OpenScanHub - Task log

Task #74050 - image-builder-37-1.20251001082926521036.main.1.gde00dd7/scan-results.err

back to task #74050
download

Error: GCC_ANALYZER_WARNING (CWE-775):
image-builder-cli-37/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘parse_proc_stringlist’
image-builder-cli-37/vendor/github.com/containers/storage/pkg/unshare/unshare.c:120:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
#  118|   		if (new_buf == NULL) {
#  119|   			free(buf);
#  120|-> 			fprintf(stderr, "realloc(%ld): out of memory\n", (long)(size + BUFSTEP));
#  121|   			return NULL;
#  122|   		}

Error: GCC_ANALYZER_WARNING (CWE-775):
image-builder-cli-37/vendor/github.com/containers/storage/pkg/unshare/unshare.c:128:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
#  126|   		n = read(fd, buf + used, size - used - 1);
#  127|   		if (n < 0) {
#  128|-> 			fprintf(stderr, "read(): %m\n");
#  129|   			return NULL;
#  130|   		}

Error: GCC_ANALYZER_WARNING (CWE-401):
image-builder-cli-37/vendor/github.com/containers/storage/pkg/unshare/unshare.c:128:25: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
#  126|   		n = read(fd, buf + used, size - used - 1);
#  127|   		if (n < 0) {
#  128|-> 			fprintf(stderr, "read(): %m\n");
#  129|   			return NULL;
#  130|   		}

Error: GCC_ANALYZER_WARNING (CWE-401):
image-builder-cli-37/vendor/github.com/containers/storage/pkg/unshare/unshare.c:128:25: warning[-Wanalyzer-malloc-leak]: leak of ‘new_buf’
#  126|   		n = read(fd, buf + used, size - used - 1);
#  127|   		if (n < 0) {
#  128|-> 			fprintf(stderr, "read(): %m\n");
#  129|   			return NULL;
#  130|   		}

Error: GCC_ANALYZER_WARNING (CWE-401):
image-builder-cli-37/vendor/github.com/containers/storage/pkg/unshare/unshare.c:145:17: warning[-Wanalyzer-malloc-leak]: leak of ‘new_buf’
#  143|   	ret = calloc(n_strings + 1, sizeof(char *));
#  144|   	if (ret == NULL) {
#  145|-> 		fprintf(stderr, "calloc(): out of memory\n");
#  146|   		return NULL;
#  147|   	}

Error: GCC_ANALYZER_WARNING (CWE-401):
image-builder-cli-37/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘containers_reexec’
image-builder-cli-37/vendor/github.com/containers/storage/pkg/unshare/unshare.c:288:12: warning[-Wanalyzer-malloc-leak]: leak of ‘argv’
#  286|   	if (fd < 0)
#  287|   		fd = copy_self_proc_exe(argv);
#  288|-> 	if (fd < 0)
#  289|   		return fd;
#  290|   

Error: CPPCHECK_WARNING (CWE-476):
image-builder-cli-37/vendor/github.com/miekg/pkcs11/pkcs11.go:77: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: c
#   75|   	CK_C_GetFunctionList list;
#   76|   	struct ctx *c = calloc(1, sizeof(struct ctx));
#   77|-> 	c->handle = dlopen(module, RTLD_LAZY);
#   78|   	if (c->handle == NULL) {
#   79|   		free(c);

Error: GCC_ANALYZER_WARNING (CWE-476):
image-builder-cli-37/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function 'New'
image-builder-cli-37/vendor/github.com/miekg/pkcs11/pkcs11.go:77:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'c'
#   75|   	CK_C_GetFunctionList list;
#   76|   	struct ctx *c = calloc(1, sizeof(struct ctx));
#   77|-> 	c->handle = dlopen(module, RTLD_LAZY);
#   78|   	if (c->handle == NULL) {
#   79|   		free(c);

Error: GCC_ANALYZER_WARNING (CWE-476):
image-builder-cli-37/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function ‘New’
image-builder-cli-37/vendor/github.com/miekg/pkcs11/pkcs11.go:77:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘c’
#   75|   	CK_C_GetFunctionList list;
#   76|   	struct ctx *c = calloc(1, sizeof(struct ctx));
#   77|-> 	c->handle = dlopen(module, RTLD_LAZY);
#   78|   	if (c->handle == NULL) {
#   79|   		free(c);

Error: CPPCHECK_WARNING (CWE-476):
image-builder-cli-37/vendor/github.com/miekg/pkcs11/pkcs11.go:78: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: c
#   76|   	struct ctx *c = calloc(1, sizeof(struct ctx));
#   77|   	c->handle = dlopen(module, RTLD_LAZY);
#   78|-> 	if (c->handle == NULL) {
#   79|   		free(c);
#   80|   		return NULL;

Error: CPPCHECK_WARNING (CWE-476):
image-builder-cli-37/vendor/github.com/miekg/pkcs11/pkcs11.go:82: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: c
#   80|   		return NULL;
#   81|   	}
#   82|-> 	list = (CK_C_GetFunctionList) dlsym(c->handle, "C_GetFunctionList");
#   83|   	if (list == NULL) {
#   84|   		free(c);

Error: GCC_ANALYZER_WARNING (CWE-401):
image-builder-cli-37/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function ‘GetAttributeValue.part.0’
image-builder-cli-37/vendor/github.com/miekg/pkcs11/pkcs11.go:316:32: warning[-Wanalyzer-malloc-leak]: leak of ‘*((CK_ATTRIBUTE *)temp).pValue’
#  314|   			continue;
#  315|   		}
#  316|-> 		temp[i].pValue = calloc(temp[i].ulValueLen, sizeof(CK_BYTE));
#  317|   	}
#  318|   	return c->sym->C_GetAttributeValue(session, object, temp, templen);

Error: CPPCHECK_WARNING (CWE-476):
image-builder-cli-37/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go:60: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ret
#   58|   
#   59|   		ret = (char *)malloc((strlen(enc)+1) * sizeof(char)); // for trailing null
#   60|-> 		strcpy(ret, enc);
#   61|   		ret[strlen(enc)]= '\0';
#   62|   

Error: GCC_ANALYZER_WARNING (CWE-688):
image-builder-cli-37/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go: scope_hint: In function 'gnu_ext_crypt'
image-builder-cli-37/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go:60:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'ret' where non-null expected
<built-in>: note: argument 1 of '__builtin_strcpy' must be non-null
#   58|   
#   59|   		ret = (char *)malloc((strlen(enc)+1) * sizeof(char)); // for trailing null
#   60|-> 		strcpy(ret, enc);
#   61|   		ret[strlen(enc)]= '\0';
#   62|   

Error: GCC_ANALYZER_WARNING (CWE-688):
image-builder-cli-37/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go: scope_hint: In function ‘gnu_ext_crypt’
image-builder-cli-37/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go:60:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘ret’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strcpy’ must be non-null
#   58|   
#   59|   		ret = (char *)malloc((strlen(enc)+1) * sizeof(char)); // for trailing null
#   60|-> 		strcpy(ret, enc);
#   61|   		ret[strlen(enc)]= '\0';
#   62|   

Error: CPPCHECK_WARNING (CWE-476):
image-builder-cli-37/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go:61: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ret
#   59|   		ret = (char *)malloc((strlen(enc)+1) * sizeof(char)); // for trailing null
#   60|   		strcpy(ret, enc);
#   61|-> 		ret[strlen(enc)]= '\0';
#   62|   
#   63|   	 return ret;

Issues can be reported to the mailing list. User documentation can be found on the wiki.