:5: note: in expansion of macro 'yescrypt_init_shared'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-yescrypt-opt.c: scope_hint: In function 'yescrypt_kdf_body'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-yescrypt-opt.c:1474:21: note: in expansion of macro 'yescrypt_kdf'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-yescrypt-opt.c:1395:5: note: in expansion of macro 'yescrypt_kdf'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/alg-yescrypt-opt.c: scope_hint: In function 'yescrypt_kdf_body'
# 1318|   
# 1319|   	if (flags)
# 1320|-> 		memcpy(sha256, B, sizeof(sha256));
# 1321|   
# 1322|   	if (p == 1 || (flags & YESCRYPT_RW)) {

Error: GCC_ANALYZER_WARNING (CWE-787): [#def4]
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/crypt-bcrypt.c: scope_hint: In function 'BF_crypt'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/crypt-bcrypt.c:732:24: warning[-Wanalyzer-out-of-bounds]: buffer over-read
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/crypt-port.h:322: included_from: Included from here.
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/crypt-bcrypt.c:46: included_from: Included from here.
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/crypt-bcrypt.c:1046:1: note: in expansion of macro 'crypt_bcrypt_y_rn'
libxcrypt-4.4.38-build/libxcrypt-4.4.38/lib/crypt-bcrypt.c:732:24: note: valid subscripts for 'flags_by_subtype' are '[0]' to '[25]'
#  730|         setting[1] != '2' ||
#  731|         setting[2] < 'a' || setting[2] > 'z' ||
#  732|->       !flags_by_subtype[(unsigned int) (unsigned char) setting[2] - 'a'] ||
#  733|         setting[3] != '$' ||
#  734|         setting[4] < '0' || setting[4] > '3' ||
Scan Properties

analyzer-version-clippy	1.85.1
analyzer-version-cppcheck	2.17.1
analyzer-version-gcc	15.0.1
analyzer-version-gcc-analyzer	15.0.1
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-63.us-west-2.compute.internal
mock-config	fedora-rawhide-x86_64
project-name	libxcrypt-4.4.38-6.fc43
store-results-to	/tmp/tmp3_e8oohz/libxcrypt-4.4.38-6.fc43.tar.xz
time-created	2025-04-03 09:30:25
time-finished	2025-04-03 09:32:58
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'cppcheck,shellcheck,unicontrol,clippy,gcc' '-o' '/tmp/tmp3_e8oohz/libxcrypt-4.4.38-6.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmp3_e8oohz/libxcrypt-4.4.38-6.fc43.src.rpm'
tool-version	csmock-3.8.0-1.el9