Task #74788 - conmon-2.1.13-1.20251008083856692752.main.108.g42da7ac/scan-results.err
back to task #74788download
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/cgroup.c: scope_hint: In function ‘process_cgroup_subsystem_path’
conmon-2.1.13/src/cgroup.c:59:37: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(g_strdup_printf("/proc/%d/cgroup", pid), "re")’
# 57| {
# 58| _cleanup_free_ char *cgroups_file_path = g_strdup_printf("/proc/%d/cgroup", pid);
# 59|-> _cleanup_fclose_ FILE *fp = fopen(cgroups_file_path, "re");
# 60| if (fp == NULL) {
# 61| nwarnf("Failed to open cgroups file: %s", cgroups_file_path);
Error: GCC_ANALYZER_WARNING (CWE-401):
conmon-2.1.13/src/cgroup.c:59:37: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(g_strdup_printf("/proc/%d/cgroup", pid), "re")’
# 57| {
# 58| _cleanup_free_ char *cgroups_file_path = g_strdup_printf("/proc/%d/cgroup", pid);
# 59|-> _cleanup_fclose_ FILE *fp = fopen(cgroups_file_path, "re");
# 60| if (fp == NULL) {
# 61| nwarnf("Failed to open cgroups file: %s", cgroups_file_path);
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/cgroup.c: scope_hint: In function ‘setup_oom_handling_cgroup_v1’
conmon-2.1.13/src/cgroup.c:149:35: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_build_filename(process_cgroup_subsystem_path(pid, 0, "memory"), "cgroup.event_control", 0), 524289)’
conmon-2.1.13/src/cgroup.c: scope_hint: In function ‘setup_oom_handling_cgroup_v1’
# 147| /* this will be cleaned up in oom_cb_cgroup_v1 */
# 148| char *memory_cgroup_file_path = g_build_filename(memory_cgroup_path, "cgroup.event_control", NULL);
# 149|-> _cleanup_close_ int cfd = open(memory_cgroup_file_path, O_WRONLY | O_CLOEXEC);
# 150| if (cfd == -1) {
# 151| nwarnf("Failed to open %s", memory_cgroup_file_path);
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/cgroup.c:158:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_build_filename(process_cgroup_subsystem_path(pid, 0, "memory"), "memory.oom_control", 0), 524288)’
conmon-2.1.13/src/cgroup.c: scope_hint: In function ‘setup_oom_handling_cgroup_v1’
# 156| _cleanup_free_ char *memory_cgroup_file_oom_path = g_build_filename(memory_cgroup_path, "memory.oom_control", NULL);
# 157|
# 158|-> oom_cgroup_fd = open(memory_cgroup_file_oom_path, O_RDONLY | O_CLOEXEC); /* Not closed */
# 159| if (oom_cgroup_fd == -1)
# 160| pexitf("Failed to open %s", memory_cgroup_file_oom_path);
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/cgroup.c: scope_hint: In function ‘check_cgroup2_oom’
conmon-2.1.13/src/cgroup.c:292:37: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(g_build_filename(cgroup2_path, "memory.events", 0), "re")’
# 290| _cleanup_free_ char *memory_events_file_path = g_build_filename(cgroup2_path, "memory.events", NULL);
# 291|
# 292|-> _cleanup_fclose_ FILE *fp = fopen(memory_events_file_path, "re");
# 293| if (fp == NULL) {
# 294| nwarnf("Failed to open cgroups file: %s", memory_events_file_path);
Error: GCC_ANALYZER_WARNING (CWE-401):
conmon-2.1.13/src/cgroup.c:292:37: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(g_build_filename(cgroup2_path, "memory.events", 0), "re")’
# 290| _cleanup_free_ char *memory_events_file_path = g_build_filename(cgroup2_path, "memory.events", NULL);
# 291|
# 292|-> _cleanup_fclose_ FILE *fp = fopen(memory_events_file_path, "re");
# 293| if (fp == NULL) {
# 294| nwarnf("Failed to open cgroups file: %s", memory_events_file_path);
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/conmon.c: scope_hint: In function ‘disconnect_std_streams’
conmon-2.1.13/src/conmon.c:29:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(dev_null_r, 0)’
# 27| static void disconnect_std_streams(int dev_null_r, int dev_null_w)
# 28| {
# 29|-> if (dup2(dev_null_r, STDIN_FILENO) < 0)
# 30| pexit("Failed to dup over stdin");
# 31| if (dup2(dev_null_w, STDOUT_FILENO) < 0)
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/conmon.c:31:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(dev_null_w, 1)’
# 29| if (dup2(dev_null_r, STDIN_FILENO) < 0)
# 30| pexit("Failed to dup over stdin");
# 31|-> if (dup2(dev_null_w, STDOUT_FILENO) < 0)
# 32| pexit("Failed to dup over stdout");
# 33| if (dup2(dev_null_w, STDERR_FILENO) < 0)
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/conmon.c:33:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(dev_null_w, 2)’
# 31| if (dup2(dev_null_w, STDOUT_FILENO) < 0)
# 32| pexit("Failed to dup over stdout");
# 33|-> if (dup2(dev_null_w, STDERR_FILENO) < 0)
# 34| pexit("Failed to dup over stderr");
# 35| }
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/conmon.c: scope_hint: In function ‘main’
conmon-2.1.13/src/conmon.c:79:43: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 524288)’
# 77| }
# 78|
# 79|-> dev_null_r_cleanup = dev_null_r = open("/dev/null", O_RDONLY | O_CLOEXEC);
# 80| if (dev_null_r < 0)
# 81| pexit("Failed to open /dev/null");
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/conmon.c:83:43: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 524289)’
# 81| pexit("Failed to open /dev/null");
# 82|
# 83|-> dev_null_w_cleanup = dev_null_w = open("/dev/null", O_WRONLY | O_CLOEXEC);
# 84| if (dev_null_w < 0)
# 85| pexit("Failed to open /dev/null");
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/conmon.c:244:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(workerfd_stdin, 0)’
# 242| if (workerfd_stdin < 0)
# 243| workerfd_stdin = dev_null_r;
# 244|-> if (dup2(workerfd_stdin, STDIN_FILENO) < 0)
# 245| _pexit("Failed to dup over stdin");
# 246| if (workerfd_stdin != dev_null_r && fchmod(STDIN_FILENO, 0777) < 0 && errno != EINVAL)
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/conmon.c:251:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(workerfd_stdout, 1)’
# 249| if (workerfd_stdout < 0)
# 250| workerfd_stdout = dev_null_w;
# 251|-> if (dup2(workerfd_stdout, STDOUT_FILENO) < 0)
# 252| _pexit("Failed to dup over stdout");
# 253| if (workerfd_stdout != dev_null_w && fchmod(STDOUT_FILENO, 0777) < 0 && errno != EINVAL)
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/conmon.c:256:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(workerfd_stderr, 2)’
# 254| nwarn("Failed to chmod stdout");
# 255|
# 256|-> if (dup2(workerfd_stderr, STDERR_FILENO) < 0)
# 257| _pexit("Failed to dup over stderr");
# 258| if (workerfd_stderr != dev_null_w && fchmod(STDERR_FILENO, 0777) < 0 && errno != EINVAL)
Error: GCC_ANALYZER_WARNING (CWE-910):
conmon-2.1.13/src/conmon.c:285:44: warning[-Wanalyzer-fd-use-after-close]: ‘read’ on closed file descriptor ‘get_pipe_fd_from_env("_OCI_STARTPIPE")’
conmon-2.1.13/src/conmon.c:8: included_from: Included from here.
conmon-2.1.13/src/conmon.c:284:33: note: in expansion of macro ‘ndebug’
# 283| if (start_pipe_fd > 0) {
# 284| ndebug("exec with attach is waiting for start message from parent");
# 285|-> num_read = read(start_pipe_fd, buf, BUF_SIZE);
# 286| if (num_read < 0) {
# 287| _pexit("start-pipe read failed");
Error: GCC_ANALYZER_WARNING (CWE-1341):
conmon-2.1.13/src/conmon.c:290:33: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘get_pipe_fd_from_env("_OCI_STARTPIPE")’
conmon-2.1.13/src/conmon.c:284:33: note: in expansion of macro ‘ndebug’
conmon-2.1.13/src/conmon.c:289:33: note: in expansion of macro ‘ndebug’
# 288| }
# 289| ndebug("exec with attach got start message from parent");
# 290|-> close(start_pipe_fd);
# 291| }
# 292| }
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/conn_sock.c:215:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*fd’
conmon-2.1.13/src/conn_sock.c: scope_hint: In function ‘setup_socket’
# 213| pexit("Failed to create socket");
# 214| bind_relative_to_dir(sfd, *fd, bname);
# 215|-> if (listen(*fd, 128) < 0)
# 216| pexit("Failed to listen on console-socket");
# 217|
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/conn_sock.c:277:45: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(socket_parent_dir(use_full_attach_path, 108), 2621440)’
# 275| * to actually refer to the file where the socket will be created below.
# 276| */
# 277|-> _cleanup_close_ int parent_dir_fd = open(parent_dir, O_PATH | O_CLOEXEC);
# 278| if (parent_dir_fd < 0)
# 279| pexitf("failed to open socket path parent dir %s", parent_dir);
Error: GCC_ANALYZER_WARNING (CWE-688):
conmon-2.1.13/src/conn_sock.c: scope_hint: In function ‘bind_unix_socket’
conmon-2.1.13/src/conn_sock.c:277:45: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘socket_parent_dir(use_full_attach_path, 108)’ where non-null expected
/usr/include/glib-2.0/glib-unix.h:34: included_from: Included from here.
conmon-2.1.13/src/utils.h:11: included_from: Included from here.
/usr/include/fcntl.h:209:12: note: argument 1 of ‘open’ must be non-null
# 275| * to actually refer to the file where the socket will be created below.
# 276| */
# 277|-> _cleanup_close_ int parent_dir_fd = open(parent_dir, O_PATH | O_CLOEXEC);
# 278| if (parent_dir_fd < 0)
# 279| pexitf("failed to open socket path parent dir %s", parent_dir);
Error: GCC_ANALYZER_WARNING (CWE-401):
conmon-2.1.13/src/conn_sock.c:320:24: warning[-Wanalyzer-malloc-leak]: leak of ‘socket_parent_dir(use_full_attach_path, 108)’
conmon-2.1.13/src/conn_sock.c:279:17: note: in expansion of macro ‘pexitf’
# 318| /* if we're to use the full path, ignore the socket path and only use the bundle_path */
# 319| if (use_full_attach_path)
# 320|-> return strdup(opt_bundle_path);
# 321|
# 322| char *base_path = g_build_filename(opt_socket_path, opt_cuuid, NULL);
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/ctr_logging.c: scope_hint: In function ‘path_contains_symlinks_atomic’
conmon-2.1.13/src/ctr_logging.c:816:30: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/", 2621440)’
/usr/include/glib-2.0/glib/gstring.h:37: included_from: Included from here.
/usr/include/glib-2.0/glib/giochannel.h:36: included_from: Included from here.
/usr/include/glib-2.0/glib.h:56: included_from: Included from here.
conmon-2.1.13/src/utils.h:10: included_from: Included from here.
conmon-2.1.13/src/ctr_logging.h:5: included_from: Included from here.
conmon-2.1.13/src/ctr_logging.c:2: included_from: Included from here.
conmon-2.1.13/src/ctr_logging.c:810:21: note: in expansion of macro ‘g_strdup’
conmon-2.1.13/src/ctr_logging.c: scope_hint: In function ‘path_contains_symlinks_atomic’
# 814| /* Start from root if absolute path */
# 815| if (path_copy[0] == '/') {
# 816|-> current_fd = open("/", O_PATH | O_CLOEXEC);
# 817| if (current_fd < 0)
# 818| return TRUE;
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/ctr_logging.c: scope_hint: In function ‘secure_validate_log_path’
conmon-2.1.13/src/ctr_logging.c:990:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_path_get_dirname(path), 2621440)’
# 988|
# 989| /* Open parent directory with O_PATH for safe operations */
# 990|-> parent_fd = open(parent_dir, O_PATH | O_CLOEXEC);
# 991| if (parent_fd < 0)
# 992| return -1;
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/ctrl.c: scope_hint: In function ‘setup_fifo’
conmon-2.1.13/src/ctrl.c:273:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_build_filename(opt_bundle_path, filename, 0), 526336)’
# 271| }
# 272|
# 273|-> if ((*fifo_r = open(fifo_path, O_RDONLY | O_NONBLOCK | O_CLOEXEC)) == -1)
# 274| pexitf("Failed to open %s read half", error_var_name);
# 275|
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/ctrl.c:276:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_build_filename(opt_bundle_path, filename, 0), 524289)’
# 274| pexitf("Failed to open %s read half", error_var_name);
# 275|
# 276|-> if ((*fifo_w = open(fifo_path, O_WRONLY | O_CLOEXEC)) == -1)
# 277| pexitf("Failed to open %s write half", error_var_name);
# 278| }
Error: GCC_ANALYZER_WARNING (CWE-401):
conmon-2.1.13/src/seccomp_notify.c: scope_hint: In function ‘seccomp_notify_plugins_load’
conmon-2.1.13/src/seccomp_notify.c:296:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc0((long unsigned int)*(struct seccomp_notify_context_s *)<unknown>.sizes.seccomp_notif)’
# 294| if (res == NULL)
# 295| pexitf("calloc");
# 296|-> return res;
# 297| }
# 298|
Error: GCC_ANALYZER_WARNING (CWE-401):
conmon-2.1.13/src/seccomp_notify.c:296:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc0((long unsigned int)*(struct seccomp_notify_context_s *)<unknown>.sizes.seccomp_notif_resp)’
# 294| if (res == NULL)
# 295| pexitf("calloc");
# 296|-> return res;
# 297| }
# 298|
Error: GCC_ANALYZER_WARNING (CWE-401):
conmon-2.1.13/src/seccomp_notify.c:296:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc0(48)’
# 294| if (res == NULL)
# 295| pexitf("calloc");
# 296|-> return res;
# 297| }
# 298|
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/utils.h:69:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_build_filename(process_cgroup_subsystem_path(pid, 0, "memory"), "cgroup.event_control", 0), 524289)’
conmon-2.1.13/src/cgroup.c:163:17: note: in expansion of macro ‘pexit’
conmon-2.1.13/src/cgroup.c: scope_hint: In function ‘setup_oom_handling_cgroup_v1’
conmon-2.1.13/src/cgroup.c:163:17: note: in expansion of macro ‘pexit’
conmon-2.1.13/src/cgroup.c:163:17: note: in expansion of macro ‘pexit’
# 67| errno = saved_errno; \
# 68| fprintf(stderr, "[conmon:e]: %s %m\n", s); \
# 69|-> if (use_syslog) { \
# 70| errno = saved_errno; \
# 71| syslog(LOG_ERR, "conmon %.20s <error>: %s %m\n", log_cid, s); \
Error: GCC_ANALYZER_WARNING (CWE-401):
conmon-2.1.13/src/conn_sock.c:6: included_from: Included from here.
conmon-2.1.13/src/conn_sock.c: scope_hint: In function ‘setup_socket’
conmon-2.1.13/src/utils.h:69:21: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(path)’
conmon-2.1.13/src/conn_sock.c:177:25: note: in expansion of macro ‘pexit’
/usr/include/glib-2.0/glib/gtestutils.h:32: included_from: Included from here.
/usr/include/glib-2.0/glib.h:89: included_from: Included from here.
conmon-2.1.13/src/conn_sock.h:4: included_from: Included from here.
conmon-2.1.13/src/conn_sock.c:3: included_from: Included from here.
conmon-2.1.13/src/conn_sock.c:177:25: note: in expansion of macro ‘pexit’
conmon-2.1.13/src/conn_sock.c:177:25: note: in expansion of macro ‘pexit’
# 67| errno = saved_errno; \
# 68| fprintf(stderr, "[conmon:e]: %s %m\n", s); \
# 69|-> if (use_syslog) { \
# 70| errno = saved_errno; \
# 71| syslog(LOG_ERR, "conmon %.20s <error>: %s %m\n", log_cid, s); \
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/utils.h:80:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(socket_parent_dir(use_full_attach_path, 108), 2621440)’
conmon-2.1.13/src/conn_sock.c:297:17: note: in expansion of macro ‘pexitf’
conmon-2.1.13/src/conn_sock.c:297:17: note: in expansion of macro ‘pexitf’
conmon-2.1.13/src/conn_sock.c:297:17: note: in expansion of macro ‘pexitf’
# 78| int saved_errno = errno; \
# 79| errno = saved_errno; \
# 80|-> fprintf(stderr, "[conmon:e]: " fmt " %m\n", ##__VA_ARGS__); \
# 81| if (use_syslog) { \
# 82| errno = saved_errno; \
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/utils.h:81:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_build_filename(process_cgroup_subsystem_path(pid, 0, "memory"), "cgroup.event_control", 0), 524289)’
conmon-2.1.13/src/cgroup.c:160:17: note: in expansion of macro ‘pexitf’
conmon-2.1.13/src/cgroup.c: scope_hint: In function ‘setup_oom_handling_cgroup_v1’
/usr/include/glib-2.0/glib/gtestutils.h:32: included_from: Included from here.
/usr/include/glib-2.0/glib.h:89: included_from: Included from here.
conmon-2.1.13/src/cgroup.h:4: included_from: Included from here.
conmon-2.1.13/src/cgroup.c:3: included_from: Included from here.
conmon-2.1.13/src/cgroup.c:160:17: note: in expansion of macro ‘pexitf’
conmon-2.1.13/src/cgroup.c:160:17: note: in expansion of macro ‘pexitf’
# 79| errno = saved_errno; \
# 80| fprintf(stderr, "[conmon:e]: " fmt " %m\n", ##__VA_ARGS__); \
# 81|-> if (use_syslog) { \
# 82| errno = saved_errno; \
# 83| syslog(LOG_ERR, "conmon %.20s <error>: " fmt ": %m\n", log_cid, ##__VA_ARGS__); \
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/utils.h:81:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(socket_parent_dir(use_full_attach_path, 108), 2621440)’
conmon-2.1.13/src/conn_sock.c:294:17: note: in expansion of macro ‘pexitf’
conmon-2.1.13/src/conn_sock.c:294:17: note: in expansion of macro ‘pexitf’
conmon-2.1.13/src/conn_sock.c:294:17: note: in expansion of macro ‘pexitf’
# 79| errno = saved_errno; \
# 80| fprintf(stderr, "[conmon:e]: " fmt " %m\n", ##__VA_ARGS__); \
# 81|-> if (use_syslog) { \
# 82| errno = saved_errno; \
# 83| syslog(LOG_ERR, "conmon %.20s <error>: " fmt ": %m\n", log_cid, ##__VA_ARGS__); \
Error: GCC_ANALYZER_WARNING (CWE-401):
conmon-2.1.13/src/utils.h:81:21: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(path)’
conmon-2.1.13/src/conn_sock.c:182:25: note: in expansion of macro ‘pexitf’
conmon-2.1.13/src/conn_sock.c:182:25: note: in expansion of macro ‘pexitf’
conmon-2.1.13/src/conn_sock.c:182:25: note: in expansion of macro ‘pexitf’
# 79| errno = saved_errno; \
# 80| fprintf(stderr, "[conmon:e]: " fmt " %m\n", ##__VA_ARGS__); \
# 81|-> if (use_syslog) { \
# 82| errno = saved_errno; \
# 83| syslog(LOG_ERR, "conmon %.20s <error>: " fmt ": %m\n", log_cid, ##__VA_ARGS__); \
Error: GCC_ANALYZER_WARNING (CWE-775):
conmon-2.1.13/src/utils.h:216:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_build_filename(process_cgroup_subsystem_path(pid, 0, "memory"), "cgroup.event_control", 0), 524289)’
conmon-2.1.13/src/cgroup.c: scope_hint: In function ‘setup_oom_handling_cgroup_v1’
conmon-2.1.13/src/cgroup.c: scope_hint: In function ‘setup_oom_handling_cgroup_v1’
# 214| static inline void closep(int *fd)
# 215| {
# 216|-> if (*fd >= 0)
# 217| close(*fd);
# 218| *fd = -1;