Task #68 - curl-8.6.0-7.fc40/scan-results.err
back to task #68download
Error: SHELLCHECK_WARNING (CWE-563):
/usr/bin/curl-config:27:1: warning[SC2034]: exec_prefix appears unused. Verify use (or export if used externally).
# 25|
# 26| prefix="/usr"
# 27|-> exec_prefix=/usr
# 28| includedir=/usr/include
# 29| cppflag_curl_staticlib=
Error: SHELLCHECK_WARNING (CWE-563):
/usr/bin/curl-config:28:1: warning[SC2034]: includedir appears unused. Verify use (or export if used externally).
# 26| prefix="/usr"
# 27| exec_prefix=/usr
# 28|-> includedir=/usr/include
# 29| cppflag_curl_staticlib=
# 30|
Error: SHELLCHECK_WARNING (CWE-563):
/usr/bin/curl-config:68:8: warning[SC2034]: value appears unused. Verify use (or export if used externally).
# 66| # [not currently used]
# 67| -*=*) value=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
# 68|-> *) value= ;;
# 69| esac
# 70|
Error: GCC_ANALYZER_WARNING (CWE-835):
curl-8.6.0/lib/bufq.c: scope_hint: In function 'Curl_bufq_skip'
curl-8.6.0/lib/bufq.c:485:16: warning[-Wanalyzer-infinite-loop]: infinite loop
curl-8.6.0/lib/bufq.c: scope_hint: In function 'Curl_bufq_skip'
curl-8.6.0/lib/bufq.c: scope_hint: In function 'Curl_bufq_skip'
# 483| size_t n;
# 484|
# 485|-> while(amount && q->head) {
# 486| n = chunk_skip(q->head, amount);
# 487| amount -= n;
Error: CLANG_WARNING:
curl-8.6.0/lib/cf-h2-proxy.c:864:5: warning[deadcode.DeadStores]: Value stored to 'nwritten' is never read
# 862| if(result != CURLE_AGAIN)
# 863| return NGHTTP2_ERR_CALLBACK_FAILURE;
# 864|-> nwritten = 0;
# 865| }
# 866| DEBUGASSERT((size_t)nwritten == len);
Error: GCC_ANALYZER_WARNING (CWE-775):
curl-8.6.0/lib/cf-socket.c: scope_hint: In function 'bindlocal'
curl-8.6.0/lib/cf-socket.c:431:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor '*ctx.sock'
curl-8.6.0/lib/sendf.h:29: included_from: Included from here.
curl-8.6.0/lib/cf-socket.c:58: included_from: Included from here.
curl-8.6.0/lib/cf-socket.c:999:5: note: in expansion of macro 'infof'
curl-8.6.0/lib/curl_trc.h:75:11: note: in expansion of macro 'Curl_trc_is_verbose'
curl-8.6.0/lib/cf-socket.c:999:5: note: in expansion of macro 'infof'
# 429| if(!dev && !port)
# 430| /* no local kind of binding was requested */
# 431|-> return CURLE_OK;
# 432|
# 433| memset(&sa, 0, sizeof(struct Curl_sockaddr_storage));
Error: GCC_ANALYZER_WARNING (CWE-476):
curl-8.6.0/lib/conncache.c: scope_hint: In function 'Curl_conncache_add_conn'
curl-8.6.0/lib/conncache.c:243:30: warning[-Wanalyzer-null-dereference]: dereference of NULL 'connc'
# 241|
# 242| bundle_add_conn(bundle, conn);
# 243|-> conn->connection_id = connc->next_connection_id++;
# 244| connc->num_conn++;
# 245|
Error: GCC_ANALYZER_WARNING (CWE-775):
curl-8.6.0/lib/file.c: scope_hint: In function 'file_connect'
curl-8.6.0/lib/file.c:243:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor '**data.req.p.file.fd'
curl-8.6.0/lib/file.c:235:8: note: in expansion of macro 'open_readonly'
curl-8.6.0/lib/file.c:235:8: note: in expansion of macro 'open_readonly'
# 241|
# 242| file->fd = fd;
# 243|-> if(!data->state.upload && (fd == -1)) {
# 244| failf(data, "Couldn't open file %s", data->state.up.path);
# 245| file_done(data, CURLE_FILE_COULDNT_READ_FILE, FALSE);
Error: GCC_ANALYZER_WARNING (CWE-775):
curl-8.6.0/lib/file.c:243:26: warning[-Wanalyzer-fd-leak]: leak of file descriptor '**data.req.p.file.fd'
curl-8.6.0/lib/file.c:235:8: note: in expansion of macro 'open_readonly'
curl-8.6.0/lib/file.c:235:8: note: in expansion of macro 'open_readonly'
# 241|
# 242| file->fd = fd;
# 243|-> if(!data->state.upload && (fd == -1)) {
# 244| failf(data, "Couldn't open file %s", data->state.up.path);
# 245| file_done(data, CURLE_FILE_COULDNT_READ_FILE, FALSE);
Error: CPPCHECK_WARNING (CWE-457):
curl-8.6.0/lib/ftp.c:640: warning[uninitvar]: Uninitialized variable: *ftpcode
# 638| *nreadp = 0;
# 639|
# 640|-> while(!*ftpcode && !result) {
# 641| /* check and reset timeout value every lap */
# 642| timediff_t timeout = Curl_pp_state_timeout(data, pp, FALSE);
Error: GCC_ANALYZER_WARNING (CWE-476):
curl-8.6.0/lib/http2.c: scope_hint: In function 'nw_in_reader'
curl-8.6.0/lib/http2.c:362:10: warning[-Wanalyzer-null-dereference]: dereference of NULL 'reader_ctx'
curl-8.6.0/lib/http2.c:42: included_from: Included from here.
curl-8.6.0/lib/http2.c:360:28: note: in expansion of macro 'CF_DATA_CURRENT'
# 360| struct Curl_easy *data = CF_DATA_CURRENT(cf);
# 361|
# 362|-> return Curl_conn_cf_recv(cf->next, data, (char *)buf, buflen, err);
# 363| }
# 364|
Error: GCC_ANALYZER_WARNING (CWE-126):
curl-8.6.0/lib/http2.c: scope_hint: In function 'curl_pushheader_byname'
curl-8.6.0/lib/http2.c:756:30: warning[-Wanalyzer-out-of-bounds]: buffer over-read
curl-8.6.0/lib/http2.c:756:30: note: read of 1 byte from after the end of '":scheme"'
curl-8.6.0/lib/http2.c:756:30: note: valid subscripts for '":scheme"' are '[0]' to '[7]'
# └────────────────────────────────────────────────────────────┘
# ^ ^ ^ ^ ^ ^ ^ ^
curl-8.6.0/lib/curl_setup_once.h:34: included_from: Included from here.
curl-8.6.0/lib/curl_setup.h:719: included_from: Included from here.
curl-8.6.0/lib/http2.c:25: included_from: Included from here.
/usr/include/string.h:246:14: note: argument 1 of 'strchr' must be a pointer to a null-terminated string
# 754| this is because we do prefix match.*/
# 755| if(!h || !GOOD_EASY_HANDLE(h->data) || !header || !header[0] ||
# 756|-> !strcmp(header, ":") || strchr(header + 1, ':'))
# 757| return NULL;
# 758|
Error: GCC_ANALYZER_WARNING (CWE-476):
curl-8.6.0/lib/http2.c: scope_hint: In function 'recvbuf_write_hds'
curl-8.6.0/lib/http2.c:979:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
curl-8.6.0/lib/http2.c:970:31: note: in expansion of macro 'H2_STREAM_CTX'
# 977| if(nwritten < 0)
# 978| return result;
# 979|-> stream->resp_hds_len += (size_t)nwritten;
# 980| DEBUGASSERT((size_t)nwritten == blen);
# 981| return CURLE_OK;
Error: CLANG_WARNING:
curl-8.6.0/lib/http2.c:1304:5: warning[deadcode.DeadStores]: Value stored to 'nwritten' is never read
# 1302| return NGHTTP2_ERR_CALLBACK_FAILURE;
# 1303|
# 1304|-> nwritten = 0;
# 1305| }
# 1306|
Error: CLANG_WARNING:
curl-8.6.0/lib/http2.c:2294:8: warning[core.NullDereference]: Access to field 'closed' results in a dereference of a null pointer (loaded from variable 'stream')
# 2292| /* nghttp2 thinks this session is done. If the stream has not been
# 2293| * closed, this is an error state for out transfer */
# 2294|-> if(stream->closed) {
# 2295| nwritten = http2_handle_stream_close(cf, data, stream, err);
# 2296| }
Error: CLANG_WARNING:
curl-8.6.0/lib/http2.c:2398:5: warning[deadcode.DeadStores]: Value stored to 'result' is never read
# 2396| result = h2_progress_egress(cf, data);
# 2397| if(result == CURLE_AGAIN)
# 2398|-> result = CURLE_OK;
# 2399| else if(result)
# 2400| goto out;
Error: GCC_ANALYZER_WARNING (CWE-126):
curl-8.6.0/lib/http_negotiate.c: scope_hint: In function 'Curl_input_negotiate'
curl-8.6.0/lib/http_negotiate.c:90:9: warning[-Wanalyzer-out-of-bounds]: buffer over-read
curl-8.6.0/lib/http_negotiate.c:90:9: note: read of 9 bytes from after the end of '"Negotiate"'
curl-8.6.0/lib/http_negotiate.c:90:9: note: valid subscripts for '"Negotiate"' are '[0]' to '[9]'
# └─────────────────────────────────┘
# ^ ^
curl-8.6.0/lib/curl_setup_once.h:34: included_from: Included from here.
curl-8.6.0/lib/curl_setup.h:719: included_from: Included from here.
curl-8.6.0/lib/http_negotiate.c:25: included_from: Included from here.
/usr/include/string.h:407:15: note: argument 1 of 'strlen' must be a pointer to a null-terminated string
# 88| header++;
# 89|
# 90|-> len = strlen(header);
# 91| neg_ctx->havenegdata = len != 0;
# 92| if(!len) {
Error: CPPCHECK_WARNING (CWE-758):
curl-8.6.0/lib/imap.c:1968: error[objectIndex]: The address of local variable 'path' is accessed at non-zero index.
# 1966| /* Remove the trailing slash if present */
# 1967| const char *end = ptr;
# 1968|-> if(end > begin && end[-1] == '/')
# 1969| end--;
# 1970|
Error: GCC_ANALYZER_WARNING (CWE-457):
curl-8.6.0/lib/mprintf.c: scope_hint: In function 'formatf'
curl-8.6.0/lib/mprintf.c:713:42: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'input[<unknown>].val.nums'
# 711| /* pick up the specified width */
# 712| if(flags & FLAGS_WIDTHPARAM) {
# 713|-> width = (int)input[optr->width].val.nums;
# 714| if(width < 0) {
# 715| /* "A negative field width is taken as a '-' flag followed by a
Error: GCC_ANALYZER_WARNING (CWE-457):
curl-8.6.0/lib/mprintf.c:730:45: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'input[<unknown>].val.nums'
# 728| /* pick up the specified precision */
# 729| if(flags & FLAGS_PRECPARAM) {
# 730|-> prec = (int)input[optr->precision].val.nums;
# 731| if(prec < 0)
# 732| /* "A negative precision is taken as if the precision were
Error: GCC_ANALYZER_WARNING (CWE-457):
curl-8.6.0/lib/mprintf.c:744:16: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'input[<unknown>].type'
# 742| iptr = &input[optr->input];
# 743|
# 744|-> switch(iptr->type) {
# 745| case FORMAT_INTU:
# 746| case FORMAT_LONGU:
Error: CPPCHECK_WARNING (CWE-457):
curl-8.6.0/lib/sigpipe.h:68: warning[uninitvar]: Uninitialized variable: ig->no_signal
# 66| static void sigpipe_restore(struct sigpipe_ignore *ig)
# 67| {
# 68|-> if(!ig->no_signal)
# 69| /* restore the outside state */
# 70| sigaction(SIGPIPE, &ig->old_pipe_act, NULL);
Error: CLANG_WARNING:
curl-8.6.0/lib/ws.c:972:7: warning[deadcode.DeadStores]: Value stored to 'done' is never read
# 970| continue; /* nothing written, try more input */
# 971| }
# 972|-> done = TRUE;
# 973| break;
# 974| }
Error: CLANG_WARNING:
curl-8.6.0/lib/ws.c:982:7: warning[deadcode.DeadStores]: Value stored to 'done' is never read
# 980| * There are frames like PING were we auto-respond to and
# 981| * that we do not return. For these `ctx.written` is not set. */
# 982|-> done = TRUE;
# 983| break;
# 984| }
Error: GCC_ANALYZER_WARNING (CWE-775):
curl-8.6.0/src/tool_cb_dbg.c: scope_hint: In function ‘tool_debug_cb’
curl-8.6.0/src/tool_cb_dbg.c:143:29: warning[-Wanalyzer-file-leak]: leak of FILE ‘*config.trace_stream’
# 141| else {
# 142| config->trace_stream = fopen(config->trace_dump, FOPEN_WRITETEXT);
# 143|-> config->trace_fopened = TRUE;
# 144| }
# 145| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_cb_dbg.c:143:29: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.trace_stream’
# 141| else {
# 142| config->trace_stream = fopen(config->trace_dump, FOPEN_WRITETEXT);
# 143|-> config->trace_fopened = TRUE;
# 144| }
# 145| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.altsvc’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.aws_sigv4’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.cipher13_list’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.cipher_list’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.cookiejar’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.dns_interface’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.dns_ipv4_addr’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.dns_ipv6_addr’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.dns_servers’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.doh_url’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.ftp_account’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.ftp_alternative_to_user’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.haproxy_clientip’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.headerfile’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.hsts’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.iface’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.ipfs_gateway’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.krblevel’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.mail_auth’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.mail_from’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c: scope_hint: In function ‘getstr’
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.noproxy’
curl-8.6.0/lib/curlx.h:58: included_from: Included from here.
curl-8.6.0/src/tool_getparam.c:30: included_from: Included from here.
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.oauth_bearer’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.proto_default’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.proxy_cipher13_list’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.proxy_service_name’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.proxy’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.sasl_authzid’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.service_name’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.unix_socket_path’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.useragent’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-457):
curl-8.6.0/src/tool_getparam.c: scope_hint: In function ‘url_query’
curl-8.6.0/src/tool_getparam.c:1049:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘query’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 1047| if(!err) {
# 1048| if(config->query) {
# 1049|-> CURLcode result = curlx_dyn_addf(&dyn, "%s&%s", config->query, query);
# 1050| free(query);
# 1051| if(result)
Error: GCC_ANALYZER_WARNING (CWE-457):
curl-8.6.0/src/tool_getparam.c:1059:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘query’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 1057| }
# 1058| else
# 1059|-> config->query = query;
# 1060| }
# 1061| return err;
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_getparam.c:1061:10: warning[-Wanalyzer-malloc-leak]: leak of ‘query’
curl-8.6.0/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 1059| config->query = query;
# 1060| }
# 1061|-> return err;
# 1062| }
# 1063|
Error: CPPCHECK_WARNING (CWE-457):
curl-8.6.0/src/tool_getparam.c:1262: warning[uninitvar]: Uninitialized variables: &key.desc, &key.letter, &key.cmd
# 1260| key.lname = word;
# 1261|
# 1262|-> a = bsearch(&key, aliases, sizeof(aliases)/sizeof(aliases[0]),
# 1263| sizeof(aliases[0]), findarg);
# 1264| if(a) {
Error: GCC_ANALYZER_WARNING (CWE-775):
curl-8.6.0/src/tool_main.c:99:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd[0]’
# 97| (fcntl(STDERR_FILENO, F_GETFD) == -1))
# 98| if(pipe(fd))
# 99|-> return 1;
# 100| return 0;
# 101| }
Error: GCC_ANALYZER_WARNING (CWE-775):
curl-8.6.0/src/tool_main.c: scope_hint: In function ‘main_checkfds’
curl-8.6.0/src/tool_main.c:99:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd[1]’
# 97| (fcntl(STDERR_FILENO, F_GETFD) == -1))
# 98| if(pipe(fd))
# 99|-> return 1;
# 100| return 0;
# 101| }
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_operate.c: scope_hint: In function ‘transfer_per_config’
curl-8.6.0/src/tool_operate.c:2589:11: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.cacert’
curl-8.6.0/include/curl/curl.h:3226: included_from: Included from here.
curl-8.6.0/src/tool_setup.h:46: included_from: Included from here.
curl-8.6.0/src/tool_operate.c:24: included_from: Included from here.
curl-8.6.0/src/tool_operate.c:2774:11: note: in expansion of macro ‘curl_share_setopt’
curl-8.6.0/src/tool_operate.c:50: included_from: Included from here.
curl-8.6.0/src/tool_operate.c:2586:13: note: in expansion of macro ‘curlx_getenv’
# 2587| if(env) {
# 2588| config->cacert = strdup(env);
# 2589|-> if(!config->cacert) {
# 2590| curl_free(env);
# 2591| curl_easy_cleanup(curltls);
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_operate.c:2600:13: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.capath’
curl-8.6.0/src/tool_operate.c:2774:11: note: in expansion of macro ‘curl_share_setopt’
curl-8.6.0/src/tool_operate.c:2586:13: note: in expansion of macro ‘curlx_getenv’
curl-8.6.0/src/tool_operate.c:2597:15: note: in expansion of macro ‘curlx_getenv’
# 2598| if(env) {
# 2599| config->capath = strdup(env);
# 2600|-> if(!config->capath) {
# 2601| curl_free(env);
# 2602| curl_easy_cleanup(curltls);
Error: GCC_ANALYZER_WARNING (CWE-401):
curl-8.6.0/src/tool_operate.c:2612:13: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.cacert’
curl-8.6.0/src/tool_operate.c:2774:11: note: in expansion of macro ‘curl_share_setopt’
curl-8.6.0/src/tool_operate.c:2586:13: note: in expansion of macro ‘curlx_getenv’
curl-8.6.0/src/tool_operate.c:2597:15: note: in expansion of macro ‘curlx_getenv’
curl-8.6.0/src/tool_operate.c:2609:15: note: in expansion of macro ‘curlx_getenv’
# 2610| if(env) {
# 2611| config->cacert = strdup(env);
# 2612|-> if(!config->cacert) {
# 2613| curl_free(env);
# 2614| if(capath_from_env)
Error: GCC_ANALYZER_WARNING (CWE-688):
curl-8.6.0/src/tool_writeout.c: scope_hint: In function ‘writeString’
curl-8.6.0/src/tool_writeout.c:409:7: warning[-Wanalyzer-null-argument]: use of NULL ‘strinfo’ where non-null expected
curl-8.6.0/lib/curl_setup.h:369: included_from: Included from here.
curl-8.6.0/src/tool_setup.h:38: included_from: Included from here.
curl-8.6.0/src/tool_writeout.c:24: included_from: Included from here.
/usr/include/stdio.h:717:12: note: argument 1 of ‘fputs’ must be non-null
# 407| }
# 408| else
# 409|-> fputs(strinfo, stream);
# 410| }
# 411| else {
Error: GCC_ANALYZER_WARNING (CWE-476):
curl-8.6.0/src/var.c: scope_hint: In function ‘varexpand’
curl-8.6.0/src/var.c:221:29: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘envp’
# 219| do {
# 220| envp = strstr(line, "{{");
# 221|-> if((envp > line) && envp[-1] == '\\') {
# 222| /* preceding backslash, we want this verbatim */
# 223|