gpgme-2.0.1-1.fc44

List of Findings

Error: SHELLCHECK_WARNING (CWE-156): [#def1]
/usr/bin/gpgme-config:2:28: warning[SC2046]: Quote this to prevent word splitting.
#    1|   #!/usr/bin/sh
#    2|-> exec /usr/bin/gpgme-config.$(arch) $@

Error: SHELLCHECK_WARNING (CWE-88): [#def2]
/usr/bin/gpgme-config:2:36: error[SC2068]: Double quote array expansions to avoid re-splitting elements.
#    1|   #!/usr/bin/sh
#    2|-> exec /usr/bin/gpgme-config.$(arch) $@

Error: SHELLCHECK_WARNING (CWE-563): [#def3]
/usr/bin/gpgme-config.x86_64:41:1: warning[SC2034]: libs_pthread appears unused. Verify use (or export if used externally).
#   39|   # thread modules variable.
#   40|   thread_modules="$thread_modules pthread"
#   41|-> libs_pthread="-lpthread"
#   42|   cflags_pthread=""
#   43|   

Error: SHELLCHECK_WARNING (CWE-457): [#def4]
/usr/bin/gpgme-config.x86_64:128:37: warning[SC2154]: assuan_cflags is referenced but not assigned.
#  126|   	    esac
#  127|   	    test "x$with_glib" = "xyes" && tmp_g="$cflags_glib"
#  128|->             for i in $cflags $tmp_c $assuan_cflags $gpg_error_cflags $tmp_g ; do
#  129|                 skip=no
#  130|                 case $i in

Error: SHELLCHECK_WARNING (CWE-457): [#def5]
/usr/bin/gpgme-config.x86_64:164:35: warning[SC2154]: assuan_libs is referenced but not assigned.
#  162|   		    ;;
#  163|   	    esac
#  164|->             for i in $libs $tmp_l $assuan_libs $gpg_error_libs $tmp_x; do
#  165|                 skip=no
#  166|                 case $i in

Error: SHELLCHECK_WARNING (CWE-457): [#def6]
/usr/bin/gpgme-config.x86_64:164:48: warning[SC2154]: gpg_error_libs is referenced but not assigned.
#  162|   		    ;;
#  163|   	    esac
#  164|->             for i in $libs $tmp_l $assuan_libs $gpg_error_libs $tmp_x; do
#  165|                 skip=no
#  166|                 case $i in

Error: CLANG_WARNING: [#def7]
gpgme-2.0.1/doc/mkdefsinc.c:199:15: warning[unix.Malloc]: Potential leak of memory pointed to by 'opt_date'
#  197|               {
#  198|                 opt_date = xstrdup (*argv);
#  199|->               argc--; argv++;
#  200|               }
#  201|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
gpgme-2.0.1/doc/mkdefsinc.c: scope_hint: In function ‘main’
gpgme-2.0.1/doc/mkdefsinc.c:199:27: warning[-Wanalyzer-malloc-leak]: leak of ‘opt_date’
#  197|               {
#  198|                 opt_date = xstrdup (*argv);
#  199|->               argc--; argv++;
#  200|               }
#  201|           }

Error: CPPCHECK_WARNING (CWE-457): [#def9]
gpgme-2.0.1/doc/mkdefsinc.c:289: warning[uninitvar]: Uninitialized variable: monthoff
#  287|   
#  288|     printf ("@set UPDATED %s\n", opt_date);
#  289|->   printf ("@set UPDATED-MONTH %s\n", opt_date + monthoff);
#  290|     printf ("@set EDITION %s\n", PACKAGE_VERSION);
#  291|     printf ("@set VERSION %s\n", PACKAGE_VERSION);

Error: CLANG_WARNING: [#def10]
gpgme-2.0.1/doc/mkdefsinc.c:290:3: warning[unix.Malloc]: Potential leak of memory pointed to by 'opt_date'
#  288|     printf ("@set UPDATED %s\n", opt_date);
#  289|     printf ("@set UPDATED-MONTH %s\n", opt_date + monthoff);
#  290|->   printf ("@set EDITION %s\n", PACKAGE_VERSION);
#  291|     printf ("@set VERSION %s\n", PACKAGE_VERSION);
#  292|   

Error: CPPCHECK_WARNING (CWE-457): [#def11]
gpgme-2.0.1/gpgmepy/build/gpgme_wrap.c:873: warning[uninitvar]: Uninitialized variable: buff
#  871|       *r = 0;
#  872|     }
#  873|->   return buff;
#  874|   }
#  875|   

Error: CPPCHECK_WARNING (CWE-476): [#def12]
gpgme-2.0.1/gpgmepy/build/gpgme_wrap.c:1902: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data
# 1900|       SwigPyClientData *data = (SwigPyClientData *)malloc(sizeof(SwigPyClientData));
# 1901|       /* the klass element */
# 1902|->     data->klass = obj;
# 1903|       SWIG_Py_INCREF(data->klass);
# 1904|       /* the newraw method and newargs arguments used to create a new raw instance */

Error: CPPCHECK_WARNING (CWE-476): [#def13]
gpgme-2.0.1/gpgmepy/build/gpgme_wrap.c:1903: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data
# 1901|       /* the klass element */
# 1902|       data->klass = obj;
# 1903|->     SWIG_Py_INCREF(data->klass);
# 1904|       /* the newraw method and newargs arguments used to create a new raw instance */
# 1905|       if (PyClass_Check(obj)) {

Error: CPPCHECK_WARNING (CWE-457): [#def14]
gpgme-2.0.1/gpgmepy/build/gpgme_wrap.c:16651: error[legacyUninitvar]: Uninitialized variable: arg2
#16649|     {
#16650|       SWIG_PYTHON_THREAD_BEGIN_ALLOW;
#16651|->     result = gpgme_data_new_from_estream(arg1,arg2);
#16652|       SWIG_PYTHON_THREAD_END_ALLOW;
#16653|     }

Error: CLANG_WARNING: [#def15]
gpgme-2.0.1/qgpgme/src/cryptoconfig.cpp:61:42: warning[core.CallAndMessage]: Called C++ object pointer is null
#   59|       const QStringList groupNames = comp ? comp->groupList() : QStringList();
#   60|       for (const auto &groupName : groupNames) {
#   61|->         const CryptoConfigGroup *group = comp->group(groupName);
#   62|           CryptoConfigEntry *entry = group ? group->entry(entryName) : nullptr;
#   63|           if (entry) {

Error: COMPILER_WARNING (CWE-252): [#def16]
gpgme-2.0.1/qgpgme/tests/run-decryptverifyjob.cpp: scope_hint: In function ‘int main(int, char**)’
gpgme-2.0.1/qgpgme/tests/run-decryptverifyjob.cpp:117:21: warning[-Wunused-result]: ignoring return value of ‘bool QFile::open(FILE*, QIODeviceBase::OpenMode, QFileDevice::FileHandleFlags)’, declared with attribute ‘nodiscard’
#  117 |         output->open(stdout, QIODevice::WriteOnly);
#      |         ~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/qt6/QtCore/QFile:1: included_from: Included from here.
gpgme-2.0.1/qgpgme/tests/run-decryptverifyjob.cpp:44: included_from: Included from here.
/usr/include/qt6/QtCore/qfile.h:293:32: note: declared here
#  293 |     QFILE_MAYBE_NODISCARD bool open(FILE *f, OpenMode ioFlags, FileHandleFlags handleFlags=DontCloseHandle);
#      |                                ^~~~
#  115|       if (options.outputFile.isEmpty() || options.outputFile == QLatin1String{"-"}) {
#  116|           output.reset(new QFile);
#  117|->         output->open(stdout, QIODevice::WriteOnly);
#  118|       } else {
#  119|           if (QFile::exists(options.outputFile)) {

Error: COMPILER_WARNING (CWE-252): [#def17]
gpgme-2.0.1/qgpgme/tests/run-encryptarchivejob.cpp: scope_hint: In function ‘int main(int, char**)’
gpgme-2.0.1/qgpgme/tests/run-encryptarchivejob.cpp:143:21: warning[-Wunused-result]: ignoring return value of ‘bool QFile::open(FILE*, QIODeviceBase::OpenMode, QFileDevice::FileHandleFlags)’, declared with attribute ‘nodiscard’
#  143 |         output->open(stdout, QIODevice::WriteOnly);
#      |         ~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/qt6/QtCore/qdir.h:11: included_from: Included from here.
/usr/include/qt6/QtCore/QDir:1: included_from: Included from here.
gpgme-2.0.1/qgpgme/tests/run-encryptarchivejob.cpp:45: included_from: Included from here.
/usr/include/qt6/QtCore/qfile.h:293:32: note: declared here
#  293 |     QFILE_MAYBE_NODISCARD bool open(FILE *f, OpenMode ioFlags, FileHandleFlags handleFlags=DontCloseHandle);
#      |                                ^~~~
#  141|       if (options.archiveName.isEmpty() || options.archiveName == QLatin1String{"-"}) {
#  142|           output.reset(new QFile);
#  143|->         output->open(stdout, QIODevice::WriteOnly);
#  144|       } else {
#  145|           outputFilePath = checkOutputFilePath(options.archiveName, options.baseDirectory);

Error: COMPILER_WARNING (CWE-252): [#def18]
gpgme-2.0.1/qgpgme/tests/run-encryptjob.cpp: scope_hint: In function ‘int main(int, char**)’
gpgme-2.0.1/qgpgme/tests/run-encryptjob.cpp:121:21: warning[-Wunused-result]: ignoring return value of ‘bool QFile::open(FILE*, QIODeviceBase::OpenMode, QFileDevice::FileHandleFlags)’, declared with attribute ‘nodiscard’
#  121 |         output->open(stdout, QIODevice::WriteOnly);
#      |         ~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/qt6/QtCore/QFile:1: included_from: Included from here.
gpgme-2.0.1/qgpgme/tests/run-encryptjob.cpp:45: included_from: Included from here.
/usr/include/qt6/QtCore/qfile.h:293:32: note: declared here
#  293 |     QFILE_MAYBE_NODISCARD bool open(FILE *f, OpenMode ioFlags, FileHandleFlags handleFlags=DontCloseHandle);
#      |                                ^~~~
#  119|       if (options.outputFile.isEmpty() || options.outputFile == QLatin1String{"-"}) {
#  120|           output.reset(new QFile);
#  121|->         output->open(stdout, QIODevice::WriteOnly);
#  122|       } else {
#  123|           if (QFile::exists(options.outputFile)) {

Error: COMPILER_WARNING (CWE-252): [#def19]
gpgme-2.0.1/qgpgme/tests/run-signarchivejob.cpp: scope_hint: In function ‘int main(int, char**)’
gpgme-2.0.1/qgpgme/tests/run-signarchivejob.cpp:137:21: warning[-Wunused-result]: ignoring return value of ‘bool QFile::open(FILE*, QIODeviceBase::OpenMode, QFileDevice::FileHandleFlags)’, declared with attribute ‘nodiscard’
#  137 |         output->open(stdout, QIODevice::WriteOnly);
#      |         ~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/qt6/QtCore/qdir.h:11: included_from: Included from here.
/usr/include/qt6/QtCore/QDir:1: included_from: Included from here.
gpgme-2.0.1/qgpgme/tests/run-signarchivejob.cpp:44: included_from: Included from here.
/usr/include/qt6/QtCore/qfile.h:293:32: note: declared here
#  293 |     QFILE_MAYBE_NODISCARD bool open(FILE *f, OpenMode ioFlags, FileHandleFlags handleFlags=DontCloseHandle);
#      |                                ^~~~
#  135|       if (options.archiveName.isEmpty() || options.archiveName == QLatin1String{"-"}) {
#  136|           output.reset(new QFile);
#  137|->         output->open(stdout, QIODevice::WriteOnly);
#  138|       } else {
#  139|           outputFilePath = checkOutputFilePath(options.archiveName, options.baseDirectory);

Error: COMPILER_WARNING (CWE-252): [#def20]
gpgme-2.0.1/qgpgme/tests/run-signjob.cpp: scope_hint: In function ‘int main(int, char**)’
gpgme-2.0.1/qgpgme/tests/run-signjob.cpp:124:21: warning[-Wunused-result]: ignoring return value of ‘bool QFile::open(FILE*, QIODeviceBase::OpenMode, QFileDevice::FileHandleFlags)’, declared with attribute ‘nodiscard’
#  124 |         output->open(stdout, QIODevice::WriteOnly);
#      |         ~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/qt6/QtCore/QFile:1: included_from: Included from here.
gpgme-2.0.1/qgpgme/tests/run-signjob.cpp:44: included_from: Included from here.
/usr/include/qt6/QtCore/qfile.h:293:32: note: declared here
#  293 |     QFILE_MAYBE_NODISCARD bool open(FILE *f, OpenMode ioFlags, FileHandleFlags handleFlags=DontCloseHandle);
#      |                                ^~~~
#  122|       if (options.outputFile.isEmpty() || options.outputFile == QLatin1String{"-"}) {
#  123|           output.reset(new QFile);
#  124|->         output->open(stdout, QIODevice::WriteOnly);
#  125|       } else {
#  126|           if (QFile::exists(options.outputFile) && !options.appendSignature) {

Error: COMPILER_WARNING (CWE-252): [#def21]
gpgme-2.0.1/qgpgme/tests/run-verifyopaquejob.cpp: scope_hint: In function ‘int main(int, char**)’
gpgme-2.0.1/qgpgme/tests/run-verifyopaquejob.cpp:116:21: warning[-Wunused-result]: ignoring return value of ‘bool QFile::open(FILE*, QIODeviceBase::OpenMode, QFileDevice::FileHandleFlags)’, declared with attribute ‘nodiscard’
#  116 |         output->open(stdout, QIODevice::WriteOnly);
#      |         ~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/qt6/QtCore/QFile:1: included_from: Included from here.
gpgme-2.0.1/qgpgme/tests/run-verifyopaquejob.cpp:44: included_from: Included from here.
/usr/include/qt6/QtCore/qfile.h:293:32: note: declared here
#  293 |     QFILE_MAYBE_NODISCARD bool open(FILE *f, OpenMode ioFlags, FileHandleFlags handleFlags=DontCloseHandle);
#      |                                ^~~~
#  114|       if (options.outputFile.isEmpty() || options.outputFile == QLatin1String{"-"}) {
#  115|           output.reset(new QFile);
#  116|->         output->open(stdout, QIODevice::WriteOnly);
#  117|       } else {
#  118|           if (QFile::exists(options.outputFile)) {

Error: CLANG_WARNING: [#def22]
gpgme-2.0.1/src/conversion.c:637:30: warning[core.UndefinedBinaryOperatorResult]: The right operand of '==' is a garbage value
#  635|   
#  636|     tim = _gpgme_parse_timestamp (timestamp, &tail);
#  637|->   if (tim == -1 || timestamp == tail || (*tail && *tail != ' '))
#  638|       tim = 0; /* No time given or invalid engine.  */
#  639|   

Error: CLANG_WARNING: [#def23]
gpgme-2.0.1/src/data-compat.c:86:10: warning[unix.Stream]: File position of the stream might be 'indeterminate' after a failed operation. Can cause undefined behavior
#   84|       }
#   85|   
#   86|->   while (fread (buf, length, 1, stream) < 1
#   87|   	 && ferror (stream) && errno == EINTR);
#   88|     if (ferror (stream))

Error: GCC_ANALYZER_WARNING (CWE-465): [#def24]
gpgme-2.0.1/src/data-identify.c: scope_hint: In function 'basic_detection'
gpgme-2.0.1/src/data-identify.c:453:20: warning[-Wanalyzer-deref-before-check]: check of 'data' for NULL after already dereferencing it
#  451|   
#  452|     /* Now check whether there are armor lines.  */
#  453|->   for (s = data; s && *s; s = (*s=='\n')?(s+1):((s=strchr (s,'\n'))?(s+1):s))
#  454|       {
#  455|         if (!strncmp (s, "-----BEGIN ", 11))

Error: CLANG_WARNING: [#def25]
gpgme-2.0.1/src/data-mem.c:104:3: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  102|       }
#  103|   
#  104|->   memcpy (dh->data.mem.buffer + dh->data.mem.offset, buffer, size);
#  105|     dh->data.mem.offset += size;
#  106|     if (dh->data.mem.length < dh->data.mem.offset)

Error: CLANG_WARNING: [#def26]
gpgme-2.0.1/src/data-mem.c:275:14: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'str')
#  273|       {
#  274|         if (blankout && len)
#  275|->         *str = 0;
#  276|         /* Prevent mem_release from releasing the buffer memory.  We
#  277|          * must not fail from this point.  */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def27]
gpgme-2.0.1/src/data.c: scope_hint: In function '_gpgme_data_inbound_handler'
gpgme-2.0.1/src/data.c:624:14: warning[-Wanalyzer-malloc-leak]: leak of 'malloc((long unsigned int)*dh.io_buffer_size)'
#  622|           {
#  623|             dh->inbound_buffer = malloc (dh->io_buffer_size);
#  624|->           if (!dh->inbound_buffer)
#  625|               return TRACE_ERR (gpg_error_from_syserror ());
#  626|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def28]
gpgme-2.0.1/src/data.c: scope_hint: In function '_gpgme_data_outbound_handler'
gpgme-2.0.1/src/data.c:684:14: warning[-Wanalyzer-malloc-leak]: leak of 'malloc((long unsigned int)*dh.io_buffer_size)'
#  682|           {
#  683|             dh->outbound_buffer = malloc (dh->io_buffer_size);
#  684|->           if (!dh->outbound_buffer)
#  685|               return TRACE_ERR (gpg_error_from_syserror ());
#  686|             dh->outbound_pending = 0;

Error: CPPCHECK_WARNING (CWE-457): [#def29]
gpgme-2.0.1/src/decrypt-verify.c:48: warning[uninitvar]: Uninitialized variable: err2
#   46|         || (code == GPGME_STATUS_EOF && gpg_err_code (err) == GPG_ERR_NO_DATA))
#   47|       err2 = _gpgme_verify_status_handler (priv, code, args);
#   48|->   return err ? err : err2;
#   49|   }
#   50|   

Error: CLANG_WARNING: [#def30]
gpgme-2.0.1/src/engine-g13.c:457:6: warning[deadcode.DeadStores]: Value stored to 'rest' is never read
#  455|   	  rest = strchr (line + 2, ' ');
#  456|   	  if (!rest)
#  457|-> 	    rest = line + linelen; /* set to an empty string */
#  458|   	  else
#  459|   	    *(rest++) = 0;

Error: CLANG_WARNING: [#def31]
gpgme-2.0.1/src/engine-gpg.c:1349:10: warning[unix.Malloc]: Potential leak of memory pointed to by 'argv'
# 1347|                      after a malloc failure for a small object, it is
# 1348|                      probably better not to do anything.  */
# 1349|-> 		return gpg_error (GPG_ERR_GENERAL);
# 1350|   	      }
# 1351|   	    /* If the data_type is FD, we have to do a dup2 here.  */

Error: CLANG_WARNING: [#def32]
gpgme-2.0.1/src/engine-gpg.c:1349:10: warning[unix.Malloc]: Potential leak of memory pointed to by 'fd_data_map'
# 1347|                      after a malloc failure for a small object, it is
# 1348|                      probably better not to do anything.  */
# 1349|-> 		return gpg_error (GPG_ERR_GENERAL);
# 1350|   	      }
# 1351|   	    /* If the data_type is FD, we have to do a dup2 here.  */

Error: CLANG_WARNING: [#def33]
gpgme-2.0.1/src/engine-gpg.c:3412:8: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 3410|       }
# 3411|   
# 3412|->   if (!strcmp (field[0], "info"))
# 3413|       rectype = RT_INFO;
# 3414|     else if (!strcmp (field[0], "pub"))

Error: CLANG_WARNING: [#def34]
gpgme-2.0.1/src/engine-gpg.c:3486:26: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 3484|   	   most 4/3 th the number of bytes.  But because we also need
# 3485|   	   to escape the backslashes we allocate twice as much.  */
# 3486|-> 	char *uid = malloc (2 * strlen (field[1]) + 1);
# 3487|   	char *src;
# 3488|   	char *dst;

Error: CLANG_WARNING: [#def35]
gpgme-2.0.1/src/engine-gpg.c:3530:14: warning[unix.Malloc]: Potential leak of memory pointed to by 'dst'
# 3528|             }
# 3529|         }
# 3530|->       return 0;
# 3531|   
# 3532|       case RT_NONE:

Error: CLANG_WARNING: [#def36]
gpgme-2.0.1/src/engine-gpg.c:3573:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 3571|     if (!err && (mode & GPGME_KEYLIST_MODE_WITH_SECRET))
# 3572|       {
# 3573|->       err = add_arg (gpg, "--with-secret");
# 3574|         err = add_arg (gpg, "--with-keygrip");
# 3575|       }

Error: CLANG_WARNING: [#def37]
gpgme-2.0.1/src/engine-gpg.c:4025:13: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 4023|             err = add_arg (gpg, "--directory");
# 4024|             if (!err)
# 4025|->             err = add_file_name_arg (gpg, file_name);
# 4026|           }
# 4027|         /* gpgtar uses --decrypt also for signed-only archives */

Error: CLANG_WARNING: [#def38]
gpgme-2.0.1/src/engine-gpg.c:4041:9: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 4039|         const char *output = gpgme_data_get_file_name (plaintext);
# 4040|         if (have_gpg_version (gpg, "2.1.16"))
# 4041|->         err = add_arg (gpg, "--verify");
# 4042|         err = add_arg (gpg, "--output");
# 4043|         if (!err && output)

Error: CLANG_WARNING: [#def39]
gpgme-2.0.1/src/engine-gpgconf.c:1041:5: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1039|   
# 1040|     if (!err)
# 1041|->     err = gpg_error(GPG_ERR_NOT_FOUND);
# 1042|     return 0;
# 1043|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def40]
gpgme-2.0.1/src/engine-gpgsm.c: scope_hint: In function 'gpgsm_export.part.0'
gpgme-2.0.1/src/engine-gpgsm.c:1690:12: warning[-Wanalyzer-malloc-leak]: leak of 'cmd'
# 1688|   		      : map_data_enc (gpgsm->output_cb.data));
# 1689|     if (err)
# 1690|->     return err;
# 1691|     gpgsm_clear_fd (gpgsm, INPUT_FD);
# 1692|     gpgsm_clear_fd (gpgsm, MESSAGE_FD);

Error: CLANG_WARNING: [#def41]
gpgme-2.0.1/src/engine-gpgsm.c:1690:12: warning[unix.Malloc]: Potential leak of memory pointed to by 'cmd'
# 1688|   		      : map_data_enc (gpgsm->output_cb.data));
# 1689|     if (err)
# 1690|->     return err;
# 1691|     gpgsm_clear_fd (gpgsm, INPUT_FD);
# 1692|     gpgsm_clear_fd (gpgsm, MESSAGE_FD);

Error: CLANG_WARNING: [#def42]
gpgme-2.0.1/src/engine-gpgsm.c:1802:12: warning[unix.Malloc]: Potential leak of memory pointed to by 'line'
# 1800|   		      : map_data_enc (gpgsm->output_cb.data));
# 1801|     if (err)
# 1802|->     return err;
# 1803|     gpgsm_clear_fd (gpgsm, INPUT_FD);
# 1804|     gpgsm_clear_fd (gpgsm, MESSAGE_FD);

Error: CLANG_WARNING: [#def43]
gpgme-2.0.1/src/engine.c:378:26: warning[core.NullDereference]: Access to field 'protocol' results in a dereference of a null pointer
#  376|   	}
#  377|   
#  378|->       (*lastp)->protocol = info->protocol;
#  379|         (*lastp)->file_name = file_name;
#  380|         (*lastp)->home_dir = home_dir;

Error: CLANG_WARNING: [#def44]
gpgme-2.0.1/src/export.c:207:3: warning[deadcode.DeadStores]: Value stored to 'opd' is never read
#  205|     err = _gpgme_op_data_lookup (ctx, OPDATA_EXPORT, &hook,
#  206|   			       sizeof (*opd), release_op_data);
#  207|->   opd = hook;
#  208|     if (err)
#  209|       return err;

Error: CLANG_WARNING: [#def45]
gpgme-2.0.1/src/export.c:282:3: warning[deadcode.DeadStores]: Value stored to 'opd' is never read
#  280|     err = _gpgme_op_data_lookup (ctx, OPDATA_EXPORT, &hook,
#  281|   			       sizeof (*opd), release_op_data);
#  282|->   opd = hook;
#  283|     if (err)
#  284|       return err;

Error: CLANG_WARNING: [#def46]
gpgme-2.0.1/src/genkey.c:349:3: warning[deadcode.DeadStores]: Value stored to 'opd' is never read
#  347|     err = _gpgme_op_data_lookup (ctx, OPDATA_GENKEY, &hook,
#  348|   			       sizeof (*opd), release_op_data);
#  349|->   opd = hook;
#  350|     if (err)
#  351|       return err;

Error: CLANG_WARNING: [#def47]
gpgme-2.0.1/src/genkey.c:648:12: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
#  646|       }
#  647|     else
#  648|->     return err = gpg_error (GPG_ERR_UNKNOWN_NAME);
#  649|   
#  650|     if (synchronous && !err)

Error: CLANG_WARNING: [#def48]
gpgme-2.0.1/src/gpgme-json.c:139:7: warning[deadcode.DeadStores]: Value stored to 'n' is never read
#  137|           *p++ = *s++;
#  138|         *p = 0;
#  139|->       n = p - line;
#  140|       }
#  141|   

Error: CLANG_WARNING: [#def49]
gpgme-2.0.1/src/gpgme-json.c:215:24: warning[core.NullDereference]: Access to field 'type' results in a dereference of a null pointer (loaded from variable 'j_msg')
#  213|           {
#  214|             j_msg = cJSON_GetObjectItem (json, "msg");
#  215|->           if (j_msg || cjson_is_string (j_msg))
#  216|               {
#  217|                 msg = j_msg->valuestring;

Error: CLANG_WARNING: [#def50]
gpgme-2.0.1/src/gpgme-json.c:419:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  417|         if (!request)
#  418|           {
#  419|->           err = gpg_error_from_syserror ();
#  420|             log_error ("error reading request: Not enough memory for %zu MiB)\n",
#  421|                        (size_t)nrequest / (1024*1024));

Error: CLANG_WARNING: [#def51]
gpgme-2.0.1/src/gpgme-json.c:698:29: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  696|             exit (1);
#  697|           }
#  698|->       cmd_identify (argc && strcmp (*argv, "-")? *argv : NULL);
#  699|         break;
#  700|   

Error: CLANG_WARNING: [#def52]
gpgme-2.0.1/src/gpgme-tool.c:331:3: warning[core.VLASize]: Declared variable-length array (VLA) has negative size
#  329|   result_xml_indent (struct result_xml_state *state)
#  330|   {
#  331|->   char spaces[state->indent + 1];
#  332|     int i;
#  333|     for (i = 0; i < state->indent; i++)

Error: CLANG_WARNING: [#def53]
gpgme-2.0.1/src/gpgme-tool.c:1472:3: warning[core.CallAndMessage]: 10th function call argument is an uninitialized value
# 1470|     modes[idx++] = NULL;
# 1471|   
# 1472|->   gt_write_status (gt, STATUS_KEYLIST_MODE, modes[0], modes[1], modes[2],
# 1473|                      modes[3], modes[4], modes[5], modes[6], modes[7], modes[8],
# 1474|                      modes[9], modes[10], NULL);

Error: CLANG_WARNING: [#def54]
gpgme-2.0.1/src/gpgme-tool.c:1472:3: warning[core.CallAndMessage]: 11th function call argument is an uninitialized value
# 1470|     modes[idx++] = NULL;
# 1471|   
# 1472|->   gt_write_status (gt, STATUS_KEYLIST_MODE, modes[0], modes[1], modes[2],
# 1473|                      modes[3], modes[4], modes[5], modes[6], modes[7], modes[8],
# 1474|                      modes[9], modes[10], NULL);

Error: CLANG_WARNING: [#def55]
gpgme-2.0.1/src/gpgme-tool.c:1472:3: warning[core.CallAndMessage]: 12th function call argument is an uninitialized value
# 1470|     modes[idx++] = NULL;
# 1471|   
# 1472|->   gt_write_status (gt, STATUS_KEYLIST_MODE, modes[0], modes[1], modes[2],
# 1473|                      modes[3], modes[4], modes[5], modes[6], modes[7], modes[8],
# 1474|                      modes[9], modes[10], NULL);

Error: CLANG_WARNING: [#def56]
gpgme-2.0.1/src/gpgme-tool.c:1472:3: warning[core.CallAndMessage]: 13th function call argument is an uninitialized value
# 1470|     modes[idx++] = NULL;
# 1471|   
# 1472|->   gt_write_status (gt, STATUS_KEYLIST_MODE, modes[0], modes[1], modes[2],
# 1473|                      modes[3], modes[4], modes[5], modes[6], modes[7], modes[8],
# 1474|                      modes[9], modes[10], NULL);

Error: CLANG_WARNING: [#def57]
gpgme-2.0.1/src/gpgme-tool.c:1472:3: warning[core.CallAndMessage]: 4th function call argument is an uninitialized value
# 1470|     modes[idx++] = NULL;
# 1471|   
# 1472|->   gt_write_status (gt, STATUS_KEYLIST_MODE, modes[0], modes[1], modes[2],
# 1473|                      modes[3], modes[4], modes[5], modes[6], modes[7], modes[8],
# 1474|                      modes[9], modes[10], NULL);

Error: CLANG_WARNING: [#def58]
gpgme-2.0.1/src/gpgme-tool.c:1472:3: warning[core.CallAndMessage]: 5th function call argument is an uninitialized value
# 1470|     modes[idx++] = NULL;
# 1471|   
# 1472|->   gt_write_status (gt, STATUS_KEYLIST_MODE, modes[0], modes[1], modes[2],
# 1473|                      modes[3], modes[4], modes[5], modes[6], modes[7], modes[8],
# 1474|                      modes[9], modes[10], NULL);

Error: CLANG_WARNING: [#def59]
gpgme-2.0.1/src/gpgme-tool.c:1472:3: warning[core.CallAndMessage]: 6th function call argument is an uninitialized value
# 1470|     modes[idx++] = NULL;
# 1471|   
# 1472|->   gt_write_status (gt, STATUS_KEYLIST_MODE, modes[0], modes[1], modes[2],
# 1473|                      modes[3], modes[4], modes[5], modes[6], modes[7], modes[8],
# 1474|                      modes[9], modes[10], NULL);

Error: CLANG_WARNING: [#def60]
gpgme-2.0.1/src/gpgme-tool.c:1472:3: warning[core.CallAndMessage]: 7th function call argument is an uninitialized value
# 1470|     modes[idx++] = NULL;
# 1471|   
# 1472|->   gt_write_status (gt, STATUS_KEYLIST_MODE, modes[0], modes[1], modes[2],
# 1473|                      modes[3], modes[4], modes[5], modes[6], modes[7], modes[8],
# 1474|                      modes[9], modes[10], NULL);

Error: CLANG_WARNING: [#def61]
gpgme-2.0.1/src/gpgme-tool.c:1472:3: warning[core.CallAndMessage]: 8th function call argument is an uninitialized value
# 1470|     modes[idx++] = NULL;
# 1471|   
# 1472|->   gt_write_status (gt, STATUS_KEYLIST_MODE, modes[0], modes[1], modes[2],
# 1473|                      modes[3], modes[4], modes[5], modes[6], modes[7], modes[8],
# 1474|                      modes[9], modes[10], NULL);

Error: CLANG_WARNING: [#def62]
gpgme-2.0.1/src/gpgme-tool.c:1472:3: warning[core.CallAndMessage]: 9th function call argument is an uninitialized value
# 1470|     modes[idx++] = NULL;
# 1471|   
# 1472|->   gt_write_status (gt, STATUS_KEYLIST_MODE, modes[0], modes[1], modes[2],
# 1473|                      modes[3], modes[4], modes[5], modes[6], modes[7], modes[8],
# 1474|                      modes[9], modes[10], NULL);

Error: CLANG_WARNING: [#def63]
gpgme-2.0.1/src/gpgme-tool.c:1694:15: warning[deadcode.DeadStores]: Value stored to 's' during its initialization is never read
# 1692|   gt_identify (gpgme_tool_t gt, gpgme_data_t data)
# 1693|   {
# 1694|->   const char *s = "?";
# 1695|   
# 1696|     switch (gpgme_data_identify (data, 0))

Error: CPPCHECK_WARNING (CWE-562): [#def64]
gpgme-2.0.1/src/gpgme-tool.c:3314: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
# 3312|     server.gt = gt;
# 3313|     gt->write_status = server_write_status;
# 3314|->   gt->write_status_hook = &server;
# 3315|     gt->write_data = server_write_data;
# 3316|     gt->write_data_hook = &server;

Error: CPPCHECK_WARNING (CWE-562): [#def65]
gpgme-2.0.1/src/gpgme-tool.c:3316: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
# 3314|     gt->write_status_hook = &server;
# 3315|     gt->write_data = server_write_data;
# 3316|->   gt->write_data_hook = &server;
# 3317|   
# 3318|     /* We use a pipe based server so that we can work from scripts.

Error: CLANG_WARNING: [#def66]
gpgme-2.0.1/src/json-core.c:468:12: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
#  466|       }
#  467|   
#  468|->   while (!(err = gpgme_op_keylist_next (ctx, &key)))
#  469|       {
#  470|         if (!key || !key->fpr)

Error: CLANG_WARNING: [#def67]
gpgme-2.0.1/src/json-core.c:1465:16: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 1463|             goto leave;
# 1464|           }
# 1465|->       while (!(err = gpgme_op_keylist_next (keylist_ctx, &key)))
# 1466|           {
# 1467|             if ((err = gpgme_signers_add (ctx, key)))

Error: CLANG_WARNING: [#def68]
gpgme-2.0.1/src/json-core.c:1788:12: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 1786|         goto leave;
# 1787|       }
# 1788|->   while (!(err = gpgme_op_keylist_next (keylist_ctx, &key)))
# 1789|       {
# 1790|         if ((err = gpgme_signers_add (ctx, key)))

Error: CLANG_WARNING: [#def69]
gpgme-2.0.1/src/json-core.c:2265:12: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 2263|       }
# 2264|   
# 2265|->   while (!(err = gpgme_op_keylist_next (ctx, &key)))
# 2266|       {
# 2267|         cJSON_AddItemToArray (keyarray, key_to_json (key));

Error: CLANG_WARNING: [#def70]
gpgme-2.0.1/src/json-core.c:2626:3: warning[deadcode.DeadStores]: Value stored to 'comp' is never read
# 2624|       }
# 2625|   
# 2626|->   comp = conf;
# 2627|     for (comp = conf; comp; comp = comp->next)
# 2628|       {

Error: CLANG_WARNING: [#def71]
gpgme-2.0.1/src/json-core.c:2727:3: warning[deadcode.DeadStores]: Value stored to 'comp' is never read
# 2725|   
# 2726|     j_comps = xjson_CreateArray ();
# 2727|->   comp = conf;
# 2728|     for (comp = conf; comp; comp = comp->next)
# 2729|       {

Error: CLANG_WARNING: [#def72]
gpgme-2.0.1/src/json-util.c:59:15: warning[deadcode.DeadStores]: Value stored to 's' during its initialization is never read
#   57|   data_type_to_string (gpgme_data_type_t dt)
#   58|   {
#   59|->   const char *s = "[?]";
#   60|   
#   61|     switch (dt)

Error: CLANG_WARNING: [#def73]
gpgme-2.0.1/src/json-util.c:95:9: warning[deadcode.DeadStores]: Although the value stored to 'j_tmp' is used in the enclosing expression, the value is never actually read from 'j_tmp'
#   93|     response = json? json : xjson_CreateObject ();
#   94|   
#   95|->   if (!(j_tmp = cJSON_GetObjectItem (response, "type")))
#   96|       xjson_AddStringToObject (response, "type", "error");
#   97|     else /* Replace existing "type".  */

Error: GCC_ANALYZER_WARNING (CWE-457): [#def74]
gpgme-2.0.1/src/key.c: scope_hint: In function 'gpgme_key_from_uid'
gpgme-2.0.1/src/key.c:470:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'key'
#  468|   
#  469|     /* Note: protocol doesn't matter if only email is provided.  */
#  470|->   err = _gpgme_key_append_name (key, name, 0);
#  471|     if (err)
#  472|       gpgme_key_unref (key);

Error: CLANG_WARNING: [#def75]
gpgme-2.0.1/src/keylist.c:1406:3: warning[deadcode.DeadStores]: Value stored to 'opd' is never read
# 1404|     err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook,
# 1405|                                  sizeof (*opd), release_op_data);
# 1406|->   opd = hook;
# 1407|     if (err)
# 1408|       return TRACE_ERR (err);

Error: CLANG_WARNING: [#def76]
gpgme-2.0.1/src/keysign.c:168:3: warning[deadcode.DeadStores]: Value stored to 'opd' is never read
#  166|     err = _gpgme_op_data_lookup (ctx, OPDATA_KEYSIGN, &hook,
#  167|   			       sizeof (*opd), release_op_data);
#  168|->   opd = hook;
#  169|     if (err)
#  170|       return err;

Error: CLANG_WARNING: [#def77]
gpgme-2.0.1/src/op-support.c:129:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  127|     if (!reuse_engine)
#  128|       {
#  129|->       err = 0;
#  130|   #ifdef LC_CTYPE
#  131|         err = _gpgme_engine_set_locale (ctx->engine, LC_CTYPE, ctx->lc_ctype);

Error: CLANG_WARNING: [#def78]
gpgme-2.0.1/src/posix-io.c:471:7: warning[deadcode.DeadStores]: Value stored to 'source' is never read
#  469|     if (fds == -1 && max_fds_fallback >= 0)
#  470|       {
#  471|->       source = "fallback";
#  472|         return max_fds_fallback;
#  473|       }

Error: CLANG_WARNING: [#def79]
gpgme-2.0.1/src/posix-io.c:645:14: warning[unix.StdCLibraryFunctions]: The 1st argument to 'dup2' is < 0 but should be >= 0
#  643|   		continue;
#  644|   
#  645|-> 	      res = dup2 (fd_list[i].fd, fd_list[i].dup_to);
#  646|   	      if (res < 0)
#  647|   		{

Error: GCC_ANALYZER_WARNING (CWE-775): [#def80]
gpgme-2.0.1/src/posix-io.c: scope_hint: In function '_gpgme_io_spawn'
gpgme-2.0.1/src/posix-io.c:670:38: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open("/dev/null", 2)'
#  668|   		}
#  669|   	      /* Make sure that the process has connected stdin.  */
#  670|-> 	      if (! seen_stdin && fd != 0)
#  671|   		{
#  672|   		  if (dup2 (fd, 0) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def81]
gpgme-2.0.1/src/posix-io.c:672:22: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'dup2(open("/dev/null", 2), 0)'
#  670|   	      if (! seen_stdin && fd != 0)
#  671|   		{
#  672|-> 		  if (dup2 (fd, 0) == -1)
#  673|                       _exit (8);
#  674|   		}

Error: GCC_ANALYZER_WARNING: [#def82]
gpgme-2.0.1/src/posix-io.c:672:23: warning[-Wanalyzer-fd-use-without-check]: 'dup2' on possibly invalid file descriptor '0'
#  670|   	      if (! seen_stdin && fd != 0)
#  671|   		{
#  672|-> 		  if (dup2 (fd, 0) == -1)
#  673|                       _exit (8);
#  674|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def83]
gpgme-2.0.1/src/posix-io.c:677:22: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'dup2(open("/dev/null", 2), 1)'
#  675|   	      if (! seen_stdout && fd != 1)
#  676|                   {
#  677|->                   if (dup2 (fd, 1) == -1)
#  678|                       _exit (8);
#  679|                   }

Error: GCC_ANALYZER_WARNING: [#def84]
gpgme-2.0.1/src/posix-io.c:677:23: warning[-Wanalyzer-fd-use-without-check]: 'dup2' on possibly invalid file descriptor '1'
#  675|   	      if (! seen_stdout && fd != 1)
#  676|                   {
#  677|->                   if (dup2 (fd, 1) == -1)
#  678|                       _exit (8);
#  679|                   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def85]
gpgme-2.0.1/src/posix-io.c:682:22: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'dup2(open("/dev/null", 2), 2)'
#  680|   	      if (! seen_stderr && fd != 2)
#  681|                   {
#  682|->                   if (dup2 (fd, 2) == -1)
#  683|                       _exit (8);
#  684|                   }

Error: CLANG_WARNING: [#def86]
gpgme-2.0.1/src/revsig.c:160:3: warning[deadcode.DeadStores]: Value stored to 'opd' is never read
#  158|     err = _gpgme_op_data_lookup (ctx, OPDATA_REVSIG, &hook, sizeof (*opd),
#  159|                                  NULL);
#  160|->   opd = hook;
#  161|     if (err)
#  162|       return err;

Error: CLANG_WARNING: [#def87]
gpgme-2.0.1/src/setexpire.c:151:3: warning[deadcode.DeadStores]: Value stored to 'opd' is never read
#  149|     err = _gpgme_op_data_lookup (ctx, OPDATA_SETEXPIRE, &hook, sizeof (*opd),
#  150|                                  NULL);
#  151|->   opd = hook;
#  152|     if (err)
#  153|       return err;

Error: CLANG_WARNING: [#def88]
gpgme-2.0.1/src/setownertrust.c:149:3: warning[deadcode.DeadStores]: Value stored to 'opd' is never read
#  147|     err = _gpgme_op_data_lookup (ctx, OPDATA_SETOWNERTRUST, &hook, sizeof (*opd),
#  148|                                  NULL);
#  149|->   opd = hook;
#  150|     if (err)
#  151|       return err;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def89]
gpgme-2.0.1/src/sign.c:207:12: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
#  205|     sig = malloc (sizeof (*sig));
#  206|     if (!sig)
#  207|->     return gpg_error_from_syserror ();
#  208|   
#  209|     sig->next = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def90]
gpgme-2.0.1/src/sign.c: scope_hint: In function 'parse_sig_created'
gpgme-2.0.1/src/sign.c:207:12: warning[-Wanalyzer-malloc-leak]: leak of 'sig'
#  205|     sig = malloc (sizeof (*sig));
#  206|     if (!sig)
#  207|->     return gpg_error_from_syserror ();
#  208|   
#  209|     sig->next = NULL;

Error: GCC_ANALYZER_WARNING (CWE-787): [#def91]
gpgme-2.0.1/src/signers.c: scope_hint: In function 'gpgme_signers_add'
gpgme-2.0.1/src/signers.c:85:19: warning[-Wanalyzer-out-of-bounds]: buffer overflow
#   83|   	return TRACE_ERR (gpg_error_from_syserror ());
#   84|         for (j = ctx->signers_size; j < n; j++)
#   85|-> 	newarr[j] = NULL;
#   86|         ctx->signers = newarr;
#   87|         ctx->signers_size = n;

Error: CLANG_WARNING: [#def92]
gpgme-2.0.1/src/tofupolicy.c:141:3: warning[deadcode.DeadStores]: Value stored to 'opd' is never read
#  139|     err = _gpgme_op_data_lookup (ctx, OPDATA_TOFU_POLICY, &hook,
#  140|                                  sizeof (*opd), NULL);
#  141|->   opd = hook;
#  142|     if (err)
#  143|       return err;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def93]
gpgme-2.0.1/src/verify.c: scope_hint: In function 'parse_valid_sig'
gpgme-2.0.1/src/verify.c:429:6: warning[-Wanalyzer-malloc-leak]: leak of '*sig.fpr'
#  427|       free (sig->fpr);
#  428|     sig->fpr = strdup (args);
#  429|->   if (!sig->fpr)
#  430|       return gpg_error_from_syserror ();
#  431|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def94]
gpgme-2.0.1/src/verify.c:433:9: warning[-Wanalyzer-null-argument]: use of NULL 'end' where non-null expected
<built-in>: note: argument 1 of '__builtin_strchr' must be non-null
#  431|   
#  432|     /* Skip the creation date.  */
#  433|->   end = strchr (end, ' ');
#  434|     if (end)
#  435|       {

Error: CLANG_WARNING: [#def95]
gpgme-2.0.1/src/verify.c:433:9: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  431|   
#  432|     /* Skip the creation date.  */
#  433|->   end = strchr (end, ' ');
#  434|     if (end)
#  435|       {

Error: CLANG_WARNING: [#def96]
gpgme-2.0.1/src/verify.c:480:5: warning[deadcode.DeadStores]: Value stored to 'end' is never read
#  478|   		  if (errno || end == tail || *tail != ' ')
#  479|   		    return trace_gpg_error (GPG_ERR_INV_ENGINE);
#  480|-> 		  end = tail;
#  481|   		}
#  482|   	    }

Error: CLANG_WARNING: [#def97]
gpgme-2.0.1/src/verify.c:556:4: warning[deadcode.DeadStores]: Value stored to 'lastp' is never read
#  554|         while (notation && notation->next)
#  555|   	{
#  556|-> 	  lastp = &notation->next;
#  557|   	  notation = notation->next;
#  558|   	}

Error: CLANG_WARNING: [#def98]
gpgme-2.0.1/src/verify.c:589:4: warning[deadcode.DeadStores]: Value stored to 'lastp' is never read
#  587|         while (notation && notation->next)
#  588|   	{
#  589|-> 	  lastp = &notation->next;
#  590|   	  notation = notation->next;
#  591|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def99]
gpgme-2.0.1/src/verify.c: scope_hint: In function 'parse_tofu_user'
gpgme-2.0.1/src/verify.c:757:10: warning[-Wanalyzer-malloc-leak]: leak of 'fpr'
#  755|     free (fpr);
#  756|     free (address);
#  757|->   return err;
#  758|   }
#  759|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def100]
gpgme-2.0.1/src/verify.c: scope_hint: In function '_gpgme_verify_status_handler'
gpgme-2.0.1/src/verify.c:1014:24: warning[-Wanalyzer-malloc-leak]: leak of '*sig.pka_address'
# 1012|         if (end)
# 1013|           *end = 0;
# 1014|->       sig->pka_address = strdup (args);
# 1015|         break;
# 1016|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def101]
gpgme-2.0.1/src/verify.c: scope_hint: In function 'gpgme_get_sig_key'
gpgme-2.0.1/src/verify.c:1239:7: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
gpgme-2.0.1/src/verify.c:32: included_from: Included from here.
gpgme-2.0.1/src/verify.c:100:7: note: in expansion of macro 'TRACE_SUC'
# 1237|   
# 1238|     result = gpgme_op_verify_result (ctx);
# 1239|->   sig = result->signatures;
# 1240|   
# 1241|     while (sig && idx)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def102]
gpgme-2.0.1/src/verify.c: scope_hint: In function 'gpgme_get_sig_status'
gpgme-2.0.1/src/verify.c:1265:7: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
gpgme-2.0.1/src/verify.c:100:7: note: in expansion of macro 'TRACE_SUC'
# 1263|   
# 1264|     result = gpgme_op_verify_result (ctx);
# 1265|->   sig = result->signatures;
# 1266|   
# 1267|     while (sig && idx)

Error: CLANG_WARNING: [#def103]
gpgme-2.0.1/src/vfs-create.c:133:18: warning[core.NullDereference]: Array access (from variable 'recp') results in a null pointer dereference
#  131|   
#  132|     i = 0;
#  133|->   while (!err && recp[i])
#  134|       {
#  135|         if (!recp[i]->subkeys || !recp[i]->subkeys->fpr)

Error: CLANG_WARNING: [#def104]
gpgme-2.0.1/src/vfs-mount.c:107:3: warning[deadcode.DeadStores]: Value stored to 'opd' is never read
#  105|     err = _gpgme_op_data_lookup (ctx, OPDATA_VFS_MOUNT, &hook, sizeof (*opd),
#  106|   			       NULL);
#  107|->   opd = hook;
#  108|     if (err)
#  109|       return err;

Error: CLANG_WARNING: [#def105]
gpgme-2.0.1/src/wait.c:139:3: warning[unix.Malloc]: Potential leak of memory pointed to by 'item'
#  137|       }
#  138|   
#  139|->   TRACE (DEBUG_CTX, "_gpgme_add_io_cb", ctx,
#  140|   	  "fd=%d, dir=%d -> tag=%p", fd, dir, tag);
#  141|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def106]
gpgme-2.0.1/src/wait.c: scope_hint: In function '_gpgme_add_io_cb'
gpgme-2.0.1/src/wait.c:142:10: warning[-Wanalyzer-malloc-leak]: leak of 'item'
gpgme-2.0.1/src/wait.c:27: included_from: Included from here.
gpgme-2.0.1/src/wait.c:40: included_from: Included from here.
gpgme-2.0.1/src/wait.c:139:3: note: in expansion of macro 'TRACE'
#  140|   	  "fd=%d, dir=%d -> tag=%p", fd, dir, tag);
#  141|   
#  142|->   *r_tag = tag;
#  143|     return 0;
#  144|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def107]
gpgme-2.0.1/tests/gpg/t-import.c:230:9: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("pubkey-1.asc")’
gpgme-2.0.1/tests/gpg/t-support.h:219:3: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/gpg/t-import.c:228:3: note: in expansion of macro ‘fail_if_err’
#  228|     fail_if_err (err);
#  229|   
#  230|->   err = gpgme_set_ctx_flag (ctx, "key-origin", "wkd,https://openpgpkey.gnupg.org");
#  231|     fail_if_err (err);
#  232|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def108]
gpgme-2.0.1/tests/gpg/t-import.c:230:9: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("seckey-1.asc")’
gpgme-2.0.1/tests/gpg/t-support.h:219:3: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/gpg/t-import.c:228:3: note: in expansion of macro ‘fail_if_err’
#  228|     fail_if_err (err);
#  229|   
#  230|->   err = gpgme_set_ctx_flag (ctx, "key-origin", "wkd,https://openpgpkey.gnupg.org");
#  231|     fail_if_err (err);
#  232|   

Error: CLANG_WARNING: [#def109]
gpgme-2.0.1/tests/gpg/t-keylist-secret-sig.c:366:39: warning[core.NullDereference]: Access to field 'comment' results in a dereference of a null pointer (loaded from field 'uids')
#  364|   	}
#  365|         if (keys[i].uid[0].comment
#  366|-> 	  && strcmp (keys[i].uid[0].comment, key->uids->comment))
#  367|   	{
#  368|   	  fprintf (stderr, "Unexpected comment in first user ID: %s\n",

Error: CLANG_WARNING: [#def110]
gpgme-2.0.1/tests/gpg/t-keylist-secret-sig.c:373:37: warning[core.NullDereference]: Access to field 'email' results in a dereference of a null pointer (loaded from field 'uids')
#  371|   	}
#  372|         if (keys[i].uid[0].email
#  373|-> 	  && strcmp (keys[i].uid[0].email, key->uids->email))
#  374|   	{
#  375|   	  fprintf (stderr, "Unexpected email in first user ID: %s\n",

Error: CLANG_WARNING: [#def111]
gpgme-2.0.1/tests/gpg/t-keylist-secret-sig.c:384:38: warning[core.NullDereference]: Access to field 'signatures' results in a dereference of a null pointer (loaded from field 'uids')
#  382|   	  exit (1);
#  383|   	}
#  384|->       if (keys[i].uid[0].sig.algo != key->uids->signatures->pubkey_algo)
#  385|   	{
#  386|   	  fprintf (stderr, "Unexpected algorithm in first user ID sig: %s\n",

Error: CLANG_WARNING: [#def112]
gpgme-2.0.1/tests/gpg/t-keylist-sig.c:366:39: warning[core.NullDereference]: Access to field 'comment' results in a dereference of a null pointer (loaded from field 'uids')
#  364|   	}
#  365|         if (keys[i].uid[0].comment
#  366|-> 	  && strcmp (keys[i].uid[0].comment, key->uids->comment))
#  367|   	{
#  368|   	  fprintf (stderr, "Unexpected comment in first user ID: %s\n",

Error: CLANG_WARNING: [#def113]
gpgme-2.0.1/tests/gpg/t-keylist-sig.c:373:37: warning[core.NullDereference]: Access to field 'email' results in a dereference of a null pointer (loaded from field 'uids')
#  371|   	}
#  372|         if (keys[i].uid[0].email
#  373|-> 	  && strcmp (keys[i].uid[0].email, key->uids->email))
#  374|   	{
#  375|   	  fprintf (stderr, "Unexpected email in first user ID: %s\n",

Error: CLANG_WARNING: [#def114]
gpgme-2.0.1/tests/gpg/t-keylist-sig.c:384:38: warning[core.NullDereference]: Access to field 'signatures' results in a dereference of a null pointer (loaded from field 'uids')
#  382|   	  exit (1);
#  383|   	}
#  384|->       if (keys[i].uid[0].sig.algo != key->uids->signatures->pubkey_algo)
#  385|   	{
#  386|   	  fprintf (stderr, "Unexpected algorithm in first user ID sig: %s\n",

Error: CLANG_WARNING: [#def115]
gpgme-2.0.1/tests/gpg/t-keylist.c:345:7: warning[core.NullDereference]: Access to field 'revoked' results in a dereference of a null pointer (loaded from field 'next')
#  343|   
#  344|     /* Secondary key.  */
#  345|->   if (key->subkeys->next->revoked)
#  346|       {
#  347|         fprintf (stderr, "Secondary key unexpectedly revoked\n");

Error: CLANG_WARNING: [#def116]
gpgme-2.0.1/tests/gpg/t-keylist.c:472:44: warning[core.NullDereference]: Access to field 'comment' results in a dereference of a null pointer (loaded from field 'uids')
#  470|       }
#  471|     if (key_info->uid[0].comment
#  472|->       && strcmp (key_info->uid[0].comment, key->uids->comment))
#  473|       {
#  474|         fprintf (stderr, "Unexpected comment in first user ID: %s\n",

Error: CLANG_WARNING: [#def117]
gpgme-2.0.1/tests/gpg/t-keylist.c:479:42: warning[core.NullDereference]: Access to field 'email' results in a dereference of a null pointer (loaded from field 'uids')
#  477|       }
#  478|     if (key_info->uid[0].email
#  479|->       && strcmp (key_info->uid[0].email, key->uids->email))
#  480|       {
#  481|         fprintf (stderr, "Unexpected email in first user ID: %s\n",

Error: CLANG_WARNING: [#def118]
gpgme-2.0.1/tests/gpg/t-keylist.c:508:41: warning[core.NullDereference]: Access to field 'next' results in a dereference of a null pointer (loaded from field 'uids')
#  506|       }
#  507|     if (key_info->uid[1].name
#  508|->       && strcmp (key_info->uid[1].name, key->uids->next->name))
#  509|       {
#  510|         fprintf (stderr, "Unexpected name in second user ID: %s\n",

Error: CLANG_WARNING: [#def119]
gpgme-2.0.1/tests/gpg/t-keylist.c:515:44: warning[core.NullDereference]: Access to field 'comment' results in a dereference of a null pointer (loaded from field 'next')
#  513|       }
#  514|     if (key_info->uid[1].comment
#  515|->       && strcmp (key_info->uid[1].comment, key->uids->next->comment))
#  516|       {
#  517|         fprintf (stderr, "Unexpected comment in second user ID: %s\n",

Error: CLANG_WARNING: [#def120]
gpgme-2.0.1/tests/gpg/t-keylist.c:515:44: warning[core.NullDereference]: Access to field 'next' results in a dereference of a null pointer (loaded from field 'uids')
#  513|       }
#  514|     if (key_info->uid[1].comment
#  515|->       && strcmp (key_info->uid[1].comment, key->uids->next->comment))
#  516|       {
#  517|         fprintf (stderr, "Unexpected comment in second user ID: %s\n",

Error: CLANG_WARNING: [#def121]
gpgme-2.0.1/tests/gpg/t-keylist.c:522:42: warning[core.NullDereference]: Access to field 'email' results in a dereference of a null pointer (loaded from field 'next')
#  520|       }
#  521|     if (key_info->uid[1].email
#  522|->       && strcmp (key_info->uid[1].email, key->uids->next->email))
#  523|       {
#  524|         fprintf (stderr, "Unexpected email in second user ID: %s\n",

Error: CLANG_WARNING: [#def122]
gpgme-2.0.1/tests/gpg/t-keylist.c:522:42: warning[core.NullDereference]: Access to field 'next' results in a dereference of a null pointer (loaded from field 'uids')
#  520|       }
#  521|     if (key_info->uid[1].email
#  522|->       && strcmp (key_info->uid[1].email, key->uids->next->email))
#  523|       {
#  524|         fprintf (stderr, "Unexpected email in second user ID: %s\n",

Error: CLANG_WARNING: [#def123]
gpgme-2.0.1/tests/gpg/t-keylist.c:672:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  670|     fail_if_err (err);
#  671|   
#  672|->   err = gpgme_op_keylist_from_data_start (ctx, data, 0);
#  673|   
#  674|     while (!(err = gpgme_op_keylist_next (ctx, &key)))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def124]
gpgme-2.0.1/tests/gpg/t-decrypt.c:36: included_from: Included from here.
gpgme-2.0.1/tests/gpg/t-decrypt.c: scope_hint: In function ‘main’
gpgme-2.0.1/tests/gpg/t-support.h:48:10: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("cipher-1.asc")’
gpgme-2.0.1/tests/gpg/t-decrypt.c:55:3: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/gpg/t-support.h:219:3: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/gpg/t-decrypt.c:55:3: note: in expansion of macro ‘fail_if_err’
#   46|     do								\
#   47|       {								\
#   48|->       if (err)							\
#   49|           {							\
#   50|             fprintf (stderr, "%s:%d: %s: %s\n",			\

Error: GCC_ANALYZER_WARNING (CWE-401): [#def125]
gpgme-2.0.1/tests/gpg/t-decrypt-verify.c:36: included_from: Included from here.
gpgme-2.0.1/tests/gpg/t-decrypt-verify.c: scope_hint: In function ‘main’
gpgme-2.0.1/tests/gpg/t-support.h:48:10: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("cipher-2.asc")’
gpgme-2.0.1/tests/gpg/t-decrypt-verify.c:125:3: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/gpg/t-support.h:219:3: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/gpg/t-decrypt-verify.c:125:3: note: in expansion of macro ‘fail_if_err’
#   46|     do								\
#   47|       {								\
#   48|->       if (err)							\
#   49|           {							\
#   50|             fprintf (stderr, "%s:%d: %s: %s\n",			\

Error: GCC_ANALYZER_WARNING (CWE-401): [#def126]
gpgme-2.0.1/tests/gpg/t-import.c:35: included_from: Included from here.
gpgme-2.0.1/tests/gpg/t-import.c: scope_hint: In function ‘main’
gpgme-2.0.1/tests/gpg/t-support.h:48:10: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("pubkey-1.asc")’
gpgme-2.0.1/tests/gpg/t-import.c:228:3: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/gpg/t-support.h:219:3: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/gpg/t-import.c:228:3: note: in expansion of macro ‘fail_if_err’
#   46|     do								\
#   47|       {								\
#   48|->       if (err)							\
#   49|           {							\
#   50|             fprintf (stderr, "%s:%d: %s: %s\n",			\

Error: GCC_ANALYZER_WARNING (CWE-401): [#def127]
gpgme-2.0.1/tests/gpg/t-support.h:48:10: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("seckey-1.asc")’
gpgme-2.0.1/tests/gpg/t-import.c:228:3: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/gpg/t-support.h:219:3: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/gpg/t-import.c:228:3: note: in expansion of macro ‘fail_if_err’
#   46|     do								\
#   47|       {								\
#   48|->       if (err)							\
#   49|           {							\
#   50|             fprintf (stderr, "%s:%d: %s: %s\n",			\

Error: CLANG_WARNING: [#def128]
gpgme-2.0.1/tests/gpg/t-thread-keylist-verify.c:64:12: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
#   62|     fail_if_err (err);
#   63|   
#   64|->   while (!(err = gpgme_op_keylist_next (ctx, &key)))
#   65|       {
#   66|         gpgme_key_unref (key);

Error: CLANG_WARNING: [#def129]
gpgme-2.0.1/tests/gpg/t-thread-keylist.c:52:12: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
#   50|     fail_if_err (err);
#   51|   
#   52|->   while (!(err = gpgme_op_keylist_next (ctx, &key)))
#   53|       {
#   54|         gpgme_key_unref (key);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def130]
gpgme-2.0.1/tests/gpg/t-thread1.c:115:9: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("cipher-1.asc")’
gpgme-2.0.1/tests/gpg/t-support.h:219:3: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/gpg/t-thread1.c:112:7: note: in expansion of macro ‘fail_if_err’
#  113|   
#  114|         if (!(agent_info && strchr (agent_info, ':')))
#  115|-> 	gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL);
#  116|   
#  117|         err = gpgme_data_new_from_file (&in, cipher_1_asc, 1);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def131]
gpgme-2.0.1/tests/gpgsm/t-import.c:155:3: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("cert_dfn_pca15.der")’
gpgme-2.0.1/tests/gpgsm/t-support.h:122:3: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/gpgsm/t-import.c:153:3: note: in expansion of macro ‘fail_if_err’
#  153|     fail_if_err (err);
#  154|   
#  155|->   gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
#  156|   
#  157|     err = gpgme_data_new_from_file (&in, cert_1, 1);

Error: GCC_ANALYZER_WARNING (CWE-465): [#def132]
gpgme-2.0.1/tests/gpgsm/t-keylist.c: scope_hint: In function ‘main’
gpgme-2.0.1/tests/gpgsm/t-keylist.c:214:10: warning[-Wanalyzer-deref-before-check]: check of ‘*key.subkeys’ for NULL after already dereferencing it
gpgme-2.0.1/tests/gpgsm/t-keylist.c:34: included_from: Included from here.
gpgme-2.0.1/tests/gpgsm/t-support.h:122:3: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/gpgsm/t-keylist.c:95:3: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/gpgsm/t-keylist.c:99:3: note: in expansion of macro ‘fail_if_err’
#  212|   	  exit (1);
#  213|   	}
#  214|->       if (!key->subkeys || key->subkeys->next)
#  215|   	{
#  216|   	  fprintf (stderr, "Key has unexpected number of subkeys\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def133]
gpgme-2.0.1/tests/gpgsm/t-import.c:35: included_from: Included from here.
gpgme-2.0.1/tests/gpgsm/t-import.c: scope_hint: In function ‘main’
gpgme-2.0.1/tests/gpgsm/t-support.h:36:10: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("cert_dfn_pca01.der")’
gpgme-2.0.1/tests/gpgsm/t-import.c:153:3: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/gpgsm/t-support.h:122:3: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/gpgsm/t-import.c:153:3: note: in expansion of macro ‘fail_if_err’
#   34|     do								\
#   35|       {								\
#   36|->       if (err)							\
#   37|           {							\
#   38|             fprintf (stderr, "%s:%d: %s: %s (%d.%d)\n",        	\

Error: GCC_ANALYZER_WARNING (CWE-401): [#def134]
gpgme-2.0.1/tests/gpgsm/t-support.h:36:10: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("cert_dfn_pca15.der")’
gpgme-2.0.1/tests/gpgsm/t-import.c:153:3: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/gpgsm/t-support.h:122:3: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/gpgsm/t-import.c:153:3: note: in expansion of macro ‘fail_if_err’
#   34|     do								\
#   35|       {								\
#   36|->       if (err)							\
#   37|           {							\
#   38|             fprintf (stderr, "%s:%d: %s: %s (%d.%d)\n",        	\

Error: CLANG_WARNING: [#def135]
gpgme-2.0.1/tests/run-genkey.c:530:15: warning[unix.Malloc]: Potential leak of memory pointed to by 'subfprs'
#  528|         else if (setexpire)
#  529|           {
#  530|->           err = gpgme_op_setexpire (ctx, akey, expire, subfprs, 0);
#  531|             if (err)
#  532|               {

Error: CLANG_WARNING: [#def136]
gpgme-2.0.1/tests/run-identify.c:44:15: warning[deadcode.DeadStores]: Value stored to 's' during its initialization is never read
#   42|   data_type_to_string (gpgme_data_type_t dt)
#   43|   {
#   44|->   const char *s = "[?]";
#   45|   
#   46|     switch (dt)

Error: CLANG_WARNING: [#def137]
gpgme-2.0.1/tests/run-import.c:159:11: warning[unix.Malloc]: Potential leak of memory pointed to by 'import_options'
#  157|     if (import_options)
#  158|       {
#  159|->       err = gpgme_set_ctx_flag (ctx, "import-options", import_options);
#  160|         fail_if_err (err);
#  161|       }

Error: CLANG_WARNING: [#def138]
gpgme-2.0.1/tests/run-import.c:164:11: warning[unix.Malloc]: Potential leak of memory pointed to by 'import_filter'
#  162|     if (import_filter)
#  163|       {
#  164|->       err = gpgme_set_ctx_flag (ctx, "import-filter", import_filter);
#  165|         fail_if_err (err);
#  166|       }

Error: CLANG_WARNING: [#def139]
gpgme-2.0.1/tests/run-import.c:169:11: warning[unix.Malloc]: Potential leak of memory pointed to by 'key_origin'
#  167|     if (key_origin)
#  168|       {
#  169|->       err = gpgme_set_ctx_flag (ctx, "key-origin", key_origin);
#  170|         fail_if_err (err);
#  171|       }

Error: CLANG_WARNING: [#def140]
gpgme-2.0.1/tests/run-keylist.c:254:11: warning[unix.Malloc]: Potential leak of memory pointed to by 'trust_model'
#  252|               show_usage (1);
#  253|             trust_model = strdup (*argv);
#  254|->           argc--; argv++;
#  255|           }
#  256|         else if (!strncmp (*argv, "--", 2))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def141]
gpgme-2.0.1/tests/run-keylist.c: scope_hint: In function ‘main’
gpgme-2.0.1/tests/run-keylist.c:254:23: warning[-Wanalyzer-malloc-leak]: leak of ‘trust_model’
#  252|               show_usage (1);
#  253|             trust_model = strdup (*argv);
#  254|->           argc--; argv++;
#  255|           }
#  256|         else if (!strncmp (*argv, "--", 2))

Error: CPPCHECK_WARNING (CWE-476): [#def142]
gpgme-2.0.1/tests/run-threaded.c:288: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ret
#  286|     int data_rand;
#  287|   
#  288|->   ret->fd = -1;
#  289|   
#  290|     if (data_type)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def143]
gpgme-2.0.1/tests/run-threaded.c: scope_hint: In function ‘random_data_new’
gpgme-2.0.1/tests/run-threaded.c:288:11: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
gpgme-2.0.1/tests/run-threaded.c:43: included_from: Included from here.
gpgme-2.0.1/tests/run-support.h:40:11: note: in definition of macro ‘fail_if_err’
gpgme-2.0.1/tests/run-threaded.c:571:3: note: in expansion of macro ‘fail_if_err’
#  286|     int data_rand;
#  287|   
#  288|->   ret->fd = -1;
#  289|   
#  290|     if (data_type)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def144]
gpgme-2.0.1/tests/run-threaded.c: scope_hint: In function ‘verify’
gpgme-2.0.1/tests/run-threaded.c:290:7: warning[-Wanalyzer-malloc-leak]: leak of ‘random_data_new(fname)’
gpgme-2.0.1/tests/run-support.h:40:11: note: in definition of macro ‘fail_if_err’
gpgme-2.0.1/tests/run-threaded.c:571:3: note: in expansion of macro ‘fail_if_err’
#  288|     ret->fd = -1;
#  289|   
#  290|->   if (data_type)
#  291|       {
#  292|         data_rand = data_type;

Error: CPPCHECK_WARNING (CWE-476): [#def145]
gpgme-2.0.1/tests/run-threaded.c:762: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: msg_it
#  760|             msg_it = msg_it->next;
#  761|           }
#  762|->       msg_it->file_name = *argv;
#  763|         argc--; argv++;
#  764|       }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def146]
gpgme-2.0.1/tests/run-threaded.c: scope_hint: In function ‘main’
gpgme-2.0.1/tests/run-threaded.c:762:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘msg_it’
#  760|             msg_it = msg_it->next;
#  761|           }
#  762|->       msg_it->file_name = *argv;
#  763|         argc--; argv++;
#  764|       }

Error: CLANG_WARNING: [#def147]
gpgme-2.0.1/tests/run-threaded.c:797:10: warning[unix.Malloc]: Potential leak of memory pointed to by 'msg_it'
#  795|     while (--repeats != 0);
#  796|   
#  797|->   return 0;
#  798|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def148]
gpgme-2.0.1/tests/run-verify.c: scope_hint: In function ‘main’
gpgme-2.0.1/tests/run-verify.c:418:24: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(*argv, "rb")’
gpgme-2.0.1/tests/run-verify.c:36: included_from: Included from here.
gpgme-2.0.1/tests/run-support.h:154:3: note: in expansion of macro ‘fail_if_err’
#  416|             if (argc > 1)
#  417|               {
#  418|->               fp_msg = fopen (argv[1], "rb");
#  419|                 if (!fp_msg)
#  420|                   {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def149]
gpgme-2.0.1/tests/run-verify.c:418:24: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(*argv, "rb")’
gpgme-2.0.1/tests/run-support.h:154:3: note: in expansion of macro ‘fail_if_err’
#  416|             if (argc > 1)
#  417|               {
#  418|->               fp_msg = fopen (argv[1], "rb");
#  419|                 if (!fp_msg)
#  420|                   {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def150]
gpgme-2.0.1/tests/t-data.c:37:31: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("t-data-1.txt")’
gpgme-2.0.1/tests/t-data.c:264:7: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/t-data.c:264:7: note: in expansion of macro ‘fail_if_err’
#   35|   
#   36|   #undef fail_if_err
#   37|-> #define fail_if_err(a) do { if(a) {                                          \
#   38|                                  fprintf (stderr, "%s:%d: (%i) gpgme_error_t " \
#   39|                                   "%s\n", __FILE__, __LINE__, round,           \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def151]
gpgme-2.0.1/tests/t-data.c:37:31: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("t-data-2.txt")’
gpgme-2.0.1/tests/t-data.c:264:7: note: in expansion of macro ‘fail_if_err’
gpgme-2.0.1/tests/t-data.c:264:7: note: in expansion of macro ‘fail_if_err’
#   35|   
#   36|   #undef fail_if_err
#   37|-> #define fail_if_err(a) do { if(a) {                                          \
#   38|                                  fprintf (stderr, "%s:%d: (%i) gpgme_error_t " \
#   39|                                   "%s\n", __FILE__, __LINE__, round,           \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def152]
gpgme-2.0.1/tests/t-data.c: scope_hint: In function ‘main’
gpgme-2.0.1/tests/t-data.c:195:14: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("t-data-1.txt")’
gpgme-2.0.1/tests/t-data.c:34: included_from: Included from here.
#  193|   	case TEST_INVALID_ARGUMENT:
#  194|   	  err = gpgme_data_new (NULL);
#  195|-> 	  if (!err)
#  196|   	    {
#  197|   	      fprintf (stderr, "%s:%d: gpgme_data_new on NULL pointer succeeded "

Error: GCC_ANALYZER_WARNING (CWE-401): [#def153]
gpgme-2.0.1/tests/t-data.c:195:14: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("t-data-2.txt")’
#  193|   	case TEST_INVALID_ARGUMENT:
#  194|   	  err = gpgme_data_new (NULL);
#  195|-> 	  if (!err)
#  196|   	    {
#  197|   	      fprintf (stderr, "%s:%d: gpgme_data_new on NULL pointer succeeded "

Error: GCC_ANALYZER_WARNING (CWE-401): [#def154]
gpgme-2.0.1/tests/t-data.c:216:14: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("t-data-1.txt")’
#  214|   	case TEST_INOUT_MEM_FROM_INEXISTANT_FILE:
#  215|   	  err = gpgme_data_new_from_file (&data, missing_filename, 1);
#  216|-> 	  if (!err)
#  217|   	    {
#  218|   	      fprintf (stderr, "%s:%d: gpgme_data_new_from_file on inexistant "

Error: GCC_ANALYZER_WARNING (CWE-401): [#def155]
gpgme-2.0.1/tests/t-data.c:216:14: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("t-data-2.txt")’
#  214|   	case TEST_INOUT_MEM_FROM_INEXISTANT_FILE:
#  215|   	  err = gpgme_data_new_from_file (&data, missing_filename, 1);
#  216|-> 	  if (!err)
#  217|   	    {
#  218|   	      fprintf (stderr, "%s:%d: gpgme_data_new_from_file on inexistant "

Error: GCC_ANALYZER_WARNING (CWE-401): [#def156]
gpgme-2.0.1/tests/t-data.c:237:14: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("t-data-1.txt")’
#  235|   	  err = gpgme_data_new_from_filepart (&data, missing_filename, 0,
#  236|   					      strlen (text), strlen (text));
#  237|-> 	  if (!err)
#  238|   	    {
#  239|   	      fprintf (stderr, "%s:%d: gpgme_data_new_from_file on inexistant "

Error: GCC_ANALYZER_WARNING (CWE-401): [#def157]
gpgme-2.0.1/tests/t-data.c:237:14: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("t-data-2.txt")’
#  235|   	  err = gpgme_data_new_from_filepart (&data, missing_filename, 0,
#  236|   					      strlen (text), strlen (text));
#  237|-> 	  if (!err)
#  238|   	    {
#  239|   	      fprintf (stderr, "%s:%d: gpgme_data_new_from_file on inexistant "

Error: GCC_ANALYZER_WARNING (CWE-401): [#def158]
gpgme-2.0.1/tests/t-data.c:247:16: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("t-data-1.txt")’
#  245|   	  {
#  246|   	    FILE *fp = fopen (longer_text_filename, "rb");
#  247|-> 	    if (! fp)
#  248|   	      {
#  249|   		fprintf (stderr, "%s:%d: fopen: %s\n", __FILE__, __LINE__,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def159]
gpgme-2.0.1/tests/t-data.c:247:16: warning[-Wanalyzer-malloc-leak]: leak of ‘make_filename("t-data-2.txt")’
#  245|   	  {
#  246|   	    FILE *fp = fopen (longer_text_filename, "rb");
#  247|-> 	    if (! fp)
#  248|   	      {
#  249|   		fprintf (stderr, "%s:%d: fopen: %s\n", __FILE__, __LINE__,

Error: CLANG_WARNING: [#def160]
gpgme-2.0.1/tools/gnupg-key-manage.c:110:15: warning[deadcode.DeadStores]: Value stored to 's' during its initialization is never read
#  108|   data_type_to_string (gpgme_data_type_t dt)
#  109|   {
#  110|->   const char *s = "[?]";
#  111|   
#  112|     switch (dt)

Scan Properties