swtpm-0.10.0-11.fc43 - findings not occurring in swtpm-0.10.0-11.fc43

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1]
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/daemonize.c:277:8: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(devnullfd, 1)’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/daemonize.c:273:8: branch_false: following ‘false’ branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/daemonize.c:277:9: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/daemonize.c:277:9: acquire_resource: opened here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/daemonize.c:277:8: danger: ‘dup2(devnullfd, 1)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  275|       }
#  276|   
#  277|->     if (dup2(devnullfd, STDOUT_FILENO) == -1) {
#  278|           fprintf(stderr, "Failed to redirect output stream to /dev/null: %s\n",
#  279|                   strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def2]
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/daemonize.c:283:8: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(devnullfd, 2)’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/daemonize.c:273:8: branch_false: following ‘false’ branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/daemonize.c:277:9: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/daemonize.c:277:8: branch_false: following ‘false’ branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/daemonize.c:283:9: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/daemonize.c:283:9: acquire_resource: opened here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/daemonize.c:283:8: danger: ‘dup2(devnullfd, 2)’ leaks here; was opened at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  281|           exit(1);
#  282|       }
#  283|->     if (dup2(devnullfd, STDERR_FILENO) == -1) {
#  284|           fprintf(stderr, "Failed to redirect error stream to /dev/null: %s\n",
#  285|                   strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def3]
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:96:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:118:5: enter_function: entry to 'mainLoop'
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:154:8: branch_false: following 'false' branch (when 'command' is non-NULL)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:161:5: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:172:8: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:173:26: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:177:12: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:178:32: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:183:12: branch_false: following 'false' branch...
 branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:190:12: branch_false: following 'false' branch...
 branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:192:16: branch_true: following 'true' branch (when 'rc == 0')...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:193:17: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:232:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:236:18: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:235:17: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:241:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:241:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:252:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:252:16: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:253:36: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:255:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:258:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:258:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:271:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:282:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:286:42: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:286:42: call_function: calling 'mainloop_ensure_locked_storage' from 'mainLoop'
#   94|   
#   95|       /* if NVRAM hasn't been initialized yet locking may need to be retried */
#   96|->     res = SWTPM_NVRAM_Lock_Storage(mlp->locking_retries);
#   97|       if (res == TPM_RETRY)
#   98|           return true;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def4]
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:233:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:154:8: branch_false: following 'false' branch (when 'command' is non-NULL)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:161:5: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:172:8: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:173:26: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:177:12: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:178:32: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:183:12: branch_false: following 'false' branch...
 branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:190:12: branch_false: following 'false' branch...
 branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:192:16: branch_true: following 'true' branch (when 'rc == 0')...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:193:17: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:232:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:236:18: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:235:17: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:241:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:241:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:252:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:252:16: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:253:36: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:255:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:258:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:258:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:271:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:282:16: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:282:16: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:233:17: danger: leaks here
#  231|               ready = poll(pollfds, 5, -1);
#  232|               if (ready < 0 && errno == EINTR)
#  233|->                 continue;
#  234|   
#  235|               if (ready < 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def5]
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:238:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:154:8: branch_false: following 'false' branch (when 'command' is non-NULL)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:161:5: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:172:8: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:173:26: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:177:12: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:178:32: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:183:12: branch_false: following 'false' branch...
 branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:190:12: branch_false: following 'false' branch...
 branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:192:16: branch_true: following 'true' branch (when 'rc == 0')...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:193:17: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:232:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:236:18: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:235:17: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:241:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:241:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:252:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:252:16: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:253:36: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:255:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:258:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:258:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:271:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:271:16: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:272:20: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:276:20: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:277:21: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:238:17: danger: leaks here
#  236|                   (pollfds[NOTIFY_FD].revents & POLLIN) != 0) {
#  237|                   SWTPM_IO_Disconnect(&connection_fd);
#  238|->                 break;
#  239|               }
#  240|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def6]
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:259:30: warning[-Wanalyzer-fd-leak]: leak of file descriptor
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:154:8: branch_false: following 'false' branch (when 'command' is non-NULL)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:161:5: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:172:8: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:173:26: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:177:12: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:178:32: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:183:12: branch_false: following 'false' branch...
 branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:190:12: branch_false: following 'false' branch...
 branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:192:16: branch_true: following 'true' branch (when 'rc == 0')...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:193:17: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:232:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:236:18: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:235:17: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:241:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:241:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:252:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:252:16: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:253:36: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:255:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:258:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:258:16: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:259:30: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:259:30: danger: leaks here
#  257|   
#  258|               if (pollfds[CTRL_CLIENT_FD].revents & POLLIN) {
#  259|->                 ctrlclntfd = ctrlchannel_process_fd(ctrlclntfd,
#  260|                                                       &g_mainloop_terminate,
#  261|                                                       &g_locality, &tpm_running,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def7]
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:291:22: warning[-Wanalyzer-fd-leak]: leak of file descriptor
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:118:5: enter_function: entry to 'mainLoop'
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:154:8: branch_false: following 'false' branch (when 'command' is non-NULL)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:161:5: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:172:8: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:173:26: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:177:12: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:178:32: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:183:12: branch_false: following 'false' branch...
 branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:190:12: branch_false: following 'false' branch...
 branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:192:16: branch_true: following 'true' branch (when 'rc == 0')...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:193:17: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:232:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:236:18: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:235:17: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:241:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:241:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:252:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:252:16: branch_true: following 'true' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:253:36: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:255:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:258:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:258:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:271:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:282:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:286:42: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:286:42: call_function: calling 'mainloop_ensure_locked_storage' from 'mainLoop'
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:286:42: return_function: returning to 'mainLoop' from 'mainloop_ensure_locked_storage'
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:286:16: branch_false: following 'false' branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:291:22: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm/mainloop.c:291:22: danger: leaks here
#  289|               /* Read the command.  The number of bytes is determined by 'paramSize' in the stream */
#  290|               if (rc == 0) {
#  291|->                 rc = SWTPM_IO_Read(&connection_fd, command, &command_length,
#  292|                                      max_command_length);
#  293|                   if (rc != 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def8]
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:747:19: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(gl_LOGFILE, "a")’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:608:5: enter_function: entry to ‘main’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:663:12: branch_false: following ‘false’ branch (when ‘opt == -1’)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:737:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:739:8: branch_true: following ‘true’ branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:742:13: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:747:19: acquire_resource: opened here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:747:19: danger: ‘fopen(gl_LOGFILE, "a")’ leaks here; was opened at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#  745|               goto error;
#  746|           }
#  747|->         tmpfile = fopen(gl_LOGFILE, "a"); // do not truncate
#  748|           if (tmpfile == NULL) {
#  749|               fprintf(stderr, "Cannot write to logfile %s.\n", gl_LOGFILE);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:747:19: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(gl_LOGFILE, "a")’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:608:5: enter_function: entry to ‘main’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:663:12: branch_false: following ‘false’ branch (when ‘opt == -1’)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:737:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:739:8: branch_true: following ‘true’ branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:742:13: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:747:19: acquire_memory: allocated here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:747:19: danger: ‘fopen(gl_LOGFILE, "a")’ leaks here; was allocated at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8)
#  745|               goto error;
#  746|           }
#  747|->         tmpfile = fopen(gl_LOGFILE, "a"); // do not truncate
#  748|           if (tmpfile == NULL) {
#  749|               fprintf(stderr, "Cannot write to logfile %s.\n", gl_LOGFILE);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def10]
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:755:9: warning[-Wanalyzer-null-argument]: use of NULL ‘optsfile’ where non-null expected
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:608:5: enter_function: entry to ‘main’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:663:12: branch_false: following ‘false’ branch (when ‘opt == -1’)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:737:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:755:9: danger: argument 1 (‘optsfile’) NULL where non-null expected
#  753|       }
#  754|   
#  755|->     if (access(optsfile, R_OK) != 0) {
#  756|           logerr(gl_LOGFILE, "Need read rights on options file %s for user %s.\n",
#  757|                  optsfile, curr_user ? curr_user->pw_name : "<unknown>");

Error: GCC_ANALYZER_WARNING (CWE-688): [#def11]
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:761:9: warning[-Wanalyzer-null-argument]: use of NULL ‘configfile’ where non-null expected
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:608:5: enter_function: entry to ‘main’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:663:12: branch_false: following ‘false’ branch (when ‘opt == -1’)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:737:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:755:8: branch_false: following ‘false’ branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:761:9: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_localca/swtpm_localca.c:761:9: danger: argument 1 (‘configfile’) NULL where non-null expected
#  759|       }
#  760|   
#  761|->     if (access(configfile, R_OK) != 0) {
#  762|           logerr(gl_LOGFILE, "Need read rights on config file %s for user %s.\n",
#  763|                  configfile, curr_user ? curr_user->pw_name : "<unknown>");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def12]
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1723:19: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(gl_LOGFILE, "a")’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1345:5: enter_function: entry to ‘main’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1658:8: branch_false: following ‘false’ branch (when ‘swtpm_prg’ is non-NULL)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1664:19: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1666:8: branch_false: following ‘false’ branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1670:5: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1672:11: call_function: calling ‘get_supported_tpm_versions’ from ‘main’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1672:11: return_function: returning to ‘main’ from ‘get_supported_tpm_versions’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1673:8: branch_false: following ‘false’ branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1676:8: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1676:8: branch_false: following ‘false’ branch (when ‘printcapabilities == 0’)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1681:9: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1681:8: branch_false: following ‘false’ branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1684:47: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1684:16: branch_false: following ‘false’ branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1689:8: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1689:8: branch_false: following ‘false’ branch (when ‘runas’ is NULL)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1695:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1697:8: branch_false: following ‘false’ branch (when ‘printprofiles == 0’)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1711:8: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1711:8: branch_true: following ‘true’ branch (when ‘got_ownerpass == 0’)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1712:21: call_function: inlined call to ‘g_strdup_inline’ from ‘main’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1713:8: branch_true: following ‘true’ branch (when ‘got_srkpass == 0’)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1714:19: call_function: inlined call to ‘g_strdup_inline’ from ‘main’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1716:8: branch_true: following ‘true’ branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1718:13: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1723:19: acquire_resource: opened here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1723:19: danger: ‘fopen(gl_LOGFILE, "a")’ leaks here; was opened at [(36)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/35)
# 1721|               goto error;
# 1722|           }
# 1723|->         tmpfile = fopen(gl_LOGFILE, "a");
# 1724|           if (tmpfile == NULL) {
# 1725|               fprintf(stderr, "Cannot write to logfile %s.\n", gl_LOGFILE);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def13]
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1723:19: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(gl_LOGFILE, "a")’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1345:5: enter_function: entry to ‘main’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1658:8: branch_false: following ‘false’ branch (when ‘swtpm_prg’ is non-NULL)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1664:19: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1666:8: branch_false: following ‘false’ branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1670:5: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1672:11: call_function: calling ‘get_supported_tpm_versions’ from ‘main’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1672:11: return_function: returning to ‘main’ from ‘get_supported_tpm_versions’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1673:8: branch_false: following ‘false’ branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1676:8: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1676:8: branch_false: following ‘false’ branch (when ‘printcapabilities == 0’)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1681:9: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1681:8: branch_false: following ‘false’ branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1684:47: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1684:16: branch_false: following ‘false’ branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1689:8: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1689:8: branch_false: following ‘false’ branch (when ‘runas’ is NULL)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1695:17: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1697:8: branch_false: following ‘false’ branch (when ‘printprofiles == 0’)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1711:8: branch_false: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1711:8: branch_true: following ‘true’ branch (when ‘got_ownerpass == 0’)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1712:21: call_function: inlined call to ‘g_strdup_inline’ from ‘main’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1713:8: branch_true: following ‘true’ branch (when ‘got_srkpass == 0’)...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1714:19: call_function: inlined call to ‘g_strdup_inline’ from ‘main’
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1716:8: branch_true: following ‘true’ branch...
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1718:13: branch_true: ...to here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1723:19: acquire_memory: allocated here
swtpm-0.10.0-build/swtpm-0.10.0/src/swtpm_setup/swtpm_setup.c:1723:19: danger: ‘fopen(gl_LOGFILE, "a")’ leaks here; was allocated at [(36)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/35)
# 1721|               goto error;
# 1722|           }
# 1723|->         tmpfile = fopen(gl_LOGFILE, "a");
# 1724|           if (tmpfile == NULL) {
# 1725|               fprintf(stderr, "Cannot write to logfile %s.\n", gl_LOGFILE);
Scan Properties

analyzer-version-clippy	1.86.0
analyzer-version-cppcheck	2.17.1
analyzer-version-gcc	15.0.1
analyzer-version-gcc-analyzer	15.0.1
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.86.0
diffbase-analyzer-version-cppcheck	2.17.1
diffbase-analyzer-version-gcc	15.0.1
diffbase-analyzer-version-gcc-analyzer	15.0.1
diffbase-analyzer-version-shellcheck	0.10.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-131.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	swtpm-0.10.0-11.fc43
diffbase-store-results-to	/tmp/tmp8jx2mjql/swtpm-0.10.0-11.fc43.tar.xz
diffbase-time-created	2025-04-25 15:47:41
diffbase-time-finished	2025-04-25 15:50:11
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmp8jx2mjql/swtpm-0.10.0-11.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp8jx2mjql/swtpm-0.10.0-11.fc43.src.rpm'
diffbase-tool-version	csmock-3.8.1.20250422.172604.g26bc3d6-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-131.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	swtpm-0.10.0-11.fc43
store-results-to	/tmp/tmp8jx2mjql/swtpm-0.10.0-11.fc43.tar.xz
time-created	2025-04-25 15:47:41
time-finished	2025-04-25 15:50:11
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmp8jx2mjql/swtpm-0.10.0-11.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp8jx2mjql/swtpm-0.10.0-11.fc43.src.rpm'
tool-version	csmock-3.8.1.20250422.172604.g26bc3d6-1.el9