OpenScanHub - Task log

Task #786 - libiptcdata-1.0.5-18.fc41/scan-results.err

back to task #786
download

Error: CPPCHECK_WARNING:
libiptcdata-1.0.5-build/libiptcdata-1.0.5/iptc/main.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: GCC_ANALYZER_WARNING (CWE-401):
libiptcdata-1.0.5-build/libiptcdata-1.0.5/iptc/main.c: scope_hint: In function ‘locale_to_utf8’
libiptcdata-1.0.5-build/libiptcdata-1.0.5/iptc/main.c:93:12: warning[-Wanalyzer-malloc-leak]: leak of ‘iconv_open("UTF-8", nl_langinfo(14))’
#   91|   
#   92|   	ic = iconv_open ("UTF-8", nl_langinfo (CODESET));
#   93|-> 	if (ic == (iconv_t) -1)
#   94|   		return strdup (str);
#   95|   

Error: GCC_ANALYZER_WARNING (CWE-401):
libiptcdata-1.0.5-build/libiptcdata-1.0.5/iptc/main.c:97:12: warning[-Wanalyzer-malloc-leak]: leak of ‘iconv_open("UTF-8", nl_langinfo(14))’
#   95|   
#   96|   	outstr = malloc (out_size);
#   97|-> 	if (!outstr)
#   98|   		return NULL;
#   99|   	

Error: GCC_ANALYZER_WARNING (CWE-401):
libiptcdata-1.0.5-build/libiptcdata-1.0.5/iptc/main.c: scope_hint: In function ‘str_to_locale’
libiptcdata-1.0.5-build/libiptcdata-1.0.5/iptc/main.c:124:12: warning[-Wanalyzer-malloc-leak]: leak of ‘iconv_open("WCHAR_T", charset)’
#  122|   
#  123|   	ic = iconv_open ("WCHAR_T", charset);
#  124|-> 	if (ic == (iconv_t) -1)
#  125|   		return strdup (str);
#  126|   

Error: GCC_ANALYZER_WARNING (CWE-401):
libiptcdata-1.0.5-build/libiptcdata-1.0.5/iptc/main.c:125:24: warning[-Wanalyzer-malloc-leak]: leak of ‘outstr’
#  123|   	ic = iconv_open ("WCHAR_T", charset);
#  124|   	if (ic == (iconv_t) -1)
#  125|-> 		return strdup (str);
#  126|   
#  127|   	wstr = malloc (w_size);

Error: GCC_ANALYZER_WARNING (CWE-401):
libiptcdata-1.0.5-build/libiptcdata-1.0.5/iptc/main.c:128:12: warning[-Wanalyzer-malloc-leak]: leak of ‘iconv_open("WCHAR_T", charset)’
#  126|   
#  127|   	wstr = malloc (w_size);
#  128|-> 	if (!wstr)
#  129|   		return NULL;
#  130|   	

Error: CPPCHECK_WARNING (CWE-401):
libiptcdata-1.0.5-build/libiptcdata-1.0.5/iptc/main.c:151: error[memleakOnRealloc]: Common realloc mistake: 'outstr' nulled but not freed upon failure
#  149|   		while (out_len - j < MB_CUR_MAX + 1) {
#  150|   			out_len *= 2;
#  151|-> 			outstr = realloc (outstr, out_len);
#  152|   			if (!outstr)
#  153|   				return NULL;

Error: CLANG_WARNING:
libiptcdata-1.0.5-build/libiptcdata-1.0.5/iptc/main.c:153:12: warning[unix.Malloc]: Potential leak of memory pointed to by 'outstr'
#  151|   			outstr = realloc (outstr, out_len);
#  152|   			if (!outstr)
#  153|-> 				return NULL;
#  154|   		}
#  155|   		n = wcrtomb (outstr + j, wstr[i], &ps);

Error: GCC_ANALYZER_WARNING (CWE-476):
libiptcdata-1.0.5-build/libiptcdata-1.0.5/iptc/main.c:162:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘outstr’
#  160|   		j += n;
#  161|   	}
#  162|-> 	outstr[j] = '\0';
#  163|   
#  164|   	free (wstr);

Error: GCC_ANALYZER_WARNING (CWE-688):
libiptcdata-1.0.5-build/libiptcdata-1.0.5/iptc/main.c: scope_hint: In function ‘parse_tag_id’
libiptcdata-1.0.5-build/libiptcdata-1.0.5/iptc/main.c:500:26: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘name’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strchr’ must be non-null
#  498|   		char * name = strdup (str);
#  499|   		char * a;
#  500|-> 		if ((a = strchr (name, ':'))) {
#  501|   			if (!strcmp (a+1, "all"))
#  502|   				*num = -1;

Error: GCC_ANALYZER_WARNING (CWE-688):
libiptcdata-1.0.5-build/libiptcdata-1.0.5/iptc/main.c: scope_hint: In function ‘main’
libiptcdata-1.0.5-build/libiptcdata-1.0.5/iptc/main.c:666:57: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘locale_to_utf8(optarg)’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
#  664|   					convbuf = locale_to_utf8 (optarg);
#  665|   					iptc_dataset_set_data (ds, (unsigned char *) convbuf,
#  666|-> 							strlen (convbuf),
#  667|   							IPTC_DONT_VALIDATE);
#  668|   					free (convbuf);

Error: CLANG_WARNING:
libiptcdata-1.0.5-build/libiptcdata-1.0.5/iptc/main.c:697:5: warning[unix.Malloc]: Potential leak of memory pointed to by 'oplist.ops'
#  695|   
#  696|   			default:
#  697|-> 				print_help(argv);
#  698|   				return 1;
#  699|   		}

Error: COMPILER_WARNING (CWE-252):
libiptcdata-1.0.5-build/libiptcdata-1.0.5/iptc/main.c: scope_hint: In function ‘main’
libiptcdata-1.0.5-build/libiptcdata-1.0.5/iptc/main.c:850:41: warning[-Wunused-result]: ignoring return value of ‘chown’ declared with attribute ‘warn_unused_result’
#  850 |                                         chown (filename, -1, statinfo.st_gid);
#      |                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  848|   				}
#  849|   				else {
#  850|-> 					chown (filename, -1, statinfo.st_gid);
#  851|   					chmod (filename, statinfo.st_mode);
#  852|   				}

Error: GCC_ANALYZER_WARNING (CWE-476):
libiptcdata-1.0.5-build/libiptcdata-1.0.5/libiptcdata/iptc-data.c: scope_hint: In function 'iptc_data_add_dataset_with_value'
libiptcdata-1.0.5-build/libiptcdata-1.0.5/libiptcdata/iptc-data.c:895:40: warning[-Wanalyzer-null-dereference]: dereference of NULL 'data'
#  893|   	int ret;
#  894|   
#  895|-> 	ds = iptc_dataset_new_mem (data->priv->mem);
#  896|   	if (!ds)
#  897|   		return -1;

Error: GCC_ANALYZER_WARNING (CWE-476):
libiptcdata-1.0.5-build/libiptcdata-1.0.5/libiptcdata/iptc-data.c: scope_hint: In function 'iptc_data_add_dataset_with_contents'
libiptcdata-1.0.5-build/libiptcdata-1.0.5/libiptcdata/iptc-data.c:938:40: warning[-Wanalyzer-null-dereference]: dereference of NULL 'data'
#  936|   	int ret;
#  937|   
#  938|-> 	ds = iptc_dataset_new_mem (data->priv->mem);
#  939|   	if (!ds)
#  940|   		return -1;

Error: CPPCHECK_WARNING:
libiptcdata-1.0.5-build/libiptcdata-1.0.5/libiptcdata/iptc-dataset.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: GCC_ANALYZER_WARNING (CWE-476):
libiptcdata-1.0.5-build/libiptcdata-1.0.5/libiptcdata/iptc-dataset.c: scope_hint: In function 'iptc_dataset_copy'
libiptcdata-1.0.5-build/libiptcdata-1.0.5/libiptcdata/iptc-dataset.c:115:22: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
#  113|   	copy = iptc_dataset_new_mem (e->priv->mem);
#  114|   
#  115|-> 	copy->record = e->record;
#  116|   	copy->tag = e->tag;
#  117|   	copy->info = e->info;

Error: CPPCHECK_WARNING:
libiptcdata-1.0.5-build/libiptcdata-1.0.5/libiptcdata/iptc-jpeg.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: COMPILER_WARNING:
libiptcdata-1.0.5-build/libiptcdata-1.0.5/python/pyiptcdata.c:4: included_from: Included from here.
libiptcdata-1.0.5-build/libiptcdata-1.0.5/python/python3/pyiptcdata.c: scope_hint: In function 'save'
libiptcdata-1.0.5-build/libiptcdata-1.0.5/python/python3/pyiptcdata.c:138:17: warning[-Wstringop-truncation]: '__strncpy_chk' specified bound depends on the length of the source argument
#  138 |                 strncpy(tmp_filename, arg_filename, path_len);
#      |                 ^
libiptcdata-1.0.5-build/libiptcdata-1.0.5/python/python3/pyiptcdata.c:131:24: note: length computed here
#  131 |         int file_len = strlen(arg_filename);
#      |                        ^~~~~~~~~~~~~~~~~~~~
#  136|   	if (basename) {
#  137|   		int path_len = file_len - strlen(basename) + 1;
#  138|-> 		strncpy(tmp_filename, arg_filename, path_len);
#  139|   	}
#  140|   	strcat(tmp_filename, TMP_TEMPLATE);

Issues can be reported to the mailing list. User documentation can be found on the wiki.