Task #83648 - openscap-1.4.3-0.20251112193404467136.main.61.gc8d2262ce/scan-results.err
back to task #83648download
Error: SHELLCHECK_WARNING (CWE-156):
/usr/bin/oscap-ssh:215:18: warning[SC2046]: Quote this to prevent word splitting.
# 213|
# 214| # We have to rewrite various paths to a remote temp dir
# 215|-> for i in $(seq 0 `expr $# - 1`); do
# 216| let j=i+1
# 217|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/compat/dev_to_tty.c: scope_hint: In function ‘load_drivers’
openscap-1.4.3/compat/dev_to_tty.c:87:15: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘tmn’
# 85| len = end - p;
# 86| tmn = malloc(sizeof(tty_map_node));
# 87|-> tmn->next = tty_map;
# 88| tty_map = tmn;
# 89| /* if we have a devfs type name such as /dev/tts/%d then strip the %d but
Error: COMPILER_WARNING:
openscap-1.4.3/src/source/public/oscap_source.h:26: included_from: Included from here.
openscap-1.4.3/src/CPE/public/cpe_dict.h:43: included_from: Included from here.
openscap-1.4.3/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:4063: included_from: Included from here.
openscap-1.4.3/redhat-linux-build/config.h:53:9: warning: ‘HAVE_PTHREAD_SETNAME_NP’ redefined
/usr/include/python3.14/pyconfig-64.h:1026:9: note: this is the location of the previous definition
# 51|
# 52| #define HAVE_PTHREAD_TIMEDJOIN_NP
# 53|-> #define HAVE_PTHREAD_SETNAME_NP
# 54| #define HAVE_PTHREAD_GETNAME_NP
# 55| #define HAVE_CLOCK_GETTIME
Error: COMPILER_WARNING:
openscap-1.4.3/redhat-linux-build/config.h:54:9: warning: ‘HAVE_PTHREAD_GETNAME_NP’ redefined
/usr/include/python3.14/pyconfig-64.h:1011:9: note: this is the location of the previous definition
# 52| #define HAVE_PTHREAD_TIMEDJOIN_NP
# 53| #define HAVE_PTHREAD_SETNAME_NP
# 54|-> #define HAVE_PTHREAD_GETNAME_NP
# 55| #define HAVE_CLOCK_GETTIME
# 56|
Error: COMPILER_WARNING:
openscap-1.4.3/redhat-linux-build/config.h:55:9: warning: ‘HAVE_CLOCK_GETTIME’ redefined
/usr/include/python3.14/pyconfig-64.h:152:9: note: this is the location of the previous definition
# 53| #define HAVE_PTHREAD_SETNAME_NP
# 54| #define HAVE_PTHREAD_GETNAME_NP
# 55|-> #define HAVE_CLOCK_GETTIME
# 56|
# 57| #define HAVE_POSIX_MEMALIGN
Error: COMPILER_WARNING:
openscap-1.4.3/redhat-linux-build/config.h:70:9: warning: ‘HAVE_SYSLOG_H’ redefined
/usr/include/python3.14/pyconfig-64.h:1362:9: note: this is the location of the previous definition
# 68| #endif
# 69|
# 70|-> #define HAVE_SYSLOG_H
# 71| #define HAVE_STDIO_EXT_H
# 72| #define CAP_FOUND
Error: COMPILER_WARNING:
openscap-1.4.3/redhat-linux-build/config.h:75:9: warning: ‘HAVE_SHADOW_H’ redefined
/usr/include/python3.14/pyconfig-64.h:1206:9: note: this is the location of the previous definition
# 73| #define SELINUX_FOUND
# 74| /* #undef HAVE_PROC_DEVNAME_H */
# 75|-> #define HAVE_SHADOW_H
# 76| /* #undef HAVE_SYS_SYSTEMINFO_H */
# 77| #define HAVE_ACL_LIBACL_H
Error: COMPILER_WARNING:
openscap-1.4.3/redhat-linux-build/config.h:82:9: warning: ‘HAVE_SYS_XATTR_H’ redefined
/usr/include/python3.14/pyconfig-64.h:1496:9: note: this is the location of the previous definition
# 80| #define HAVE_UIO_H
# 81| #define HAVE_ATTR_XATTR_H
# 82|-> #define HAVE_SYS_XATTR_H
# 83| /* #undef HAVE_SYS_EXTATTR_H */
# 84|
Error: COMPILER_WARNING (CWE-704):
openscap-1.4.3/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c: scope_hint: In function ‘agent_reporter_callback_wrapper’
openscap-1.4.3/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:4389:37: warning[-Wdiscarded-qualifiers]: passing argument 2 of ‘SWIG_Python_NewPointerObj’ discards ‘const’ qualifier from pointer target type
openscap-1.4.3/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:1354:89: note: in definition of macro ‘SWIG_NewPointerObj’
openscap-1.4.3/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:3107:49: note: expected ‘void *’ but argument is of type ‘const struct oval_result_definition *’
# 4387|
# 4388| state = PyGILState_Ensure();
# 4389|-> py_res_def = SWIG_NewPointerObj(res_def, SWIGTYPE_p_oval_result_definition, 1);
# 4390| data = (struct internal_usr *) arg;
# 4391| func = data->func;
Error: COMPILER_WARNING (CWE-477):
openscap-1.4.3/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c: scope_hint: In function ‘xccdf_session_set_rule_py’
openscap-1.4.3/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:4547:5: warning[-Wdeprecated-declarations]: ‘xccdf_session_set_rule’ is deprecated
openscap-1.4.3/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:3733: included_from: Included from here.
openscap-1.4.3/src/XCCDF/public/xccdf_session.h:113:33: note: declared here
openscap-1.4.3/src/common/public/oscap.h:45:33: note: in definition of macro ‘OSCAP_DEPRECATED’
# 4545|
# 4546| void xccdf_session_set_rule_py(struct xccdf_session *sess, char *rule) {
# 4547|-> xccdf_session_set_rule(sess, rule);
# 4548| }
# 4549|
Error: COMPILER_WARNING (CWE-477):
openscap-1.4.3/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c: scope_hint: In function ‘_wrap_xccdf_session_set_rule’
openscap-1.4.3/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:38743:3: warning[-Wdeprecated-declarations]: ‘xccdf_session_set_rule’ is deprecated
openscap-1.4.3/src/XCCDF/public/xccdf_session.h:113:33: note: declared here
openscap-1.4.3/src/common/public/oscap.h:45:33: note: in definition of macro ‘OSCAP_DEPRECATED’
#38741| }
#38742| arg2 = (char *)(buf2);
#38743|-> xccdf_session_set_rule(arg1,(char const *)arg2);
#38744| resultobj = SWIG_Py_Void();
#38745| if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
Error: COMPILER_WARNING (CWE-477):
openscap-1.4.3/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c: scope_hint: In function ‘_wrap_xccdf_session_set_remote_resources’
openscap-1.4.3/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:39301:3: warning[-Wdeprecated-declarations]: ‘xccdf_session_set_remote_resources’ is deprecated
openscap-1.4.3/src/XCCDF/public/xccdf_session.h:262:33: note: declared here
openscap-1.4.3/src/common/public/oscap.h:45:33: note: in definition of macro ‘OSCAP_DEPRECATED’
#39299| }
#39300| }
#39301|-> xccdf_session_set_remote_resources(arg1,arg2,arg3);
#39302| resultobj = SWIG_Py_Void();
#39303| return resultobj;
Error: COMPILER_WARNING (CWE-477):
openscap-1.4.3/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c: scope_hint: In function ‘_wrap_oval_session_set_remote_resources’
openscap-1.4.3/redhat-linux-build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:61515:3: warning[-Wdeprecated-declarations]: ‘oval_session_set_remote_resources’ is deprecated
openscap-1.4.3/src/OVAL/public/oval_session.h:242:33: note: declared here
openscap-1.4.3/src/common/public/oscap.h:45:33: note: in definition of macro ‘OSCAP_DEPRECATED’
#61513| }
#61514| }
#61515|-> oval_session_set_remote_resources(arg1,arg2,arg3);
#61516| resultobj = SWIG_Py_Void();
#61517| return resultobj;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpe_ctx_priv.c: scope_hint: In function ‘cpe_parser_ctx_from_reader’
openscap-1.4.3/src/CPE/cpe_ctx_priv.c:48:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘calloc(1, 24)’
openscap-1.4.3/src/CPE/cpe_ctx_priv.c: scope_hint: In function ‘cpe_parser_ctx_from_reader’
# 46| {
# 47| struct cpe_parser_ctx *ctx = _cpe_parser_ctx_new();
# 48|-> ctx->reader = reader;
# 49| ctx->owns_reader = false;
# 50| return ctx;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpe_session.c: scope_hint: In function ‘cpe_session_new’
openscap-1.4.3/src/CPE/cpe_session.c:52:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘cpe’
# 50| {
# 51| struct cpe_session *cpe = calloc(1, sizeof(struct cpe_session));
# 52|-> cpe->dicts = oscap_list_new();
# 53| cpe->lang_models = oscap_list_new();
# 54| cpe->oval_sessions = oscap_htable_new();
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpedict_ext_priv.c: scope_hint: In function ‘cpe_ext_deprecation_new’
openscap-1.4.3/src/CPE/cpedict_ext_priv.c:100:36: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘deprecation’
# 98| {
# 99| struct cpe_ext_deprecation *deprecation = calloc(1, sizeof(struct cpe_ext_deprecation));
# 100|-> deprecation->deprecatedbys = oscap_list_new();
# 101| return deprecation;
# 102| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpedict_ext_priv.c: scope_hint: In function ‘cpe23_item_new’
openscap-1.4.3/src/CPE/cpedict_ext_priv.c:107:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘item’
# 105| {
# 106| struct cpe23_item *item = calloc(1, sizeof(struct cpe23_item));
# 107|-> item->deprecations = oscap_list_new();
# 108| return item;
# 109| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpedict_ext_priv.c: scope_hint: In function ‘cpe_ext_deprecatedby_parse’
openscap-1.4.3/src/CPE/cpedict_ext_priv.c:128:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘calloc(1, 16)’
openscap-1.4.3/src/CPE/cpedict_ext_priv.c: scope_hint: In function ‘cpe_ext_deprecatedby_parse’
# 126|
# 127| struct cpe_ext_deprecatedby *deprecatedby = cpe_ext_deprecatedby_new();
# 128|-> deprecatedby->name = (char *) xmlTextReaderGetAttribute(reader, BAD_CAST ATTR_NAME_STR);
# 129| char *type = (char *) xmlTextReaderGetAttribute(reader, BAD_CAST ATTR_TYPE_STR);
# 130| if (type == NULL) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_notes_new’
openscap-1.4.3/src/CPE/cpedict_priv.c:385:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘notes’
# 383| {
# 384| struct cpe_notes *notes = calloc(1, sizeof(struct cpe_notes));
# 385|-> notes->notes = oscap_list_new();
# 386| return notes;
# 387| }
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_vendor_parse’
openscap-1.4.3/src/CPE/cpedict_priv.c:902:41: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_product_new()’
# 900| else if (oscap_strcasecmp((const char *)data, "o") == 0)
# 901| product->part = CPE_PART_OS;
# 902|-> else if (oscap_strcasecmp((const char *)data, "a") == 0)
# 903| product->part = CPE_PART_APP;
# 904| else {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpedict_priv.c:919:40: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cpe_version_new()’
# 917| // initialization
# 918| version = cpe_version_new();
# 919|-> version->value = (char *)xmlTextReaderGetAttribute(reader, ATTR_VALUE_STR);
# 920| oscap_list_add(product->versions, version);
# 921| } else if (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_UPDATE_STR) == 0) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpedict_priv.c:920:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘product’
# 918| version = cpe_version_new();
# 919| version->value = (char *)xmlTextReaderGetAttribute(reader, ATTR_VALUE_STR);
# 920|-> oscap_list_add(product->versions, version);
# 921| } else if (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_UPDATE_STR) == 0) {
# 922| // initialization
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpedict_priv.c:924:39: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cpe_update_new()’
# 922| // initialization
# 923| update = cpe_update_new();
# 924|-> update->value = (char *)xmlTextReaderGetAttribute(reader, ATTR_VALUE_STR);
# 925| oscap_list_add(version->updates, update);
# 926| } else if (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_EDITION_STR) == 0) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpedict_priv.c:925:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘version’
# 923| update = cpe_update_new();
# 924| update->value = (char *)xmlTextReaderGetAttribute(reader, ATTR_VALUE_STR);
# 925|-> oscap_list_add(version->updates, update);
# 926| } else if (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_EDITION_STR) == 0) {
# 927| // initialization
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpedict_priv.c:929:40: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cpe_edition_new()’
# 927| // initialization
# 928| edition = cpe_edition_new();
# 929|-> edition->value = (char *)xmlTextReaderGetAttribute(reader, ATTR_VALUE_STR);
# 930| oscap_list_add(update->editions, edition);
# 931| } else if (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_LANGUAGE_STR) == 0) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpedict_priv.c:930:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘update’
# 928| edition = cpe_edition_new();
# 929| edition->value = (char *)xmlTextReaderGetAttribute(reader, ATTR_VALUE_STR);
# 930|-> oscap_list_add(update->editions, edition);
# 931| } else if (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_LANGUAGE_STR) == 0) {
# 932| // initialization
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpedict_priv.c:934:41: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cpe_language_new()’
# 932| // initialization
# 933| language = cpe_language_new();
# 934|-> language->value = (char *)xmlTextReaderGetAttribute(reader, ATTR_VALUE_STR);
# 935| oscap_list_add(edition->languages, language);
# 936| } else {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpedict_priv.c:935:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘edition’
# 933| language = cpe_language_new();
# 934| language->value = (char *)xmlTextReaderGetAttribute(reader, ATTR_VALUE_STR);
# 935|-> oscap_list_add(edition->languages, language);
# 936| } else {
# 937| oscap_seterr(OSCAP_EFAMILY_OSCAP, "Unknown XML element withinin CPE vendor element, local name is '%s'.",
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpelang_priv.c: scope_hint: In function ‘cpe_testexpr_parse’
openscap-1.4.3/src/CPE/cpelang_priv.c:401:39: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cpe_testexpr_new()’
# 399| // fill the structure
# 400| struct cpe_testexpr *subexpr = cpe_testexpr_new();
# 401|-> subexpr->oper = CPE_LANG_OPER_MATCH;
# 402| temp = xmlTextReaderGetAttribute(reader, ATTR_NAME_STR);
# 403| subexpr->meta.cpe = cpe_name_new((char *)temp);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpelang_priv.c:410:39: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cpe_testexpr_new()’
# 408| xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) {
# 409| struct cpe_testexpr *subexpr = cpe_testexpr_new();
# 410|-> subexpr->oper = CPE_LANG_OPER_CHECK;
# 411| subexpr->meta.check.system = (char*)xmlTextReaderGetAttribute(reader, ATTR_SYSTEM_STR);
# 412| subexpr->meta.check.href = (char*)xmlTextReaderGetAttribute(reader, ATTR_HREF_STR);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpename.c: scope_hint: In function ‘cpe_urlencode’
openscap-1.4.3/src/CPE/cpename.c:396:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
openscap-1.4.3/src/CPE/cpename.c:40: included_from: Included from here.
# 394| for (const char *in = str; *in != '\0'; ++in, ++out) {
# 395| if (isalnum(*in) || strchr("-._~", *in))
# 396|-> *out = *in;
# 397| else {
# 398| // this char shall be %-encoded
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpename.c:407:14: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 405| // if the last character was non-alphanum we will have 2 consecutive
# 406| // \0s at the end of the string which doesn't hurt anything
# 407|-> *out = '\0';
# 408|
# 409| return result;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpename.c: scope_hint: In function ‘cpestring_comp_encode’
openscap-1.4.3/src/CPE/cpename.c:460:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 458| for (const char *in = str; *in != '\0'; ++in, ++out) {
# 459| if (isalnum(*in) || strchr("._~", *in)) {
# 460|-> *out = *in;
# 461| }
# 462| else if (*in == '\\') {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpename.c:464:34: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 462| else if (*in == '\\') {
# 463| // anything escaped stays escaped
# 464|-> *(out++) = *(in++);
# 465| *(out) = *(in);
# 466| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpename.c:468:34: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 466| }
# 467| else if (*in == ':') {
# 468|-> *(out++) = '\\';
# 469| *(out) = *in;
# 470| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpename.c:472:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 470| }
# 471| else if (*in == '*') {
# 472|-> *out = *in;
# 473| }
# 474| else if (*in == '-') {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpename.c:475:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 473| }
# 474| else if (*in == '-') {
# 475|-> *out = *in;
# 476| }
# 477| else {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/CPE/cpename.c:487:14: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 485| // if the last character was non-alphanum we will have 2 consecutive
# 486| // \0s at the end of the string which doesn't hurt anything
# 487|-> *out = '\0';
# 488|
# 489| return result;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/CPE/cpename.c: scope_hint: In function ‘cpe_name_get_as_format’
openscap-1.4.3/src/CPE/cpename.c:670:32: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 668| part[i] = cpestring_comp_encode(as_str(cpe_get_field(cpe, i)));
# 669|
# 670|-> len += strlen(part[i]);
# 671| }
# 672|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/DS/ds_rds_session.c: scope_hint: In function ‘ds_rds_session_new_from_source’
openscap-1.4.3/src/DS/ds_rds_session.c:57:29: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘rds_session’
# 55| }
# 56| struct ds_rds_session *rds_session = (struct ds_rds_session *) calloc(1, sizeof(struct ds_rds_session));
# 57|-> rds_session->source = source;
# 58| rds_session->component_sources = oscap_htable_new();
# 59| return rds_session;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/DS/ds_sds_session.c: scope_hint: In function ‘ds_sds_session_new_from_source’
openscap-1.4.3/src/DS/ds_sds_session.c:75:29: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘sds_session’
# 73| }
# 74| struct ds_sds_session *sds_session = (struct ds_sds_session *) calloc(1, sizeof(struct ds_sds_session));
# 75|-> sds_session->source = source;
# 76| sds_session->component_sources = oscap_htable_new();
# 77| sds_session->component_uris = oscap_htable_new();
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/DS/rds.c: scope_hint: In function ‘ds_rds_create_source’
openscap-1.4.3/src/DS/rds.c:850:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘tailoring_doc_timestamp’ where non-null expected
openscap-1.4.3/src/DS/rds.c:44: included_from: Included from here.
/usr/include/time.h:99:15: note: argument 1 of ‘strftime’ must be non-null
# 848| const size_t max_timestamp_len = 32;
# 849| tailoring_doc_timestamp = malloc(max_timestamp_len);
# 850|-> strftime(tailoring_doc_timestamp, max_timestamp_len, "%Y-%m-%dT%H:%M:%S", localtime(&file_stat.st_mtime));
# 851| }
# 852| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/DS/rds_asset_index.c: scope_hint: In function ‘rds_asset_index_new’
openscap-1.4.3/src/DS/rds_asset_index.c:48:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
# 46| struct rds_asset_index *ret = calloc(1, sizeof(struct rds_asset_index));
# 47| ret->id = NULL;
# 48|-> ret->reports = oscap_list_new();
# 49|
# 50| return ret;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/DS/rds_index.c: scope_hint: In function ‘rds_index_new’
openscap-1.4.3/src/DS/rds_index.c:49:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
# 47| {
# 48| struct rds_index *ret = calloc(1, sizeof(struct rds_index));
# 49|-> ret->report_requests = oscap_list_new();
# 50| ret->assets = oscap_list_new();
# 51| ret->reports = oscap_list_new();
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/DS/rds_index.c: scope_hint: In function ‘rds_index_get_report_request’
openscap-1.4.3/src/DS/rds_index.c:104:21: warning[-Wanalyzer-null-argument]: use of NULL ‘id’ where non-null expected
openscap-1.4.3/src/common/util.h:34: included_from: Included from here.
openscap-1.4.3/src/common/list.h:34: included_from: Included from here.
openscap-1.4.3/src/DS/rds_index.c:28: included_from: Included from here.
/usr/include/string.h:163:12: note: argument 2 of ‘strcmp’ must be non-null
# 102| {
# 103| struct rds_report_request_index* rr_index = rds_report_request_index_iterator_next(it);
# 104|-> if (strcmp(rds_report_request_index_get_id(rr_index), id) == 0) {
# 105| ret = rr_index;
# 106| break;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/DS/rds_report_index.c: scope_hint: In function ‘rds_report_index_parse’
openscap-1.4.3/src/DS/rds_report_index.c:88:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘rds_report_index_new()’
# 86| struct rds_report_index *ret = rds_report_index_new();
# 87|
# 88|-> ret->id = (char*)xmlTextReaderGetAttribute(reader, BAD_CAST "id");
# 89| return ret;
# 90| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/DS/rds_report_request_index.c: scope_hint: In function ‘rds_report_request_index_parse’
openscap-1.4.3/src/DS/rds_report_request_index.c:77:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘rds_report_request_index_new()’
# 75| struct rds_report_request_index* ret = rds_report_request_index_new();
# 76|
# 77|-> ret->id = (char*)xmlTextReaderGetAttribute(reader, BAD_CAST "id");
# 78| return ret;
# 79| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/DS/sds.c: scope_hint: In function ‘ds_sds_mangle_filepath’
openscap-1.4.3/src/DS/sds.c:844:35: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘dst_it’
# 842| if (*src_it == '/')
# 843| {
# 844|-> *dst_it++ = '-';
# 845| *dst_it++ = '-';
# 846| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/DS/sds.c:848:35: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘dst_it’
# 846| }
# 847| else if (*src_it == '@') {
# 848|-> *dst_it++ = '-';
# 849| *dst_it++ = '-';
# 850| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/DS/sds.c:853:35: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘dst_it’
# 851| else
# 852| {
# 853|-> *dst_it++ = *src_it;
# 854| }
# 855|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/DS/sds.c:859:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘dst_it’
# 857| }
# 858|
# 859|-> *dst_it = '\0';
# 860|
# 861| return ret;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/DS/sds_index.c: scope_hint: In function ‘ds_stream_index_new’
openscap-1.4.3/src/DS/sds_index.c:55:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
# 53| struct ds_stream_index* ret = malloc(sizeof(struct ds_stream_index));
# 54|
# 55|-> ret->id = NULL;
# 56| ret->timestamp = NULL;
# 57| ret->version = NULL;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/DS/sds_index.c: scope_hint: In function ‘ds_sds_index_new’
openscap-1.4.3/src/DS/sds_index.c:218:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
# 216| {
# 217| struct ds_sds_index* ret = malloc(sizeof(struct ds_sds_index));
# 218|-> ret->streams = oscap_list_new();
# 219|
# 220| ret->benchmark_id_to_component_id = oscap_htable_new();
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/adt/oval_collection.c: scope_hint: In function ‘oval_collection_iterator’
openscap-1.4.3/src/OVAL/adt/oval_collection.c:131:38: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘iterator_frame’
# 129| (struct _oval_collection_item_frame *)malloc(sizeof(_oval_collection_item_frame_t));
# 130|
# 131|-> iterator_frame->next = iterator->item_iterator_frame;
# 132| iterator_frame->item = collection_frame->item;
# 133| iterator->item_iterator_frame = iterator_frame;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/adt/oval_smc_iterator.c: scope_hint: In function ‘oval_smc_iterator_new’
openscap-1.4.3/src/OVAL/adt/oval_smc_iterator.c:53:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘it’
# 51| struct oval_smc_iterator *it = calloc(1, sizeof(struct oval_smc_iterator));
# 52|
# 53|-> it->primary_col = oval_string_map_collect_values((struct oval_string_map *) mapping, NULL);
# 54| it->primary_it = oval_collection_iterator(it->primary_col);
# 55| it->secondary_it = NULL;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_affected.c: scope_hint: In function ‘oval_affected_set_family’
openscap-1.4.3/src/OVAL/oval_affected.c:171:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘affected’
# 169| __attribute__nonnull__(affected);
# 170|
# 171|-> affected->family = family;
# 172| }
# 173|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_agent.c: scope_hint: In function ‘oval_agent_new_session’
openscap-1.4.3/src/OVAL/oval_agent.c:103:27: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ag_sess’
openscap-1.4.3/src/OVAL/oval_agent.c: scope_hint: In function ‘oval_agent_new_session’
# 101|
# 102| oval_agent_session_t *ag_sess = malloc(sizeof(oval_agent_session_t));
# 103|-> ag_sess->filename = oscap_strdup(name);
# 104| ag_sess->def_model = model;
# 105| ag_sess->cur_var_model = NULL;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_behavior.c: scope_hint: In function ‘oval_behavior_set_keyval’
openscap-1.4.3/src/OVAL/oval_behavior.c:130:23: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘behavior’
openscap-1.4.3/src/OVAL/oval_behavior.c: scope_hint: In function ‘oval_behavior_set_keyval’
# 128| __attribute__nonnull__(behavior);
# 129|
# 130|-> behavior->key = oscap_strdup(key);
# 131| behavior->value = oscap_strdup(value);
# 132| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c: scope_hint: In function ‘oval_component_get_type’
openscap-1.4.3/src/OVAL/oval_component.c:275:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’
# 273| __attribute__nonnull__(component);
# 274|
# 275|-> return component->type;
# 276| }
# 277|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c: scope_hint: In function ‘oval_component_set_variable’
openscap-1.4.3/src/OVAL/oval_component.c:939:22: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’
# 937|
# 938| /* type == OVAL_COMPONENT_VARREF */
# 939|-> if (component->type == OVAL_COMPONENT_VARREF) {
# 940| oval_component_VARREF_t *varref = (oval_component_VARREF_t *) component;
# 941| varref->variable = variable;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_ARITHMETIC_tag’
openscap-1.4.3/src/OVAL/oval_component.c:1028:31: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’
# 1026| oval_arithmetic_operation_t operation = oval_arithmetic_operation_parse(reader, "arithmetic_operation",
# 1027| OVAL_ARITHMETIC_UNKNOWN);
# 1028|-> arithmetic->operation = operation;
# 1029| return _oval_component_parse_FUNCTION_tag(reader, context, component);
# 1030| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_BEGEND_tag’
openscap-1.4.3/src/OVAL/oval_component.c:1039:27: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’
# 1037|
# 1038| oval_component_BEGEND_t *begend = (oval_component_BEGEND_t *) component;
# 1039|-> begend->character = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "character");
# 1040|
# 1041| return _oval_component_parse_FUNCTION_tag(reader, context, component);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_SPLIT_tag’
openscap-1.4.3/src/OVAL/oval_component.c:1051:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’
# 1049|
# 1050| oval_component_SPLIT_t *split = (oval_component_SPLIT_t *) component;
# 1051|-> split->delimiter = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "delimiter");
# 1052|
# 1053| return _oval_component_parse_FUNCTION_tag(reader, context, component);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_GLOB_TO_REGEX_tag’
openscap-1.4.3/src/OVAL/oval_component.c:1063:38: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’
# 1061|
# 1062| oval_component_GLOB_t *glob_to_regex = (oval_component_GLOB_t *) component;
# 1063|-> glob_to_regex->glob_noescape = oval_parser_boolean_attribute(reader, "glob_noescape", 0);
# 1064|
# 1065| return _oval_component_parse_FUNCTION_tag(reader, context, component);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_SUBSTRING_tag’
openscap-1.4.3/src/OVAL/oval_component.c:1084:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’
# 1082| if (length_text != NULL)
# 1083| free(length_text);
# 1084|-> substring->start = start;
# 1085| substring->length = length;
# 1086|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_TIMEDIF_tag’
openscap-1.4.3/src/OVAL/oval_component.c:1101:27: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’
# 1099| oval_datetime_format_t format_2 = oval_datetime_format_parse(reader, "format_2",
# 1100| OVAL_DATETIME_YEAR_MONTH_DAY);
# 1101|-> timedif->format_1 = format_1;
# 1102| timedif->format_2 = format_2;
# 1103|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_REGEX_CAPTURE_tag’
openscap-1.4.3/src/OVAL/oval_component.c:1115:24: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’
# 1113| oval_component_REGEX_CAPTURE_t *regex = (oval_component_REGEX_CAPTURE_t *) component;
# 1114|
# 1115|-> regex->pattern = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "pattern");
# 1116|
# 1117| return _oval_component_parse_FUNCTION_tag(reader, context, component);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_evaluate_CONCAT’
openscap-1.4.3/src/OVAL/oval_component.c:1599:39: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘component_colls’
# 1597| oval_syschar_collection_flag_t subflag = oval_component_eval_common(argu, subcomp, subcoll);
# 1598| flag = _AGG_FLAG(flag, subflag);
# 1599|-> component_colls[idx0] = subcoll;
# 1600| }
# 1601| bool not_finished = (len_subcomps > 0) && _HAS_VALUES(flag);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c:1612:38: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘counts’
# 1610| struct oval_value_iterator *comp_values =
# 1611| (struct oval_value_iterator *)oval_collection_iterator(component_colls[idx0]);
# 1612|-> counts[idx0] = oval_value_iterator_remaining(comp_values);
# 1613| if (counts[idx0]) {
# 1614| /* int dbgnum = catnum; <-- unused variable */
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c:1616:46: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘values’
# 1614| /* int dbgnum = catnum; <-- unused variable */
# 1615| catnum = catnum * counts[idx0];
# 1616|-> values[idx0] = comp_values;
# 1617| texts[idx0] = oval_value_get_text(oval_value_iterator_next(comp_values));
# 1618| not_finished = true;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c:1617:45: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘texts’
# 1615| catnum = catnum * counts[idx0];
# 1616| values[idx0] = comp_values;
# 1617|-> texts[idx0] = oval_value_get_text(oval_value_iterator_next(comp_values));
# 1618| not_finished = true;
# 1619| } else {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c:1624:46: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘values’
# 1622| (oscap_destruct_func) oval_value_free);
# 1623| component_colls[idx0] = NULL;
# 1624|-> values[idx0] = NULL;
# 1625| texts[idx0] = NULL;
# 1626| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c:1625:45: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘texts’
# 1623| component_colls[idx0] = NULL;
# 1624| values[idx0] = NULL;
# 1625|-> texts[idx0] = NULL;
# 1626| }
# 1627| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c:1634:33: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘concat’
# 1632| len_cat += strlen(texts[idx0]);
# 1633| char *concat = malloc(len_cat);
# 1634|-> *concat = '\0';
# 1635| for (idx0 = 0; idx0 < len_subcomps; idx0++)
# 1636| if (texts[idx0])
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c:1671:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘component_colls’
# 1669| } else {
# 1670| for (idx0 = 0; idx0 < len_subcomps; ++idx0)
# 1671|-> oval_collection_free_items(component_colls[idx0], (oscap_destruct_func) oval_value_free);
# 1672| }
# 1673| free(component_colls);
Error: GCC_ANALYZER_WARNING (CWE-457):
openscap-1.4.3/src/OVAL/oval_component.c:1671:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
# 1669| } else {
# 1670| for (idx0 = 0; idx0 < len_subcomps; ++idx0)
# 1671|-> oval_collection_free_items(component_colls[idx0], (oscap_destruct_func) oval_value_free);
# 1672| }
# 1673| free(component_colls);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_evaluate_COUNT’
openscap-1.4.3/src/OVAL/oval_component.c:1694:39: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘component_colls’
# 1692| oval_syschar_collection_flag_t subflag = oval_component_eval_common(argu, subcomp, subcoll);
# 1693| flag = _AGG_FLAG(flag, subflag);
# 1694|-> component_colls[idx0] = subcoll;
# 1695| }
# 1696| bool not_finished = (len_subcomps > 0) && _HAS_VALUES(flag);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c:1717:11: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘component_colls’
# 1715|
# 1716| for (idx0 = 0; idx0 < len_subcomps; ++idx0)
# 1717|-> oval_collection_free_items(component_colls[idx0], (oscap_destruct_func) oval_value_free);
# 1718|
# 1719| free(component_colls);
Error: GCC_ANALYZER_WARNING (CWE-457):
openscap-1.4.3/src/OVAL/oval_component.c:1717:11: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
# 1715|
# 1716| for (idx0 = 0; idx0 < len_subcomps; ++idx0)
# 1717|-> oval_collection_free_items(component_colls[idx0], (oscap_destruct_func) oval_value_free);
# 1718|
# 1719| free(component_colls);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_evaluate_UNIQUE’
openscap-1.4.3/src/OVAL/oval_component.c:1738:39: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘component_colls’
# 1736| oval_syschar_collection_flag_t subflag = oval_component_eval_common(argu, subcomp, subcoll);
# 1737| flag = _AGG_FLAG(flag, subflag);
# 1738|-> component_colls[idx0] = subcoll;
# 1739| }
# 1740|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c:1768:11: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘component_colls’
# 1766|
# 1767| for (idx0 = 0; idx0 < len_subcomps; ++idx0)
# 1768|-> oval_collection_free_items(component_colls[idx0], (oscap_destruct_func) oval_value_free);
# 1769|
# 1770| free(component_colls);
Error: GCC_ANALYZER_WARNING (CWE-457):
openscap-1.4.3/src/OVAL/oval_component.c:1768:11: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
# 1766|
# 1767| for (idx0 = 0; idx0 < len_subcomps; ++idx0)
# 1768|-> oval_collection_free_items(component_colls[idx0], (oscap_destruct_func) oval_value_free);
# 1769|
# 1770| free(component_colls);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_evaluate_SPLIT’
openscap-1.4.3/src/OVAL/oval_component.c:1782:25: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 1780| struct oval_component_iterator *subcomps = oval_component_get_function_components(component);
# 1781| char *delimiter = oval_component_get_split_delimiter(component);
# 1782|-> int len_delim = strlen(delimiter);
# 1783| if (oval_component_iterator_has_more(subcomps)) { /* Only first component is considered */
# 1784| struct oval_component *subcomp = oval_component_iterator_next(subcomps);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c:1794:41: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘split’
# 1792| char *split = malloc(strlen(text) + 2);
# 1793| char *split0 = split;
# 1794|-> *split0 = '\0';
# 1795| strcat(split0, text);
# 1796| split0[strlen(text) + 1] = '\0'; /*last two characters are EOS */
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_evaluate_ESCAPE_REGEX’
openscap-1.4.3/src/OVAL/oval_component.c:2158:51: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘insert’
openscap-1.4.3/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_evaluate_ESCAPE_REGEX’
# 2156| while (*text) {
# 2157| if (_isEscape(*text))
# 2158|-> *insert++ = '\\';
# 2159| *insert++ = *text++;
# 2160| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c:2159:43: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘insert’
openscap-1.4.3/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_evaluate_ESCAPE_REGEX’
# 2157| if (_isEscape(*text))
# 2158| *insert++ = '\\';
# 2159|-> *insert++ = *text++;
# 2160| }
# 2161| *insert = '\0';
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c:2161:33: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘insert’
# 2159| *insert++ = *text++;
# 2160| }
# 2161|-> *insert = '\0';
# 2162| value = oval_value_new(OVAL_DATATYPE_STRING, string);
# 2163| free(string);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_evaluate_ARITHMETIC’
openscap-1.4.3/src/OVAL/oval_component.c:2376:34: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘vcl_elm’
# 2374| flag = oval_component_eval_common(argu, subcomp, val_col);
# 2375| vcl_elm = malloc(sizeof (struct val_col_lst_s));
# 2376|-> vcl_elm->val_col = val_col;
# 2377| vcl_elm->next = vcl_root;
# 2378| vcl_root = vcl_elm;
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/oval_defModel.c: scope_hint: In function ‘oval_definition_model_clone’
openscap-1.4.3/src/OVAL/oval_defModel.c:121:26: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openscap-1.4.3/src/OVAL/oval_defModel.c: scope_hint: In function ‘oval_definition_model_clone’
openscap-1.4.3/src/OVAL/oval_defModel.c: scope_hint: In function ‘oval_definition_model_clone’
# 119| _oval_definition_model_clone
# 120| (oldmodel->variable_map, newmodel, (_oval_clone_func) oval_variable_clone);
# 121|-> newmodel->schema = oscap_strdup(oldmodel->schema);
# 122| newmodel->vardef_map = NULL;
# 123| return newmodel;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_definition.c: scope_hint: In function ‘oval_definition_new’
openscap-1.4.3/src/OVAL/oval_definition.c:153:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘definition’
openscap-1.4.3/src/OVAL/oval_definition.c: scope_hint: In function ‘oval_definition_new’
# 151| struct oval_definition *definition = (struct oval_definition *)malloc(sizeof(oval_definition_t));
# 152|
# 153|-> definition->id = oscap_strdup(id);
# 154| definition->version = 0;
# 155| definition->class = OVAL_CLASS_UNKNOWN;
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/oval_directives.c: scope_hint: In function ‘oval_directives_model_get_new_classdir’
openscap-1.4.3/src/OVAL/oval_directives.c:185:59: warning[-Wanalyzer-malloc-leak]: leak of ‘*model.class_directives[(int)(<unknown> + (oval_definition_class_t)4294967295)]’
# 183| if (classind < NUMBER_OF_CLASSES) {
# 184| if (model->class_directives[classind] == NULL)
# 185|-> model->class_directives[classind] = oval_result_directives_new();
# 186|
# 187| return model->class_directives[classind];
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_entity.c: scope_hint: In function ‘oval_entity_set_datatype’
openscap-1.4.3/src/OVAL/oval_entity.c:230:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘entity’
# 228| {
# 229| __attribute__nonnull__(entity);
# 230|-> entity->datatype = datatype;
# 231| }
# 232|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_entity.c: scope_hint: In function ‘oval_entity_set_name’
openscap-1.4.3/src/OVAL/oval_entity.c:272:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘entity’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘oval_entity_set_name’
openscap-1.4.3/src/OVAL/oval_entity.c: scope_hint: In function ‘oval_entity_set_name’
# 270| {
# 271| __attribute__nonnull__(entity);
# 272|-> if (entity->name != NULL)
# 273| free(entity->name);
# 274| entity->name = (name == NULL) ? NULL : oscap_strdup(name);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/oval_enumerations.c: scope_hint: In function ‘oval_family_to_namespace’
openscap-1.4.3/src/OVAL/oval_enumerations.c:436:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘family_uri’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_sprintf’ must be non-null
# 434| /* We need to allocate memory also for '#' and '\0'. */
# 435| char *family_uri = malloc(strlen(schema_ns) + 1 + strlen(family_text) + 1);
# 436|-> sprintf(family_uri,"%s#%s", schema_ns, family_text);
# 437| xmlNs *ns = xmlSearchNsByHref(doc, parent, BAD_CAST family_uri);
# 438| free(family_uri);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_filter.c: scope_hint: In function ‘oval_filter_set_state’
openscap-1.4.3/src/OVAL/oval_filter.c:122:23: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘filter’
# 120| {
# 121| __attribute__nonnull__(filter);
# 122|-> filter->state = state;
# 123| }
# 124|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_filter.c: scope_hint: In function ‘oval_filter_set_filter_action’
openscap-1.4.3/src/OVAL/oval_filter.c:128:24: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘filter’
# 126| {
# 127| __attribute__nonnull__(filter);
# 128|-> filter->action = action;
# 129| }
# 130|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_generator.c: scope_hint: In function ‘oval_generator_new’
openscap-1.4.3/src/OVAL/oval_generator.c:60:27: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘gen’
# 58| struct oval_generator *gen;
# 59| gen = malloc(sizeof(struct oval_generator));
# 60|-> gen->product_name = NULL;
# 61| gen->product_version = NULL;
# 62| gen->core_schema_version = oscap_strdup(OVAL_SUPPORTED);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_generator.c: scope_hint: In function ‘oval_generator_clone’
openscap-1.4.3/src/OVAL/oval_generator.c:87:31: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_gen’
openscap-1.4.3/src/OVAL/oval_generator.c: scope_hint: In function ‘oval_generator_clone’
# 85|
# 86| new_gen = malloc(sizeof(*new_gen));
# 87|-> new_gen->product_name = oscap_strdup(old_generator->product_name);
# 88| new_gen->product_version = oscap_strdup(old_generator->product_version);
# 89| new_gen->core_schema_version = oscap_strdup(old_generator->core_schema_version);
Error: COMPILER_WARNING (CWE-457):
openscap-1.4.3/src/OVAL/oval_generator.c:203:36: warning[-Wmaybe-uninitialized]: ‘version’ may be used uninitialized
# 203 | xmlNode *sv_node = xmlNewTextChild(gen_node, ns_common,
# | ^
openscap-1.4.3/src/OVAL/oval_generator.c:201:40: note: ‘version’ was declared here
# 201 | const char *platform, *version;
# | ^
# 201| const char *platform, *version;
# 202| oscap_htable_iterator_next_kv(sv_itr, &platform, (void **) &version);
# 203|-> xmlNode *sv_node = xmlNewTextChild(gen_node, ns_common,
# 204| BAD_CAST "schema_version", BAD_CAST version);
# 205| size_t namespace_uri_length = strlen(namespace_uri) + 1 + strlen(platform) + 1;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_message.c: scope_hint: In function ‘oval_message_set_level’
openscap-1.4.3/src/OVAL/oval_message.c:129:24: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘message’
# 127| {
# 128| __attribute__nonnull__(message);
# 129|-> message->level = level;
# 130| }
# 131|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_object.c: scope_hint: In function ‘oval_object_set_comment’
openscap-1.4.3/src/OVAL/oval_object.c:269:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘object’
# 267| {
# 268| __attribute__nonnull__(object);
# 269|-> if (object->comment != NULL)
# 270| free(object->comment);
# 271| object->comment = (comm == NULL) ? NULL : oscap_strdup(comm);
Error: GCC_ANALYZER_WARNING (CWE-457):
openscap-1.4.3/src/OVAL/oval_object.c:269:19: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*object.comment’
# 267| {
# 268| __attribute__nonnull__(object);
# 269|-> if (object->comment != NULL)
# 270| free(object->comment);
# 271| object->comment = (comm == NULL) ? NULL : oscap_strdup(comm);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/oval_object.c: scope_hint: In function ‘oval_object_to_dom’
openscap-1.4.3/src/OVAL/oval_object.c:393:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘object_name’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_sprintf’ must be non-null
# 391| const char *subtype_text = oval_subtype_get_text(subtype);
# 392| char *object_name = malloc(strlen(subtype_text) + 8);
# 393|-> sprintf(object_name, "%s_object", subtype_text);
# 394|
# 395| oval_family_t family = oval_object_get_family(object);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_objectContent.c: scope_hint: In function ‘oval_object_content_set_field_name’
openscap-1.4.3/src/OVAL/oval_objectContent.c:275:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘content’
# 273| {
# 274| __attribute__nonnull__(content);
# 275|-> if (content->fieldName != NULL)
# 276| free(content->fieldName);
# 277| content->fieldName = (name == NULL) ? NULL : oscap_strdup(name);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_probe_ext.c: scope_hint: In function ‘oval_pdtbl_new’
openscap-1.4.3/src/OVAL/oval_probe_ext.c:89:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘p_tbl’
# 87| {
# 88| oval_pdtbl_t *p_tbl = malloc(sizeof(oval_pdtbl_t));
# 89|-> p_tbl->memb = NULL;
# 90| p_tbl->count = 0;
# 91| p_tbl->ctx = SEAP_CTX_new();
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_probe_ext.c: scope_hint: In function ‘oval_pdtbl_add’
openscap-1.4.3/src/OVAL/oval_probe_ext.c:136:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘pd’
openscap-1.4.3/src/OVAL/oval_probe_ext.c:44: included_from: Included from here.
openscap-1.4.3/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’
openscap-1.4.3/src/common/debug_priv.h:61:17: note: in expansion of macro ‘oscap_dlprintf’
openscap-1.4.3/src/OVAL/oval_probe_ext.c:776:25: note: in expansion of macro ‘dI’
# 134|
# 135| oval_pd_t *pd = malloc(sizeof(oval_pd_t));
# 136|-> pd->subtype = type;
# 137| pd->sd = sd;
# 138| pd->uri = oscap_strdup(uri);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_probe_handler.c: scope_hint: In function ‘oval_phtbl_new’
openscap-1.4.3/src/OVAL/oval_probe_handler.c:42:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘phtbl’
# 40| {
# 41| oval_phtbl_t *phtbl = malloc(sizeof(oval_phtbl_t));
# 42|-> phtbl->ph = NULL;
# 43| phtbl->sz = 0;
# 44|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_probe_session.c: scope_hint: In function ‘oval_probe_session_init’
openscap-1.4.3/src/OVAL/oval_probe_session.c:130:18: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘sess’
# 128| static void oval_probe_session_init(oval_probe_session_t *sess, struct oval_syschar_model *model)
# 129| {
# 130|-> sess->ph = oval_phtbl_new();
# 131| sess->sys_model = model;
# 132| sess->flg = 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_reference.c: scope_hint: In function ‘oval_reference_set_source’
openscap-1.4.3/src/OVAL/oval_reference.c:137:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ref’
# 135| {
# 136| __attribute__nonnull__(ref);
# 137|-> if (ref->source != NULL)
# 138| free(ref->source);
# 139| ref->source = (source == NULL) ? NULL : oscap_strdup(source);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_reference.c: scope_hint: In function ‘oval_reference_set_id’
openscap-1.4.3/src/OVAL/oval_reference.c:145:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ref’
# 143| {
# 144| __attribute__nonnull__(ref);
# 145|-> if (ref->id != NULL)
# 146| free(ref->id);
# 147| ref->id = (id == NULL) ? NULL : oscap_strdup(id);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_reference.c: scope_hint: In function ‘oval_reference_set_url’
openscap-1.4.3/src/OVAL/oval_reference.c:153:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ref’
# 151| {
# 152| __attribute__nonnull__(ref);
# 153|-> if (ref->url != NULL)
# 154| free(ref->url);
# 155| ref->url = (url == NULL) ? NULL : oscap_strdup(url);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_session.c: scope_hint: In function ‘oval_session_new’
openscap-1.4.3/src/OVAL/oval_session.c:98:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘session’
# 96| session = (struct oval_session *) calloc(1, sizeof(struct oval_session));
# 97|
# 98|-> session->source = oscap_source_new_from_file(filename);
# 99| if ((scap_type = oscap_source_get_scap_type(session->source)) == OSCAP_DOCUMENT_UNKNOWN) {
# 100| oval_session_free(session);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_set.c: scope_hint: In function ‘oval_setobject_set_type’
openscap-1.4.3/src/OVAL/oval_set.c:217:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘set’
# 215| __attribute__nonnull__(set);
# 216|
# 217|-> set->type = type;
# 218| switch (type) {
# 219| case OVAL_SET_AGGREGATE:{
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_set.c:223:44: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(8)’
# 221| (oval_set_AGGREGATE_t *) (set->extension =
# 222| malloc(sizeof(oval_set_AGGREGATE_t)));
# 223|-> aggregate->subsets = oval_collection_new();
# 224| }
# 225| break;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_set.c: scope_hint: In function ‘oval_setobject_set_type.part.0’
openscap-1.4.3/src/OVAL/oval_set.c:230:45: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(16)’
# 228| (oval_set_COLLECTIVE_t *) (set->extension =
# 229| malloc(sizeof(oval_set_COLLECTIVE_t)));
# 230|-> collective->filters = oval_collection_new();
# 231| collective->objects = oval_collection_new();
# 232| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_set.c: scope_hint: In function ‘oval_setobject_set_operation’
openscap-1.4.3/src/OVAL/oval_set.c:242:24: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘set’
# 240| {
# 241| __attribute__nonnull__(set);
# 242|-> set->operation = operation;
# 243| }
# 244|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_state.c: scope_hint: In function ‘oval_state_set_deprecated’
openscap-1.4.3/src/OVAL/oval_state.c:235:27: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘state’
# 233| {
# 234| __attribute__nonnull__(state);
# 235|-> state->deprecated = deprecated;
# 236| }
# 237|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/oval_state.c: scope_hint: In function ‘oval_state_to_dom’
openscap-1.4.3/src/OVAL/oval_state.c:340:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘state_name’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_sprintf’ must be non-null
# 338| const char *subtype_text = oval_subtype_get_text(subtype);
# 339| char *state_name = malloc(strlen(subtype_text) + 7);
# 340|-> sprintf(state_name, "%s_state", subtype_text);
# 341|
# 342| oval_family_t family = oval_state_get_family(state);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_stateContent.c: scope_hint: In function ‘oval_state_content_set_entcheck’
openscap-1.4.3/src/OVAL/oval_stateContent.c:179:28: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘content’
# 177| {
# 178| __attribute__nonnull__(content);
# 179|-> content->ent_check = check;
# 180| }
# 181|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_sysEnt.c: scope_hint: In function ‘oval_sysent_set_name’
openscap-1.4.3/src/OVAL/oval_sysEnt.c:177:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysent’
# 175| {
# 176| __attribute__nonnull__(sysent);
# 177|-> if (sysent->name != NULL)
# 178| free(sysent->name);
# 179| sysent->name = name;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_sysEnt.c: scope_hint: In function ‘oval_sysent_set_datatype’
openscap-1.4.3/src/OVAL/oval_sysEnt.c:191:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysent’
# 189| {
# 190| __attribute__nonnull__(sysent);
# 191|-> sysent->datatype = datatype;
# 192| }
# 193|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_sysEnt.c: scope_hint: In function ‘oval_sysent_set_value’
openscap-1.4.3/src/OVAL/oval_sysEnt.c:203:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysent’
# 201| {
# 202| __attribute__nonnull__(sysent);
# 203|-> if (sysent->value != NULL)
# 204| free(sysent->value);
# 205| sysent->value = oscap_strdup(value);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_sysInfo.c: scope_hint: In function ‘oval_sysinfo_clone’
openscap-1.4.3/src/OVAL/oval_sysInfo.c:95:37: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘oval_sysinfo_new(new_model)’
openscap-1.4.3/src/OVAL/oval_sysInfo.c: scope_hint: In function ‘oval_sysinfo_clone’
# 93|
# 94| if (old_sysinfo->anyxml)
# 95|-> new_sysinfo->anyxml = oscap_strdup(old_sysinfo->anyxml);
# 96|
# 97| return new_sysinfo;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_sysInfo.c: scope_hint: In function ‘oval_sysinfo_set_os_name’
openscap-1.4.3/src/OVAL/oval_sysInfo.c:156:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysinfo’
# 154| __attribute__nonnull__(sysinfo);
# 155|
# 156|-> if (sysinfo->osName != NULL)
# 157| free(sysinfo->osName);
# 158| sysinfo->osName = oscap_strdup(osName);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_sysInfo.c: scope_hint: In function ‘oval_sysinfo_set_os_version’
openscap-1.4.3/src/OVAL/oval_sysInfo.c:169:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysinfo’
# 167| {
# 168| __attribute__nonnull__(sysinfo);
# 169|-> if (sysinfo->osVersion != NULL)
# 170| free(sysinfo->osVersion);
# 171| sysinfo->osVersion = oscap_strdup(osVersion);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_sysInfo.c: scope_hint: In function ‘oval_sysinfo_set_os_architecture’
openscap-1.4.3/src/OVAL/oval_sysInfo.c:182:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysinfo’
# 180| {
# 181| __attribute__nonnull__(sysinfo);
# 182|-> if (sysinfo->osArchitecture != NULL)
# 183| free(sysinfo->osArchitecture);
# 184| sysinfo->osArchitecture = oscap_strdup(osArchitecture);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_sysInfo.c: scope_hint: In function ‘oval_sysinfo_set_primary_host_name’
openscap-1.4.3/src/OVAL/oval_sysInfo.c:196:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysinfo’
# 194| {
# 195| __attribute__nonnull__(sysinfo);
# 196|-> if (sysinfo->primaryHostName != NULL)
# 197| free(sysinfo->primaryHostName);
# 198| sysinfo->primaryHostName = oscap_strdup(primaryHostName);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_sysInfo.c: scope_hint: In function ‘oval_sysinfo_add_interface’
openscap-1.4.3/src/OVAL/oval_sysInfo.c:212:50: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysinfo’
# 210| {
# 211| __attribute__nonnull__(sysinfo);
# 212|-> oval_collection_add(sysinfo->interfaces, oval_sysint_clone(sysinfo->model, interface));
# 213| }
# 214|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_sysInterface.c: scope_hint: In function ‘oval_sysint_set_name’
openscap-1.4.3/src/OVAL/oval_sysInterface.c:79:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysint’
# 77| {
# 78| __attribute__nonnull__(sysint);
# 79|-> if (sysint->name != NULL)
# 80| free(sysint->name);
# 81| sysint->name = oscap_strdup(name);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_sysInterface.c: scope_hint: In function ‘oval_sysint_set_ip_address’
openscap-1.4.3/src/OVAL/oval_sysInterface.c:94:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysint’
# 92| {
# 93| __attribute__nonnull__(sysint);
# 94|-> if (sysint->ipAddress != NULL)
# 95| free(sysint->ipAddress);
# 96| sysint->ipAddress = oscap_strdup(ip_address);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_sysInterface.c: scope_hint: In function ‘oval_sysint_set_mac_address’
openscap-1.4.3/src/OVAL/oval_sysInterface.c:107:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sysint’
# 105| {
# 106| __attribute__nonnull__(sysint);
# 107|-> if (sysint->macAddress != NULL)
# 108| free(sysint->macAddress);
# 109| sysint->macAddress = oscap_strdup(mac_address);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_sysItem.c: scope_hint: In function ‘oval_sysitem_add_message’
openscap-1.4.3/src/OVAL/oval_sysItem.c:164:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘item’
# 162| {
# 163| __attribute__nonnull__(item);
# 164|-> oval_collection_add(item->messages, message);
# 165| }
# 166|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_sysItem.c: scope_hint: In function ‘oval_sysitem_set_status’
openscap-1.4.3/src/OVAL/oval_sysItem.c:189:22: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘data’
# 187| {
# 188| __attribute__nonnull__(data);
# 189|-> data->status = status;
# 190| }
# 191|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/oval_sysItem.c: scope_hint: In function ‘oval_sysitem_to_dom’
openscap-1.4.3/src/OVAL/oval_sysItem.c:261:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘tagname’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_sprintf’ must be non-null
# 259| const char *subtype_text = oval_subtype_get_text(subtype);
# 260| char *tagname = malloc(strlen(subtype_text) + 6);
# 261|-> sprintf(tagname, "%s_item", subtype_text);
# 262|
# 263| oval_family_t family = oval_subtype_get_family(subtype);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_sysModel.c: scope_hint: In function ‘oval_syschar_model_set_sysinfo’
openscap-1.4.3/src/OVAL/oval_sysModel.c:204:18: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘model’
# 202| {
# 203| __attribute__nonnull__(model);
# 204|-> if (model->sysinfo)
# 205| oval_sysinfo_free(model->sysinfo);
# 206| model->sysinfo = oval_sysinfo_clone(model, sysinfo);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_syschar.c: scope_hint: In function ‘oval_syschar_set_flag’
openscap-1.4.3/src/OVAL/oval_syschar.c:68:23: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘syschar’
# 66| void oval_syschar_set_flag(struct oval_syschar *syschar, oval_syschar_collection_flag_t flag) {
# 67| __attribute__nonnull__(syschar);
# 68|-> syschar->flag = flag;
# 69| }
# 70|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_test.c: scope_hint: In function ‘oval_test_set_deprecated’
openscap-1.4.3/src/OVAL/oval_test.c:274:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘test’
# 272| {
# 273| __attribute__nonnull__(test);
# 274|-> test->deprecated = deprecated;
# 275| }
# 276|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/oval_test.c: scope_hint: In function ‘oval_test_to_dom’
openscap-1.4.3/src/OVAL/oval_test.c:454:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘test_name’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_sprintf’ must be non-null
# 452| const char *subtype_text = oval_subtype_get_text(subtype);
# 453| char *test_name = malloc(strlen(subtype_text) + 6);
# 454|-> sprintf(test_name, "%s_test", subtype_text);
# 455|
# 456| oval_family_t family = oval_test_get_family(test);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_varModel.c: scope_hint: In function ‘oval_variable_model_add’
openscap-1.4.3/src/OVAL/oval_varModel.c:175:50: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘model’
# 173|
# 174| struct _oval_variable_model_frame *frame =
# 175|-> (struct _oval_variable_model_frame *)oval_string_map_get_value(model->varmap, varid);
# 176| if (frame == NULL) {
# 177| frame = _oval_variable_model_frame_new(varid, comm, datatype);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_possible_value_new’
openscap-1.4.3/src/OVAL/oval_variable.c:111:18: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘pv’
openscap-1.4.3/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_possible_value_new’
# 109| struct oval_variable_possible_value *pv;
# 110| pv = malloc(sizeof(oval_variable_possible_value_t));
# 111|-> pv->hint = oscap_strdup(hint);
# 112| pv->value = oscap_strdup(value);
# 113| return pv;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_possible_restriction_new’
openscap-1.4.3/src/OVAL/oval_variable.c:163:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘pr’
# 161| struct oval_variable_possible_restriction *pr;
# 162| pr = malloc(sizeof(oval_variable_possible_restriction_t));
# 163|-> pr->operator = operator;
# 164| pr->hint = oscap_strdup(hint);
# 165| pr->restrictions = oval_collection_new();
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_restriction’
openscap-1.4.3/src/OVAL/oval_variable.c:187:60: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_variable_possible_restriction_new(*<unknown>.operator, *<unknown>.hint)’
openscap-1.4.3/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_restriction’
# 185| struct oval_variable_restriction_iterator *oval_variable_possible_restriction_get_restrictions2(struct oval_variable_possible_restriction *possible_restriction)
# 186| {
# 187|-> return (struct oval_variable_restriction_iterator*)oval_collection_iterator(possible_restriction->restrictions);
# 188| }
# 189|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_restriction_new’
openscap-1.4.3/src/OVAL/oval_variable.c:230:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘r’
# 228| struct oval_variable_restriction *r;
# 229| r = malloc(sizeof(oval_variable_restriction_t));
# 230|-> r->operation = operation;
# 231| r->value = oscap_strdup(value);
# 232| return r;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_set_comment’
openscap-1.4.3/src/OVAL/oval_variable.c:822:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘variable’
# 820| __attribute__nonnull__(variable);
# 821|
# 822|-> if (variable->comment != NULL)
# 823| free(variable->comment);
# 824| variable->comment = oscap_strdup(comm);
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/oval_variable.c:857:21: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_variable_possible_value_new(*<unknown>.hint, *<unknown>.value)’
openscap-1.4.3/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_value’
openscap-1.4.3/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_value’
# 855| void oval_variable_add_possible_value(struct oval_variable *variable, struct oval_variable_possible_value *pv)
# 856| {
# 857|-> if (variable->type == OVAL_VARIABLE_EXTERNAL) {
# 858| oval_variable_EXTERNAL_t *var = (oval_variable_EXTERNAL_t *) variable;
# 859| oval_collection_add(var->possible_values, pv);
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_value’
openscap-1.4.3/src/OVAL/oval_variable.c:857:21: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_variable_possible_value_new(xmlTextReaderGetAttribute(reader, "hint"), xmlTextReaderValue(reader))’
openscap-1.4.3/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_value’
openscap-1.4.3/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_value’
# 855| void oval_variable_add_possible_value(struct oval_variable *variable, struct oval_variable_possible_value *pv)
# 856| {
# 857|-> if (variable->type == OVAL_VARIABLE_EXTERNAL) {
# 858| oval_variable_EXTERNAL_t *var = (oval_variable_EXTERNAL_t *) variable;
# 859| oval_collection_add(var->possible_values, pv);
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/oval_variable.c:861:1: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openscap-1.4.3/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_value’
openscap-1.4.3/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_value’
# 859| oval_collection_add(var->possible_values, pv);
# 860| }
# 861|-> }
# 862|
# 863| void oval_variable_add_possible_restriction(struct oval_variable *variable, struct oval_variable_possible_restriction *pr)
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_restriction’
openscap-1.4.3/src/OVAL/oval_variable.c:869:1: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openscap-1.4.3/src/OVAL/oval_variable.c: scope_hint: In function ‘oval_variable_add_possible_restriction’
# 867| oval_collection_add(var->possible_restrictions, pr);
# 868| }
# 869|-> }
# 870|
# 871| void oval_variable_clear_values(struct oval_variable *variable)
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_variableBinding.c: scope_hint: In function ‘oval_variable_binding_set_variable’
openscap-1.4.3/src/OVAL/oval_variableBinding.c:96:27: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘binding’
# 94| __attribute__nonnull__(binding);
# 95|
# 96|-> binding->variable = variable;
# 97| }
# 98|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/oval_variableBinding.c: scope_hint: In function ‘oval_variable_binding_add_value’
openscap-1.4.3/src/OVAL/oval_variableBinding.c:104:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘binding’
openscap-1.4.3/src/OVAL/oval_variableBinding.c: scope_hint: In function ‘oval_variable_binding_add_value’
# 102| __attribute__nonnull__(value);
# 103|
# 104|-> oval_collection_add(binding->values, value);
# 105| }
# 106|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/generic/bitmap.c: scope_hint: In function ‘bitmap_new’
openscap-1.4.3/src/OVAL/probes/SEAP/generic/bitmap.c:47:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘bitmap’
# 45|
# 46| bitmap_t *bitmap = malloc(sizeof(bitmap_t));
# 47|-> bitmap->size = (size / BITMAP_CELLSIZE) + 1;
# 48| bitmap->realsize = 0;
# 49| bitmap->cells = NULL;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/generic/spb.c: scope_hint: In function ‘spb_new’
openscap-1.4.3/src/OVAL/probes/SEAP/generic/spb.c:40:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘spb’
# 38| spb_t *spb = malloc(sizeof(spb_t));
# 39|
# 40|-> spb->balloc = (balloc == 0 ? SPB_DEFAULT_BALLOC : balloc);
# 41| spb->buffer = malloc(sizeof(spb_item_t) * spb->balloc);
# 42| spb->bflags = 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/generic/spb.c:46:37: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc((long unsigned int)<unknown> * 16)’
# 44| if (buffer != NULL && buflen > 0) {
# 45| spb->btotal = 1;
# 46|-> spb->buffer[0].base = buffer;
# 47| spb->buffer[0].gend = (spb_size_t)(buflen - 1);
# 48| } else {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/generic/strbuf.c:90:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘blk’
openscap-1.4.3/src/OVAL/probes/SEAP/generic/strbuf.c: scope_hint: In function ‘__strbuf_add’
# 88|
# 89| blk = malloc (sizeof (struct strblk *) + sizeof (size_t) + (sizeof (char) * len));
# 90|-> blk->next = NULL;
# 91| blk->size = 0;
# 92|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/SEAP/generic/strto.c: scope_hint: In function ‘strto_int64’
openscap-1.4.3/src/OVAL/probes/SEAP/generic/strto.c:81:14: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘null_str’ where non-null expected
/usr/include/features.h:540: included_from: Included from here.
/usr/include/sys/types.h:25: included_from: Included from here.
openscap-1.4.3/compat/compat.h:62: included_from: Included from here.
openscap-1.4.3/redhat-linux-build/config.h:143: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/generic/strto.c:24: included_from: Included from here.
/usr/include/stdlib.h:238:22: note: argument 1 of ‘strtoll’ must be non-null
# 79| memcpy(null_str, str, len);
# 80| errno = 0;
# 81|-> result = strtoll(null_str, endptr, base);
# 82| errno_copy = errno;
# 83| free(null_str);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/SEAP/generic/strto.c: scope_hint: In function ‘strto_uint64’
openscap-1.4.3/src/OVAL/probes/SEAP/generic/strto.c:97:14: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘null_str’ where non-null expected
/usr/include/stdlib.h:243:31: note: argument 1 of ‘strtoull’ must be non-null
# 95| memcpy(null_str, str, len);
# 96| errno = 0;
# 97|-> result = strtoull(null_str, endptr, base);
# 98| errno_copy = errno;
# 99| free(null_str);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/SEAP/generic/strto.c: scope_hint: In function ‘strto_double’
openscap-1.4.3/src/OVAL/probes/SEAP/generic/strto.c:113:14: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘null_str’ where non-null expected
openscap-1.4.3/src/OVAL/probes/SEAP/generic/strto.c:28: included_from: Included from here.
/usr/include/stdlib.h:118:15: note: argument 1 of ‘strtod’ must be non-null
# 111| memcpy(null_str, str, len);
# 112| errno = 0;
# 113|-> result = strtod(null_str, endptr);
# 114| errno_copy = errno;
# 115| free(null_str);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/generic/xbase64.c: scope_hint: In function ‘__b64_enc3’
openscap-1.4.3/src/OVAL/probes/SEAP/generic/xbase64.c:236:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 234| #define B(n) (*(in+(n)))
# 235| static inline void __b64_enc3 (const uint8_t in[3], char out[4]) {
# 236|-> out[0] = b64_enc_alphabet[(B(0) & 0xfc) >> 2];
# 237| out[1] = b64_enc_alphabet[(B(0) & 0x03) << 4 | (B(1) & 0xf0) >> 4];
# 238| out[2] = b64_enc_alphabet[(B(1) & 0x0f) << 2 | (B(2) & 0xc0) >> 6];
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/generic/xbase64.c: scope_hint: In function ‘__b64_enc2’
openscap-1.4.3/src/OVAL/probes/SEAP/generic/xbase64.c:244:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 242|
# 243| static inline void __b64_enc2 (const uint8_t in[2], char out[4]) {
# 244|-> out[0] = b64_enc_alphabet[(B(0) & 0xfc) >> 2];
# 245| out[1] = b64_enc_alphabet[(B(0) & 0x03) << 4 | (B(1) & 0xf0) >> 4];
# 246| out[2] = b64_enc_alphabet[(B(1) & 0x0f) << 2];
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/generic/xbase64.c:252:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*buffer’
openscap-1.4.3/src/OVAL/probes/SEAP/generic/xbase64.c: scope_hint: In function ‘base64_encode’
# 250|
# 251| static inline void __b64_enc1 (const uint8_t in, char out[4]) {
# 252|-> out[0] = b64_enc_alphabet[(in & 0xfc) >> 2];
# 253| out[1] = b64_enc_alphabet[(in & 0x03) << 4];
# 254| out[2] = BASE64_PADDING_CHAR;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/generic/xbase64.c: scope_hint: In function ‘__b64_dec4’
openscap-1.4.3/src/OVAL/probes/SEAP/generic/xbase64.c:262:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 260| #define B(n) ((*(in+(n)) - 48) % 75)
# 261| static inline void __b64_dec4 (const char in[4], uint8_t out[3]) {
# 262|-> out[0] = b64_dec_alphabet[B(0)] << 2 | ((b64_dec_alphabet[B(1)] & 0x30) >> 4);
# 263| out[1] = ((b64_dec_alphabet[B(1)] & 0x0f) << 4) | ((b64_dec_alphabet[B(2)] & 0x3c) >> 2);
# 264| out[2] = ((b64_dec_alphabet[B(2)] & 0x03) << 6) | b64_dec_alphabet[B(3)];
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/generic/xbase64.c: scope_hint: In function ‘__b64_dec3’
openscap-1.4.3/src/OVAL/probes/SEAP/generic/xbase64.c:269:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 267|
# 268| static inline void __b64_dec3 (const char in[3], uint8_t out[2]) {
# 269|-> out[0] = b64_dec_alphabet[B(0)] << 2 | ((b64_dec_alphabet[B(1)] & 0x30) >> 4);
# 270| out[1] = ((b64_dec_alphabet[B(1)] & 0x0f) << 4) | ((b64_dec_alphabet[B(2)] & 0x3c) >> 2);
# 271| return;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/generic/xbase64.c: scope_hint: In function ‘__b64_dec2’
openscap-1.4.3/src/OVAL/probes/SEAP/generic/xbase64.c:275:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’
# 273|
# 274| static inline void __b64_dec2 (const char in[2], uint8_t out[1]) {
# 275|-> out[0] = ((b64_dec_alphabet[B(0)] & 0x03) << 6) | b64_dec_alphabet[B(1)];
# 276| return;
# 277| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/generic/xbase64.c: scope_hint: In function ‘base64_encode’
openscap-1.4.3/src/OVAL/probes/SEAP/generic/xbase64.c:301:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*buffer’
# 299| }
# 300|
# 301|-> (*buffer)[(i * 4)] = '\0';
# 302| return (i * 4);
# 303| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/sch_queue.c: scope_hint: In function ‘sch_queue_connect’
openscap-1.4.3/src/OVAL/probes/SEAP/sch_queue.c:42:32: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘data’
# 40| sch_queuedata_t *data = malloc(sizeof(sch_queuedata_t));
# 41|
# 42|-> data->from_probe_queue = oscap_queue_new();
# 43| data->from_probe_cnt = 0;
# 44| pthread_cond_init(&data->from_probe_cond, NULL);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/sch_queue.c:55:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘arg’
# 53|
# 54| struct probe_common_main_argument *arg = malloc(sizeof(struct probe_common_main_argument));
# 55|-> arg->subtype = desc->subtype;
# 56| arg->queuedata = data;
# 57| desc->arg = arg;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/seap-command.c: scope_hint: In function ‘SEAP_cmdrec_new’
openscap-1.4.3/src/OVAL/probes/SEAP/seap-command.c:121:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘r’
# 119| {
# 120| SEAP_cmdrec_t *r = malloc(sizeof(SEAP_cmdrec_t));
# 121|-> r->code = 0;
# 122| r->func = NULL;
# 123| r->arg = NULL;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/seap-command.c: scope_hint: In function ‘SEAP_cmdtbl_new’
openscap-1.4.3/src/OVAL/probes/SEAP/seap-command.c:137:18: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘t’
# 135| SEAP_cmdtbl_t *t = malloc(sizeof(SEAP_cmdtbl_t));
# 136|
# 137|-> t->table = NULL;
# 138| t->maxcnt = 0;
# 139|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/seap-command.c: scope_hint: In function ‘SEAP_cmdjob_new’
openscap-1.4.3/src/OVAL/probes/SEAP/seap-command.c:500:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘j’
# 498| {
# 499| SEAP_cmdjob_t *j = malloc(sizeof(SEAP_cmdjob_t));
# 500|-> j->ctx = NULL;
# 501| j->sd = -1;
# 502|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/seap-descriptor.c: scope_hint: In function ‘SEAP_desctable_new’
openscap-1.4.3/src/OVAL/probes/SEAP/seap-descriptor.c:36:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘t’
# 34| {
# 35| SEAP_desctable_t *t = malloc(sizeof(SEAP_desctable_t));
# 36|-> t->tree = NULL;
# 37| t->bmap = NULL;
# 38|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/seap-descriptor.c: scope_hint: In function ‘SEAP_desc_add’
openscap-1.4.3/src/OVAL/probes/SEAP/seap-descriptor.c:62:33: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘sd_dsc’
# 60| sd_dsc = malloc(sizeof(SEAP_desc_t));
# 61|
# 62|-> sd_dsc->next_id = 0;
# 63| /* sd_dsc->sexpcnt = 0; */
# 64| sd_dsc->scheme = scheme;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/seap-error.c: scope_hint: In function ‘SEAP_error_new’
openscap-1.4.3/src/OVAL/probes/SEAP/seap-error.c:31:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘e’
# 29| SEAP_err_t *e = malloc(sizeof(SEAP_err_t));
# 30|
# 31|-> e->id = 0;
# 32| e->code = 0;
# 33| e->type = 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/seap-message.c: scope_hint: In function ‘SEAP_msg_new’
openscap-1.4.3/src/OVAL/probes/SEAP/seap-message.c:37:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new’
# 35| {
# 36| SEAP_msg_t *new = malloc(sizeof(SEAP_msg_t));
# 37|-> new->id = 0;
# 38| new->attrs = NULL;
# 39| new->attrs_cnt = 0;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/SEAP/seap-message.c: scope_hint: In function ‘SEAP_msg_clone’
openscap-1.4.3/src/OVAL/probes/SEAP/seap-message.c:50:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘new’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 48|
# 49| SEAP_msg_t *new = malloc(sizeof(SEAP_msg_t));
# 50|-> memcpy (new, msg, sizeof (SEAP_msg_t));
# 51|
# 52| new->attrs = malloc(sizeof(SEAP_attr_t) * new->attrs_cnt);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/seap-message.c:55:37: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc((long unsigned int)*new.attrs_cnt * 16)’
# 53|
# 54| for (i = 0; i < new->attrs_cnt; ++i) {
# 55|-> new->attrs[i].name = strdup (msg->attrs[i].name);
# 56| new->attrs[i].value = SEXP_ref (msg->attrs[i].value);
# 57| }
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/SEAP/seap-packet.c: scope_hint: In function ‘SEAP_packet_new’
openscap-1.4.3/src/OVAL/probes/SEAP/seap-packet.c:43:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘p’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memset’ must be non-null
# 41| {
# 42| SEAP_packet_t *p = malloc(sizeof(SEAP_packet_t));
# 43|-> memset (p, 0, sizeof (SEAP_packet_t));
# 44| p->type = SEAP_PACKET_INV;
# 45|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/seap-packet.c: scope_hint: In function ‘SEAP_packet_sexp2msg’
openscap-1.4.3/src/OVAL/probes/SEAP/seap-packet.c:169:63: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*seap_msg.attrs + attr_i * 16’
# 167| SEXP_free (attr_val);
# 168| } else {
# 169|-> seap_msg->attrs[attr_i].name = SEXP_string_subcstr (attr_name, 1, 0);
# 170| seap_msg->attrs[attr_i].value = SEXP_list_nth (sexp_msg, msg_n + 1);
# 171|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/seap-packet.c:196:55: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*seap_msg.attrs + attr_i * 16’
# 194| ++msg_n;
# 195| } else {
# 196|-> seap_msg->attrs[attr_i].name = SEXP_string_cstr (attr_name);
# 197| seap_msg->attrs[attr_i].value = NULL;
# 198|
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/probes/SEAP/seap-packet.c:214:33: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
# 212| } else {
# 213| void *new_attrs = realloc(seap_msg->attrs, sizeof(SEAP_attr_t) * seap_msg->attrs_cnt);
# 214|-> seap_msg->attrs = new_attrs;
# 215| }
# 216|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/seap-packetq.c: scope_hint: In function ‘SEAP_packetq_item_new’
openscap-1.4.3/src/OVAL/probes/SEAP/seap-packetq.c:38:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘i’
# 36| struct SEAP_packetq_item *i = malloc(sizeof(struct SEAP_packetq_item));
# 37|
# 38|-> i->next = NULL;
# 39| i->prev = NULL;
# 40| i->packet = NULL;
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/probes/SEAP/seap-packetq.c: scope_hint: In function ‘SEAP_packetq_put’
openscap-1.4.3/src/OVAL/probes/SEAP/seap-packetq.c:129:22: warning[-Wanalyzer-malloc-leak]: leak of ‘SEAP_packetq_item_new()’
# 127|
# 128| queue->last->next = SEAP_packetq_item_new();
# 129|-> queue->last->next->packet = packet;
# 130| queue->last->next->prev = queue->last;
# 131| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/seap.c: scope_hint: In function ‘SEAP_CTX_initdefault’
openscap-1.4.3/src/OVAL/probes/SEAP/seap.c:56:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ctx’
# 54| _A(ctx != NULL);
# 55|
# 56|-> ctx->fmt_in = SEXP_FMT_CANONICAL;
# 57| ctx->fmt_out = SEXP_FMT_CANONICAL;
# 58|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/SEAP/seap.c: scope_hint: In function ‘SEAP_recvmsg’
openscap-1.4.3/src/OVAL/probes/SEAP/seap.c:372:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘msg’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 370|
# 371| (*seap_msg) = malloc(sizeof(SEAP_msg_t));
# 372|-> memcpy ((*seap_msg), SEAP_packet_msg (packet), sizeof (SEAP_msg_t));
# 373|
# 374| SEAP_packet_free (packet);
Error: COMPILER_WARNING (CWE-457):
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-ID.c:59:23: warning[-Wmaybe-uninitialized]: ‘resbuf’ may be used uninitialized
# 59 | return (resbuf[part]);
# | ^
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-ID.c: scope_hint: In function ‘SEXP_ID_v_callback’
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-ID.c:51:18: note: ‘resbuf’ declared here
# 51 | uint64_t resbuf[2];
# | ^
# 57| MurmurHash3_x86_128(buf, (int)len, (uint32_t)((0x7C0FFEE7 ^ seed) ^ (seed >> 32)), resbuf);
# 58|
# 59|-> return (resbuf[part]);
# 60| }
# 61|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-datatype.c: scope_hint: In function ‘SEXP_datatype_new’
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-datatype.c:156:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘d’
# 154| {
# 155| SEXP_datatype_t *d = malloc(sizeof(SEXP_datatype_t));
# 156|-> d->dt_flg = 0;
# 157|
# 158| return(d);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip.c: scope_hint: In function ‘SEXP_string_cmp’
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip.c:888:13: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip.c:39: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip.c:36: included_from: Included from here.
/usr/include/string.h:163:12: note: argument 1 of ‘strcmp’ must be non-null
# 886| b = SEXP_string_cstr (str_b);
# 887|
# 888|-> c = strcmp (a, b);
# 889|
# 890| free(a);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip.c:888:13: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘SEXP_string_cstr(str_a)’ where non-null expected
/usr/include/string.h:163:12: note: argument 1 of ‘strcmp’ must be non-null
# 886| b = SEXP_string_cstr (str_b);
# 887|
# 888|-> c = strcmp (a, b);
# 889|
# 890| free(a);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip.c:888:13: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘SEXP_string_cstr(str_b)’ where non-null expected
/usr/include/string.h:163:12: note: argument 2 of ‘strcmp’ must be non-null
# 886| b = SEXP_string_cstr (str_b);
# 887|
# 888|-> c = strcmp (a, b);
# 889|
# 890| free(a);
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip.c: scope_hint: In function ‘SEXP_list_pop’
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip.c:993:35: warning[-Wanalyzer-malloc-leak]: leak of ‘SEXP_list_first(list)’
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip.c:44: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/_sexp-value.h:91:50: note: in definition of macro ‘SEXP_LCASTP’
# 991| SEXP_VALIDATE(list);
# 992|
# 993|-> SEXP_val_dsc (&v_dsc, list->s_valp);
# 994|
# 995| if (v_dsc.type != SEXP_VALTYPE_LIST) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip.c: scope_hint: In function ‘SEXP_list_it_new’
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip.c:1341:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘it’
# 1339|
# 1340| SEXP_list_it *it = malloc(sizeof(SEXP_list_it));
# 1341|-> it->block = SEXP_LCASTP(v_dsc.mem)->b_addr;
# 1342| it->index = SEXP_LCASTP(v_dsc.mem)->offset;
# 1343| it->count = it->block != NULL ? it->block->real : 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip.c: scope_hint: In function ‘SEXP_list_it_next’
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip.c:1352:15: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘it’
# 1350| SEXP_t *item;
# 1351|
# 1352|-> if (it->block == NULL)
# 1353| return (NULL);
# 1354|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip.c: scope_hint: In function ‘SEXP_new’
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip.c:1508:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘s_exp’
# 1506| {
# 1507| SEXP_t *s_exp = malloc(sizeof(SEXP_t));
# 1508|-> s_exp->s_type = NULL;
# 1509| s_exp->s_valp = 0;
# 1510|
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip.c: scope_hint: In function ‘SEXP_softref’
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip.c:1595:34: warning[-Wanalyzer-malloc-leak]: leak of ‘SEXP_new()’
# 1593|
# 1594| s_exp_r = SEXP_new ();
# 1595|-> s_exp_r->s_type = s_exp_o->s_type;
# 1596| s_exp_r->s_valp = s_exp_o->s_valp;
# 1597|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip_r.c: scope_hint: In function ‘SEXP_list_new_rv’
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-manip_r.c:329:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sexp_mem’
# 327| SEXP_init(sexp_mem);
# 328| sexp_mem->s_type = NULL;
# 329|-> sexp_mem->s_valp = v_dsc.ptr;
# 330|
# 331| SEXP_VALIDATE(sexp_mem);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-value.c: scope_hint: In function ‘SEXP_val_new’
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-value.c:40:24: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openscap-1.4.3/src/OVAL/probes/SEAP/public/sexp-manip.h:46: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/public/sexp.h:28: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/public/sexp-datatype.h:29: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/_sexp-datatype.h:27: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/_sexp-types.h:31: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/_sexp-value.h:30: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-value.c:31: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-value.c: scope_hint: In function ‘SEXP_val_new’
# 38| SEXP_val_dsc (dst, (uintptr_t) s_val);
# 39|
# 40|-> dst->hdr->refs = 1;
# 41| dst->hdr->size = vmemsize;
# 42| dst->type = type;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-value.c: scope_hint: In function ‘SEXP_rawval_lblk_new’
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-value.c:112:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 110| sizeof(struct SEXP_val_lblk),
# 111| SEXP_LBLK_ALIGN);
# 112|-> lblk->memb = malloc(sizeof(SEXP_t) * (1 << sz));
# 113|
# 114| lblk->nxsz = ((uintptr_t)(NULL) & SEXP_LBLKP_MASK) | ((uintptr_t)sz & SEXP_LBLKS_MASK);
Error: GCC_ANALYZER_WARNING (CWE-835):
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-value.c: scope_hint: In function ‘SEXP_rawval_lblk_copy’
openscap-1.4.3/src/OVAL/probes/SEAP/sexp-value.c:467:28: warning[-Wanalyzer-infinite-loop]: infinite loop
# 465|
# 466| while (lb_old != NULL) {
# 467|-> if ((lb_old->real - off_o) == 0) {
# 468| /*
# 469| * move to the next old block
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/crapi/digest.c: scope_hint: In function ‘crapi_digest_init’
openscap-1.4.3/src/OVAL/probes/crapi/digest.c:220:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ctx’
# 218| int lib_alg = crapi_alg_t_to_lib_arg(alg);
# 219| #if defined(HAVE_NSS3)
# 220|-> ctx->ctx = HASH_Create(lib_alg);
# 221| #elif defined(HAVE_GCRYPT)
# 222| if (gcry_md_open(&ctx->ctx, lib_alg, 0) != 0) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/crapi/digest.c: scope_hint: In function ‘crapi_mdigest_fd’
openscap-1.4.3/src/OVAL/probes/crapi/digest.c:301:29: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ctbl’
# 299| }
# 300| for (i = 0; i < num; ++i)
# 301|-> ctbl[i].ctx = NULL;
# 302|
# 303| va_start(ap, num);
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/probes/fsdev.c: scope_hint: In function ‘__fsdev_init’
openscap-1.4.3/src/OVAL/probes/fsdev.c:239:18: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
# 237| return (NULL);
# 238| }
# 239|-> lfs->ids = new_ids;
# 240| lfs->cnt = i;
# 241|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/independent/filehash58_probe.c: scope_hint: In function ‘filehash58_probe_init’
openscap-1.4.3/src/OVAL/probes/independent/filehash58_probe.c:260:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘filehash58_probe_mutex’ where non-null expected
openscap-1.4.3/src/OVAL/probes/SEAP/seap-descriptor.h:28: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/sch_queue.h:28: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/_seap.h:28: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/independent/filehash58_probe.c:38: included_from: Included from here.
/usr/include/pthread.h:781:12: note: argument 1 of ‘pthread_mutex_init’ must be non-null
# 258| */
# 259| pthread_mutex_t *filehash58_probe_mutex = malloc(sizeof(pthread_mutex_t));
# 260|-> switch (pthread_mutex_init(filehash58_probe_mutex, NULL)) {
# 261| case 0:
# 262| return ((void *)filehash58_probe_mutex);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/independent/system_info_probe.c: scope_hint: In function ‘__sysinfo_saneval’
openscap-1.4.3/src/OVAL/probes/independent/system_info_probe.c:482:20: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘s’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 480| real_length = space_count = i = 0;
# 481|
# 482|-> for (; i < strlen(s); ++i) {
# 483| /* check for space */
# 484| if (isspace(s[i])) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/oval_fts.c: scope_hint: In function ‘OVAL_FTSENT_new’
openscap-1.4.3/src/OVAL/probes/oval_fts.c:96:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ofts_ent’
# 94| OVAL_FTSENT *ofts_ent = calloc(1, sizeof(OVAL_FTSENT));
# 95|
# 96|-> ofts_ent->fts_info = fts_ent->fts_info;
# 97| /* The 'shift' variable stores length of the prefix if the prefix
# 98| * is defined, otherwise it is set to 0. The value of 'shift' gives
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/oval_fts.c: scope_hint: In function ‘oval_fts_read_match_path’
openscap-1.4.3/src/OVAL/probes/oval_fts.c:839:75: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘*<unknown>.fts_statp’
# 837| if (ofts->filesystem == OVAL_RECURSE_FS_DEFINED
# 838| && (fts_ent->fts_info == FTS_D || fts_ent->fts_info == FTS_SL)
# 839|-> && ofts->ofts_recurse_path_devid != fts_ent->fts_statp->st_dev) {
# 840| fts_set(ofts->ofts_recurse_path_fts, fts_ent, FTS_SKIP);
# 841| continue;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/oval_fts.c: scope_hint: In function ‘oval_fts_read_recurse_path’
openscap-1.4.3/src/OVAL/probes/oval_fts.c:1127:91: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘*<unknown>.fts_statp’
# 1125| #endif
# 1126| if (ofts->filesystem == OVAL_RECURSE_FS_DEFINED
# 1127|-> && ofts->ofts_recurse_path_devid != fts_ent->fts_statp->st_dev)
# 1128| break;
# 1129|
Error: GCC_ANALYZER_WARNING (CWE-685):
openscap-1.4.3/src/OVAL/probes/probe-api.c: scope_hint: In function ‘probe_attr_creat’
openscap-1.4.3/src/OVAL/probes/probe-api.c:332:21: warning[-Wanalyzer-va-list-exhausted]: ‘ap’ has no more arguments (1 consumed)
# 330|
# 331| name = va_arg(ap, const char *);
# 332|-> val = va_arg(ap, SEXP_t *);
# 333| }
# 334|
Error: GCC_ANALYZER_WARNING (CWE-404):
openscap-1.4.3/src/OVAL/probes/probe-api.c: scope_hint: In function ‘probe_item_create’
openscap-1.4.3/src/OVAL/probes/probe-api.c:1434:24: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
# 1432| if (subtype_name == NULL) {
# 1433| dE("Invalid/Unknown subtype: %d", (int)item_subtype);
# 1434|-> return (NULL);
# 1435| }
# 1436|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/probe/icache.c: scope_hint: In function ‘icache_add_to_tree’
openscap-1.4.3/src/OVAL/probes/probe/icache.c:158:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘cached’
# 156|
# 157| probe_citem_t *cached = malloc(sizeof(probe_citem_t));
# 158|-> cached->item = malloc(sizeof(SEXP_t *));
# 159| cached->item[0] = pair->p.item;
# 160| cached->count = 1;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/probe/icache.c:159:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(8)’
# 157| probe_citem_t *cached = malloc(sizeof(probe_citem_t));
# 158| cached->item = malloc(sizeof(SEXP_t *));
# 159|-> cached->item[0] = pair->p.item;
# 160| cached->count = 1;
# 161|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/probe/icache.c: scope_hint: In function ‘probe_icache_new’
openscap-1.4.3/src/OVAL/probes/probe/icache.c:315:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘cache’
# 313| {
# 314| probe_icache_t *cache = malloc(sizeof(probe_icache_t));
# 315|-> cache->tree = rbt_i64_new();
# 316|
# 317| if (pthread_mutex_init(&cache->queue_mutex, NULL) != 0) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/probe/input_handler.c: scope_hint: In function ‘probe_input_handler’
openscap-1.4.3/src/OVAL/probes/probe/input_handler.c:161:53: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘pair’
openscap-1.4.3/src/OVAL/probes/probe/input_handler.c:111:17: note: in expansion of macro ‘TH_CANCEL_OFF’
# 159|
# 160| probe_pwpair_t *pair = malloc(sizeof(probe_pwpair_t));
# 161|-> pair->probe = probe;
# 162| pair->pth = probe_worker_new();
# 163| pair->pth->sid = SEAP_msg_id(seap_request);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/probe/ncache.c: scope_hint: In function ‘probe_ncache_new’
openscap-1.4.3/src/OVAL/probes/probe/ncache.c:88:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘cache’
# 86| }
# 87|
# 88|-> cache->name = calloc (PROBE_NCACHE_INIT_SIZE, sizeof (SEXP_t *));
# 89| cache->size = PROBE_NCACHE_INIT_SIZE;
# 90| cache->real = 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/probe/probe_main.c: scope_hint: In function ‘probe_common_main’
openscap-1.4.3/src/OVAL/probes/probe/probe_main.c:234:33: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘probe.option’
# 232| probe.optcnt = PROBE_OPTION_INITCOUNT;
# 233|
# 234|-> probe.option[0].option = PROBEOPT_VARREF_HANDLING;
# 235| probe.option[0].handler = &probe_opthandler_varref;
# 236| probe.option[1].option = PROBEOPT_RESULT_CACHING;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/probe/rcache.c: scope_hint: In function ‘probe_rcache_new’
openscap-1.4.3/src/OVAL/probes/probe/rcache.c:39:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘cache’
# 37|
# 38| cache = malloc(sizeof(probe_rcache_t));
# 39|-> cache->tree = rbt_str_new();
# 40|
# 41| return (cache);
Error: COMPILER_WARNING:
openscap-1.4.3/src/OVAL/probes/probe/worker.c:79:50: warning[-Wuse-after-free]: pointer ‘arg_48(D)’ may be used after ‘free’
# 79 | SEAP_replyerr(pair->probe->SEAP_ctx, pair->probe->sd, pair->pth->msg, -100);
# | ~~~~^~~~~~~
openscap-1.4.3/src/OVAL/probes/probe/worker.c: scope_hint: In function ‘probe_worker_runfn’
openscap-1.4.3/src/OVAL/probes/probe/worker.c:122:17: note: call to ‘free’ here
# 122 | free(pair);
# | ^~~~~~~~~~
# 77| probe_pwpair_t *pair = (probe_pwpair_t *)arg;
# 78| dW("Probe worker thread finished unxpectedly, trying to avoid deadlock now...");
# 79|-> SEAP_replyerr(pair->probe->SEAP_ctx, pair->probe->sd, pair->pth->msg, -100);
# 80| }
# 81|
Error: COMPILER_WARNING:
openscap-1.4.3/src/OVAL/probes/probe/worker.c:79:67: warning[-Wuse-after-free]: pointer ‘arg_48(D)’ may be used after ‘free’
# 79 | SEAP_replyerr(pair->probe->SEAP_ctx, pair->probe->sd, pair->pth->msg, -100);
# | ~~~~^~~~~
openscap-1.4.3/src/OVAL/probes/probe/worker.c: scope_hint: In function ‘probe_worker_runfn’
openscap-1.4.3/src/OVAL/probes/probe/worker.c:122:17: note: call to ‘free’ here
# 122 | free(pair);
# | ^~~~~~~~~~
# 77| probe_pwpair_t *pair = (probe_pwpair_t *)arg;
# 78| dW("Probe worker thread finished unxpectedly, trying to avoid deadlock now...");
# 79|-> SEAP_replyerr(pair->probe->SEAP_ctx, pair->probe->sd, pair->pth->msg, -100);
# 80| }
# 81|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/unix/file_probe.c: scope_hint: In function ‘gr_sexps_init’
openscap-1.4.3/src/OVAL/probes/unix/file_probe.c:98:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘s’
# 96| {
# 97| struct gr_sexps *s = malloc(sizeof(struct gr_sexps));
# 98|-> s->gr_t_reg = SEXP_string_new(STRLEN_PAIR(STR_REGULAR));
# 99| s->gr_t_dir = SEXP_string_new(STRLEN_PAIR(STR_DIRECTORY));
# 100| s->gr_t_lnk = SEXP_string_new(STRLEN_PAIR(STR_SYMLINK));
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/unix/file_probe.c: scope_hint: In function ‘ID_cache_init’
openscap-1.4.3/src/OVAL/probes/unix/file_probe.c:198:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘cache’
# 196| {
# 197| struct ID_cache *cache = malloc(sizeof(struct ID_cache));
# 198|-> cache->max = max;
# 199| cache->tree = rbt_i32_new();
# 200| return cache;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/unix/file_probe.c: scope_hint: In function ‘file_probe_init’
openscap-1.4.3/src/OVAL/probes/unix/file_probe.c:436:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘file_probe_mutex’ where non-null expected
openscap-1.4.3/src/OVAL/probes/SEAP/seap-descriptor.h:28: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/sch_queue.h:28: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/_seap.h:28: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/unix/file_probe.c:37: included_from: Included from here.
/usr/include/pthread.h:781:12: note: argument 1 of ‘pthread_mutex_init’ must be non-null
# 434| */
# 435| pthread_mutex_t *file_probe_mutex = malloc(sizeof(pthread_mutex_t));
# 436|-> switch (pthread_mutex_init (file_probe_mutex, NULL)) {
# 437| case 0:
# 438| return ((void *)file_probe_mutex);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/unix/fileextendedattribute_probe.c: scope_hint: In function ‘fileextendedattribute_probe_init’
openscap-1.4.3/src/OVAL/probes/unix/fileextendedattribute_probe.c:373:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘mutex’ where non-null expected
openscap-1.4.3/src/OVAL/probes/SEAP/seap-descriptor.h:28: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/sch_queue.h:28: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/_seap.h:28: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/unix/fileextendedattribute_probe.c:34: included_from: Included from here.
/usr/include/pthread.h:781:12: note: argument 1 of ‘pthread_mutex_init’ must be non-null
# 371| */
# 372| pthread_mutex_t *mutex = malloc(sizeof(pthread_mutex_t));
# 373|-> switch (pthread_mutex_init(mutex, NULL)) {
# 374| case 0:
# 375| return (void *)mutex;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/unix/linux/fwupdsecattr_probe.c:209:45: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
/usr/include/string.h:166:12: note: argument 1 of ‘strncmp’ must be non-null
# 207| switch (arg_type) {
# 208| case DBUS_TYPE_UINT32:
# 209|-> if(!strncmp(property_name, "HsiResult", strlen("HsiResult"))) {
# 210| _DBusBasicValue hsiresult_value;
# 211| dbus_message_iter_get_basic(&value_variant, &hsiresult_value);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/unix/linux/fwupdsecattr_probe.c: scope_hint: In function ‘get_all_security_attributes’
openscap-1.4.3/src/OVAL/probes/unix/linux/fwupdsecattr_probe.c:209:45: warning[-Wanalyzer-null-argument]: use of NULL ‘appstream_name’ where non-null expected
openscap-1.4.3/src/OVAL/probes/unix/linux/fwupdsecattr_probe.c:47: included_from: Included from here.
/usr/include/string.h:166:12: note: argument 1 of ‘strncmp’ must be non-null
# 207| switch (arg_type) {
# 208| case DBUS_TYPE_UINT32:
# 209|-> if(!strncmp(property_name, "HsiResult", strlen("HsiResult"))) {
# 210| _DBusBasicValue hsiresult_value;
# 211| dbus_message_iter_get_basic(&value_variant, &hsiresult_value);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/unix/linux/fwupdsecattr_probe.c:216:45: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
/usr/include/string.h:166:12: note: argument 1 of ‘strncmp’ must be non-null
# 214| break;
# 215| case DBUS_TYPE_STRING:
# 216|-> if(!strncmp(property_name, "AppstreamId", strlen("AppstreamId"))) {
# 217| free(appstream_name);
# 218| appstream_name = oval_dbus_value_to_string(&value_variant);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/unix/linux/fwupdsecattr_probe.c:216:45: warning[-Wanalyzer-null-argument]: use of NULL ‘appstream_name’ where non-null expected
/usr/include/string.h:166:12: note: argument 1 of ‘strncmp’ must be non-null
# 214| break;
# 215| case DBUS_TYPE_STRING:
# 216|-> if(!strncmp(property_name, "AppstreamId", strlen("AppstreamId"))) {
# 217| free(appstream_name);
# 218| appstream_name = oval_dbus_value_to_string(&value_variant);
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/probes/unix/linux/iflisteners_probe.c: scope_hint: In function ‘collect_process_info’
openscap-1.4.3/src/OVAL/probes/unix/linux/iflisteners_probe.c:297:1: warning[-Wanalyzer-malloc-leak]: leak of ‘node.cmd’
openscap-1.4.3/src/OVAL/probes/unix/linux/iflisteners_probe.c: scope_hint: In function ‘collect_process_info’
# 295| closedir(d);
# 296| return 0;
# 297|-> }
# 298|
# 299| static void report_finding(struct result_info *res, llist *l, probe_ctx *ctx, oval_schema_version_t over)
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/probes/unix/linux/iflisteners_probe.c:470:16: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openscap-1.4.3/src/OVAL/probes/unix/linux/iflisteners_probe.c: scope_hint: In function ‘iflisteners_probe_main’
# 468| SEXP_free(interface_name_ent);
# 469|
# 470|-> return err;
# 471| }
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/probes/unix/linux/iflisteners_probe.c: scope_hint: In function ‘iflisteners_probe_main’
openscap-1.4.3/src/OVAL/probes/unix/linux/iflisteners_probe.c:470:16: warning[-Wanalyzer-malloc-leak]: leak of ‘ll.cur’
openscap-1.4.3/src/OVAL/probes/unix/linux/iflisteners_probe.c: scope_hint: In function ‘iflisteners_probe_main’
# 468| SEXP_free(interface_name_ent);
# 469|
# 470|-> return err;
# 471| }
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c: scope_hint: In function ‘collect_process_info’
openscap-1.4.3/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c:305:1: warning[-Wanalyzer-malloc-leak]: leak of ‘node.cmd’
openscap-1.4.3/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c: scope_hint: In function ‘collect_process_info’
# 303| closedir(d);
# 304| return 0;
# 305|-> }
# 306|
# 307| static int eval_data(const char *type, const char *local_address,
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/unix/linux/rpmverify_probe.c: scope_hint: In function ‘rpmverify_probe_init’
openscap-1.4.3/src/OVAL/probes/unix/linux/rpmverify_probe.c:242:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘g_rpm’
# 240|
# 241| struct rpm_probe_global *g_rpm = malloc(sizeof(struct rpm_probe_global));
# 242|-> g_rpm->rpmts = rpmtsCreate();
# 243|
# 244| pthread_mutex_init(&(g_rpm->mutex), NULL);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/unix/linux/selinuxsecuritycontext_probe.c: scope_hint: In function ‘split_level’
openscap-1.4.3/src/OVAL/probes/unix/linux/selinuxsecuritycontext_probe.c:64:23: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘level’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strchr’ must be non-null
# 62| char *level_split;
# 63|
# 64|-> level_split = strchr(level, ':');
# 65| if (level_split == NULL) {
# 66| *sensitivity = strdup(level);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c: scope_hint: In function ‘property_callback’
openscap-1.4.3/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c:193:21: warning[-Wanalyzer-null-argument]: use of NULL ‘property’ where non-null expected
openscap-1.4.3/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c:38: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/unix/linux/systemdshared.h: scope_hint: In function ‘property_callback’
openscap-1.4.3/src/OVAL/probes/SEAP/public/sexp.h:28: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/public/sexp-datatype.h:29: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/_sexp-datatype.h:27: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/_sexp-types.h:31: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/seap-descriptor.h:33: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/sch_queue.h:28: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/_seap.h:28: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/probe/probe.h:37: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c:35: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/SEAP/public/sexp-manip.h:262:15: note: argument 2 of ‘SEXP_strcmp’ must be non-null
# 191| // a new one for the current property.
# 192| //
# 193|-> if (SEXP_strcmp(vars->se_property, property) == 0) {
# 194| SEXP_t *se_value = SEXP_string_new(value, strlen(value));
# 195| probe_item_ent_add(vars->item, "value", NULL, se_value);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c:193:21: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘property’ where non-null expected
openscap-1.4.3/src/OVAL/probes/unix/linux/systemdshared.h: scope_hint: In function ‘property_callback’
openscap-1.4.3/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c: scope_hint: In function ‘property_callback’
openscap-1.4.3/src/OVAL/probes/SEAP/public/sexp-manip.h:262:15: note: argument 2 of ‘SEXP_strcmp’ must be non-null
# 191| // a new one for the current property.
# 192| //
# 193|-> if (SEXP_strcmp(vars->se_property, property) == 0) {
# 194| SEXP_t *se_value = SEXP_string_new(value, strlen(value));
# 195| probe_item_ent_add(vars->item, "value", NULL, se_value);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c:206:31: warning[-Wanalyzer-null-argument]: use of NULL ‘property’ where non-null expected
openscap-1.4.3/src/OVAL/probes/unix/linux/systemdshared.h: scope_hint: In function ‘property_callback’
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 204| }
# 205|
# 206|-> SEXP_t *se_property = SEXP_string_new(property, strlen(property));
# 207|
# 208| if (probe_entobj_cmp(vars->property_entity, se_property) != OVAL_RESULT_TRUE) {
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c:206:31: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘property’ where non-null expected
openscap-1.4.3/src/OVAL/probes/unix/linux/systemdshared.h: scope_hint: In function ‘property_callback’
openscap-1.4.3/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c: scope_hint: In function ‘property_callback’
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 204| }
# 205|
# 206|-> SEXP_t *se_property = SEXP_string_new(property, strlen(property));
# 207|
# 208| if (probe_entobj_cmp(vars->property_entity, se_property) != OVAL_RESULT_TRUE) {
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c: scope_hint: In function ‘unit_callback’
openscap-1.4.3/src/OVAL/probes/unix/linux/systemdunitproperty_probe.c:225:27: warning[-Wanalyzer-null-argument]: use of NULL ‘unit’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 223| {
# 224| struct unit_callback_vars *vars = (struct unit_callback_vars *)cbarg;
# 225|-> SEXP_t *se_unit = SEXP_string_new(unit, strlen(unit));
# 226|
# 227| if (probe_entobj_cmp(vars->unit_entity, se_unit) != OVAL_RESULT_TRUE) {
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/probes/unix/process58_probe.c: scope_hint: In function ‘get_posix_capability’
openscap-1.4.3/src/OVAL/probes/unix/process58_probe.c:344:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openscap-1.4.3/src/OVAL/probes/unix/process58_probe.c:61: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/unix/process58_probe.c:103: included_from: Included from here.
openscap-1.4.3/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’
openscap-1.4.3/src/common/debug_priv.h:63:17: note: in expansion of macro ‘oscap_dlprintf’
openscap-1.4.3/src/OVAL/probes/unix/process58_probe.c:343:17: note: in expansion of macro ‘dE’
# 342| if (new_ret == NULL) {
# 343| dE("Unable to re-allocate memory for ret");
# 344|-> free(ret);
# 345| ret = NULL;
# 346| goto exit;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/unix/runlevel_probe.c: scope_hint: In function ‘get_runlevel_sysv’
openscap-1.4.3/src/OVAL/probes/unix/runlevel_probe.c:225:47: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘rep_lst’
# 223| }
# 224|
# 225|-> rep_lst->service_name = strdup(service_name);
# 226| rep_lst->runlevel = strdup(runlevel);
# 227| rep_lst->start = start;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/unix/sysctl_probe.c: scope_hint: In function ‘sysctl_probe_main’
openscap-1.4.3/src/OVAL/probes/unix/sysctl_probe.c:179:26: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘mib’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 177| mibstart += strlen(PROC_SYS_DIR)+1;
# 178| mib = strdup(mibpath + mibstart);
# 179|-> miblen = strlen(mib);
# 180|
# 181| while (miblen > 0) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c: scope_hint: In function ‘xiconf_new’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:368:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xiconf’
# 366| {
# 367| xiconf_t *xiconf = malloc(sizeof(xiconf_t));
# 368|-> xiconf->cfile = malloc(sizeof(xiconf_file_t *));
# 369| xiconf->count = 0;
# 370| xiconf->stree = rbt_str_new();
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c: scope_hint: In function ‘xiconf_service_new’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:381:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘service’
# 379| xiconf_service_t *service = malloc(sizeof(xiconf_service_t));
# 380|
# 381|-> service->id = NULL;
# 382| service->type = NULL;
# 383| service->flags = NULL;
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c: scope_hint: In function ‘xiconf_parse’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:493:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xiconf_new()’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:823:25: note: in expansion of macro ‘tmpbuf_free’
# 491| }
# 492|
# 493|-> if ((st.st_mode & S_IFMT) != S_IFREG) {
# 494| dE("Not a regular file: %s", path);
# 495| close (fd);
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c: scope_hint: In function ‘xiconf_getservice’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:493:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xiconf_parse(path, 32)’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:53: included_from: Included from here.
openscap-1.4.3/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’
openscap-1.4.3/src/common/debug_priv.h:62:17: note: in expansion of macro ‘oscap_dlprintf’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:565:17: note: in expansion of macro ‘dW’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:754:49: note: in expansion of macro ‘tmpbuf_free’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:754:49: note: in expansion of macro ‘tmpbuf_free’
# 491| }
# 492|
# 493|-> if ((st.st_mode & S_IFMT) != S_IFREG) {
# 494| dE("Not a regular file: %s", path);
# 495| close (fd);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c: scope_hint: In function ‘xiconf_read’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:509:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘file’
# 507|
# 508| /* initialize items that don't need to have extra memory allocated for them */
# 509|-> file->fd = fd;
# 510| file->inlen = (size_t)st.st_size;
# 511| file->inoff = 0;
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:531:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
# 529| /* Can't read the contents of the file */
# 530| close (fd);
# 531|-> free(file);
# 532| return (NULL);
# 533| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c: scope_hint: In function ‘xiconf_parse’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:617:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*<unknown>.cfile’
# 615|
# 616| xifile->depth = 0;
# 617|-> xiconf->cfile[0] = xifile;
# 618| xiconf->count = 1;
# 619|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:634:34: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘l_pbeg’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strchr’ must be non-null
# 632| /* locate end-of-line & compute the line lenght */
# 633| l_pbeg = xifile->inmem + xifile->inoff;
# 634|-> l_pend = strchr(l_pbeg, '\n');
# 635|
# 636| if (l_pend == NULL) {
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:653:26: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘buffer’ where non-null expected
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
<built-in>: note: argument 1 of ‘__builtin_strchr’ must be non-null
# 651| memcpy (buffer, l_pbeg, l_size);
# 652| buffer[l_size] = ' ';
# 653|-> *strchr(buffer, ' ') = '\0';
# 654|
# 655| /* skip whitespaces before the keyword */
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:653:47: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
# 651| memcpy (buffer, l_pbeg, l_size);
# 652| buffer[l_size] = ' ';
# 653|-> *strchr(buffer, ' ') = '\0';
# 654|
# 655| /* skip whitespaces before the keyword */
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:679:71: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
# 677| }
# 678|
# 679|-> *strchr(buffer + bufidx, ' ') = '\0';
# 680|
# 681| if (xiconf_parse_section (xiconf, xifile, XICONF_SECTION_SERVICE, buffer + bufidx) != 0) {
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c: scope_hint: In function ‘xiconf_parse_section’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:909:32: warning[-Wanalyzer-malloc-leak]: leak of ‘xiconf_service_new()’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
# 907| * Find out the line boundaries.
# 908| */
# 909|-> l_pbeg = xifile->inmem + xifile->inoff;
# 910| l_pend = strchr(l_pbeg, '\n');
# 911|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:41: included_from: Included from here.
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:933:37: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘buffer’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:925:26: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:925:26: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:925:26: note: in expansion of macro ‘tmpbuf_get’
# 931|
# 932| /* skip whitespaces in the line buffer */
# 933|-> while(isspace(buffer[bufidx])) ++bufidx;
# 934|
# 935| /*
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:1152:33: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘st’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:1041:17: note: in expansion of macro ‘tmpbuf_free’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:53: included_from: Included from here.
openscap-1.4.3/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’
openscap-1.4.3/src/common/debug_priv.h:62:17: note: in expansion of macro ‘oscap_dlprintf’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:1045:17: note: in expansion of macro ‘dW’
openscap-1.4.3/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’
openscap-1.4.3/src/common/debug_priv.h:64:17: note: in expansion of macro ‘oscap_dlprintf’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:1149:25: note: in expansion of macro ‘dD’
# 1150|
# 1151| st = malloc(sizeof(xiconf_strans_t));
# 1152|-> st->cnt = 1;
# 1153| st->srv = malloc (sizeof (xiconf_service_t *));
# 1154| st->srv[0] = scur;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:1154:36: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(8)’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:649:34: note: in expansion of macro ‘tmpbuf_get’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:1041:17: note: in expansion of macro ‘tmpbuf_free’
openscap-1.4.3/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’
openscap-1.4.3/src/common/debug_priv.h:62:17: note: in expansion of macro ‘oscap_dlprintf’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:1045:17: note: in expansion of macro ‘dW’
openscap-1.4.3/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’
openscap-1.4.3/src/common/debug_priv.h:64:17: note: in expansion of macro ‘oscap_dlprintf’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:1149:25: note: in expansion of macro ‘dD’
# 1152| st->cnt = 1;
# 1153| st->srv = malloc (sizeof (xiconf_service_t *));
# 1154|-> st->srv[0] = scur;
# 1155|
# 1156| if (rbt_str_add (xiconf->ttree, strdup(st_key), st) != 0) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c: scope_hint: In function ‘xiconf_dump’
openscap-1.4.3/src/OVAL/probes/unix/xinetd_probe.c:1254:18: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘res’
# 1252|
# 1253| xiconf_strans_t *res = malloc(sizeof(xiconf_strans_t));
# 1254|-> res->cnt = rbt_str_size(xiconf->stree);
# 1255| res->srv = malloc(sizeof(xiconf_service_t *) * res->cnt);
# 1256|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/results/oval_cmp_ip_address.c: scope_hint: In function ‘ipv4addr_parse’
openscap-1.4.3/src/OVAL/results/oval_cmp_ip_address.c:213:15: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘s’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strchr’ must be non-null
# 211|
# 212| s = strdup(oval_ipv4_string);
# 213|-> pfx = strchr(s, '/');
# 214| if (pfx) {
# 215| int cnt;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/OVAL/results/oval_cmp_ip_address.c: scope_hint: In function ‘ipv6addr_parse’
openscap-1.4.3/src/OVAL/results/oval_cmp_ip_address.c:253:15: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘s’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strchr’ must be non-null
# 251|
# 252| s = strdup(oval_ipv6_string);
# 253|-> pfx = strchr(s, '/');
# 254| if (pfx) {
# 255| *pfx++ = '\0';
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/results/oval_resultDefinition.c: scope_hint: In function ‘oval_result_definition_set_result’
openscap-1.4.3/src/OVAL/results/oval_resultDefinition.c:199:28: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘definition’
# 197| {
# 198| __attribute__nonnull__(definition);
# 199|-> definition->result = result;
# 200| }
# 201|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/results/oval_resultDefinition.c: scope_hint: In function ‘oval_result_definition_set_instance’
openscap-1.4.3/src/OVAL/results/oval_resultDefinition.c:205:30: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘definition’
# 203| {
# 204| __attribute__nonnull__(definition);
# 205|-> definition->instance = instance;
# 206| // When a new variable_instance is set, we usually want to reset the hint
# 207| definition->variable_instance_hint = instance;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/results/oval_resultDefinition.c: scope_hint: In function ‘oval_result_definition_set_criteria’
openscap-1.4.3/src/OVAL/results/oval_resultDefinition.c:213:23: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘definition’
# 211| {
# 212| __attribute__nonnull__(definition);
# 213|-> if (definition->criteria) {
# 214| if (oval_result_criteria_node_get_type(criteria) == OVAL_NODETYPE_CRITERIA) {
# 215| oval_result_criteria_node_free(definition->criteria);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/results/oval_resultDefinition.c: scope_hint: In function ‘oval_result_definition_add_message.part.0’
openscap-1.4.3/src/OVAL/results/oval_resultDefinition.c:224:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘definition’
# 222| __attribute__nonnull__(definition);
# 223| if (message)
# 224|-> oval_collection_add(definition->messages, message);
# 225| }
# 226|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/results/oval_resultItem.c: scope_hint: In function ‘oval_result_item_set_result’
openscap-1.4.3/src/OVAL/results/oval_resultItem.c:147:22: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘item’
# 145| {
# 146| __attribute__nonnull__(item);
# 147|-> item->result = result;
# 148| }
# 149|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/OVAL/results/oval_resultItem.c: scope_hint: In function ‘oval_result_item_add_message’
openscap-1.4.3/src/OVAL/results/oval_resultItem.c:153:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘item’
# 151| {
# 152| __attribute__nonnull__(item);
# 153|-> oval_collection_add(item->messages, message);
# 154| }
# 155|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/SCE/sce_engine.c: scope_hint: In function ‘sce_check_result_new’
openscap-1.4.3/src/SCE/sce_engine.c:81:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
# 79| {
# 80| struct sce_check_result* ret = malloc(sizeof(struct sce_check_result));
# 81|-> ret->href = NULL;
# 82| ret->basename = NULL;
# 83| ret->std_out = NULL;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/SCE/sce_engine.c: scope_hint: In function ‘sce_session_new’
openscap-1.4.3/src/SCE/sce_engine.c:225:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
# 223| {
# 224| struct sce_session* ret = malloc(sizeof(struct sce_session));
# 225|-> ret->results = oscap_list_new();
# 226|
# 227| return ret;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/SCE/sce_engine.c: scope_hint: In function ‘sce_parameters_new’
openscap-1.4.3/src/SCE/sce_engine.c:281:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
# 279| {
# 280| struct sce_parameters *ret = malloc(sizeof(struct sce_parameters));
# 281|-> ret->xccdf_directory = NULL;
# 282| ret->session = NULL;
# 283|
Error: GCC_ANALYZER_WARNING (CWE-775):
openscap-1.4.3/src/SCE/sce_engine.c: scope_hint: In function ‘sce_engine_eval_rule’
openscap-1.4.3/src/SCE/sce_engine.c:391:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stderr_pipefd[0]’
# 389| "Expected location: '%s'.", href, tmp_href);
# 390| free(tmp_href);
# 391|-> return XCCDF_RESULT_NOT_CHECKED;
# 392| }
# 393|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/SCE/sce_engine.c:415:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘env_values’
# 413| const size_t index_of_first_env_value_not_compiled_in = 10;
# 414|
# 415|-> env_values[0] = "PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin";
# 416|
# 417| env_values[1] = "XCCDF_RESULT_PASS=101";
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/benchmark.c: scope_hint: In function ‘xccdf_plain_text_new_fill’
openscap-1.4.3/src/XCCDF/benchmark.c:891:15: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_plain_text_new()’
openscap-1.4.3/src/XCCDF/benchmark.c: scope_hint: In function ‘xccdf_plain_text_new_fill’
# 889| {
# 890| struct xccdf_plain_text *plain = xccdf_plain_text_new();
# 891|-> plain->id = oscap_strdup(id);
# 892| plain->text = oscap_strdup(text);
# 893| return plain;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/benchmark.c: scope_hint: In function ‘xccdf_plain_text_clone’
openscap-1.4.3/src/XCCDF/benchmark.c:909:15: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘plain’
openscap-1.4.3/src/XCCDF/benchmark.c: scope_hint: In function ‘xccdf_plain_text_clone’
# 907| {
# 908| struct xccdf_plain_text *plain = calloc(1, sizeof(struct xccdf_plain_text));
# 909|-> plain->id = oscap_strdup(pt->id);
# 910| plain->text = oscap_strdup(pt->text);
# 911| return plain;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/item.c:40: included_from: Included from here.
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_get_type’
openscap-1.4.3/src/XCCDF/helpers.h:52:86: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘item’
openscap-1.4.3/src/XCCDF/item.c:918:1: note: in expansion of macro ‘XCCDF_ABSTRACT_GETTER’
openscap-1.4.3/src/XCCDF/item.c:881:1: note: in expansion of macro ‘XCCDF_BENCHGETTER’
openscap-1.4.3/src/XCCDF/helpers.h:31:52: note: in definition of macro ‘XBENCHMARK’
openscap-1.4.3/src/XCCDF/item.c:881:1: note: in expansion of macro ‘XCCDF_BENCHGETTER’
openscap-1.4.3/src/XCCDF/helpers.h:31:52: note: in definition of macro ‘XBENCHMARK’
openscap-1.4.3/src/XCCDF/item.c:881:1: note: in expansion of macro ‘XCCDF_BENCHGETTER’
openscap-1.4.3/src/XCCDF/item.c:918:1: note: in expansion of macro ‘XCCDF_ABSTRACT_GETTER’
openscap-1.4.3/src/XCCDF/item.c:918:1: note: in expansion of macro ‘XCCDF_ABSTRACT_GETTER’
# 50| { return oscap_iterator_new(item->MNAME); }
# 51| #define XCCDF_ABSTRACT_GETTER(RTYPE,TNAME,MNAME,MEMBER) \
# 52|-> RTYPE xccdf_##TNAME##_get_##MNAME(const struct xccdf_##TNAME* item) { return (RTYPE)(XITEM(item)->MEMBER); }
# 53| #define XCCDF_ITERATOR_GETTER(ITYPE,TNAME,MNAME,MEMBER) \
# 54| struct xccdf_##ITYPE##_iterator* xccdf_##TNAME##_get_##MNAME(const struct xccdf_##TNAME* item) \
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_new’
openscap-1.4.3/src/XCCDF/item.c:128:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘item’
# 126|
# 127| item = calloc(1, size);
# 128|-> item->type = type;
# 129| item->item.title = oscap_list_new();
# 130| item->item.description = oscap_list_new();
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_clone’
openscap-1.4.3/src/XCCDF/item.c:151:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_item’
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_clone’
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_clone’
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_clone’
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_clone’
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_clone’
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_clone’
# 149|
# 150| xccdf_item_base_clone(&new_item->item, &(old_item->item));
# 151|-> new_item->type = old_item->type;
# 152|
# 153| switch (new_item->type) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_status_clone’
openscap-1.4.3/src/XCCDF/item.c:217:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_status’
# 215| {
# 216| struct xccdf_status *new_status = calloc(1, sizeof(struct xccdf_status));
# 217|-> new_status->status = old_status->status;
# 218| new_status->date = old_status->date;
# 219| return new_status;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_warning_clone’
openscap-1.4.3/src/XCCDF/item.c:226:27: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_warning’
# 224| {
# 225| struct xccdf_warning *new_warning = calloc(1, sizeof(struct xccdf_warning));
# 226|-> new_warning->text = oscap_text_clone(old_warning->text);
# 227| new_warning->category = old_warning->category;
# 228| return new_warning;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_status_new_fill’
openscap-1.4.3/src/XCCDF/item.c:1006:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
# 1004| return NULL;
# 1005| ret = calloc(1, sizeof(struct xccdf_status));
# 1006|-> if ((ret->status = oscap_string_to_enum(XCCDF_STATUS_MAP, status)) == XCCDF_STATUS_NOT_SPECIFIED) {
# 1007| free(ret);
# 1008| return NULL;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_model_clone’
openscap-1.4.3/src/XCCDF/item.c:1060:27: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_model’
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_model_clone’
# 1058| {
# 1059| struct xccdf_model *new_model = calloc(1, sizeof(struct xccdf_model));
# 1060|-> new_model->system = oscap_strdup(old_model->system);
# 1061|
# 1062| //params maps char * to char * so we will need to oscap_strdup the items.
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_model_new’
openscap-1.4.3/src/XCCDF/item.c:1071:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘model’
# 1069| {
# 1070| struct xccdf_model *model = calloc(1, sizeof(struct xccdf_model));
# 1071|-> model->params = oscap_htable_new();
# 1072| return model;
# 1073| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_warning_new’
openscap-1.4.3/src/XCCDF/item.c:1119:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘w’
# 1117| {
# 1118| struct xccdf_warning *w = calloc(1, sizeof(struct xccdf_warning));
# 1119|-> w->category = XCCDF_WARNING_GENERAL;
# 1120| return w;
# 1121| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_value_instance_clone’
openscap-1.4.3/src/XCCDF/item.c:1217:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
# 1215| {
# 1216| struct xccdf_value_instance * clone = calloc(1, sizeof(struct xccdf_value_instance));
# 1217|-> clone->type = val->type;
# 1218|
# 1219| clone->value = oscap_strdup(val->value);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_identity_clone’
openscap-1.4.3/src/XCCDF/item.c:1248:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_identity_clone’
# 1246| clone->sub.authenticated = identity->sub.authenticated;
# 1247| clone->sub.privileged = identity->sub.privileged;
# 1248|-> clone->name = oscap_strdup(identity->name);
# 1249| return clone;
# 1250| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_target_fact_clone’
openscap-1.4.3/src/XCCDF/item.c:1255:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
# 1253| {
# 1254| struct xccdf_target_fact * clone = calloc(1, sizeof(struct xccdf_target_fact));
# 1255|-> clone->type = tf->type;
# 1256| clone->name = oscap_strdup(tf->name);
# 1257| clone->value = oscap_strdup(tf->value);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_override_clone’
openscap-1.4.3/src/XCCDF/item.c:1264:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
# 1262| {
# 1263| struct xccdf_override * clone = calloc(1, sizeof(struct xccdf_override));
# 1264|-> clone->time = override->time;
# 1265| clone->authority = oscap_strdup(clone->authority);
# 1266| clone->old_result = override->old_result;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_message_clone’
openscap-1.4.3/src/XCCDF/item.c:1275:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_message_clone’
# 1273| {
# 1274| struct xccdf_message * clone = calloc(1, sizeof(struct xccdf_message));
# 1275|-> clone->content = oscap_strdup(message->content);
# 1276| clone->severity = message->severity;
# 1277| return clone;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_instance_clone’
openscap-1.4.3/src/XCCDF/item.c:1283:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_instance_clone’
# 1281| {
# 1282| struct xccdf_instance * clone = calloc(1, sizeof(struct xccdf_instance));
# 1283|-> clone->context = oscap_strdup(instance->context);
# 1284| clone->parent_context = oscap_strdup(instance->parent_context);
# 1285| clone->content = oscap_strdup(instance->content);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’
openscap-1.4.3/src/XCCDF/item.c:1292:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’
# 1290| {
# 1291| struct xccdf_rule_result * clone = calloc(1, sizeof(struct xccdf_rule_result));
# 1292|-> clone->idref = oscap_strdup(result->idref);
# 1293| clone->role = result->role;
# 1294| clone->time = oscap_strdup(result->time);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/item.c: scope_hint: In function ‘xccdf_score_clone’
openscap-1.4.3/src/XCCDF/item.c:1311:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
# 1309| {
# 1310| struct xccdf_score * clone = calloc(1, sizeof(struct xccdf_score));
# 1311|-> clone->maximum = score->maximum;
# 1312| clone->score = score->score;
# 1313| clone->system = oscap_strdup(score->system);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_setvalue_clone’
openscap-1.4.3/src/XCCDF/profile.c:43:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
openscap-1.4.3/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_setvalue_clone’
# 41| {
# 42| struct xccdf_setvalue * clone = calloc(1, sizeof(struct xccdf_setvalue));
# 43|-> clone->item = oscap_strdup(old_value->item);
# 44| clone->value = oscap_strdup(old_value->value);
# 45| return clone;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_setvalue_new_parse’
openscap-1.4.3/src/XCCDF/profile.c:54:18: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘sv’
# 52| return NULL;
# 53| struct xccdf_setvalue *sv = calloc(1, sizeof(struct xccdf_setvalue));
# 54|-> sv->item = oscap_strdup(id);
# 55| sv->value = oscap_element_string_copy(reader);
# 56| return sv;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_refine_value_new’
openscap-1.4.3/src/XCCDF/profile.c:83:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘foo’
# 81| {
# 82| struct xccdf_refine_value *foo = calloc(1, sizeof(struct xccdf_refine_value));
# 83|-> foo->remarks = oscap_list_new();
# 84| return foo;
# 85| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_refine_value_clone’
openscap-1.4.3/src/XCCDF/profile.c:90:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
openscap-1.4.3/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_refine_value_clone’
# 88| {
# 89| struct xccdf_refine_value *clone = calloc(1, sizeof(struct xccdf_refine_value));
# 90|-> clone->item = oscap_strdup(value->item);
# 91| clone->selector = oscap_strdup(value->selector);
# 92| clone->oper = value->oper;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_refine_rule_new’
openscap-1.4.3/src/XCCDF/profile.c:100:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘foo’
# 98| {
# 99| struct xccdf_refine_rule *foo = calloc(1, sizeof(struct xccdf_refine_rule));
# 100|-> foo->role = XCCDF_ROLE_FULL;
# 101| foo->remarks = oscap_list_new();
# 102| return foo;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_refine_rule_clone’
openscap-1.4.3/src/XCCDF/profile.c:108:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
openscap-1.4.3/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_refine_rule_clone’
# 106| {
# 107| struct xccdf_refine_rule * clone = calloc(1, sizeof(struct xccdf_refine_rule));
# 108|-> clone->item = oscap_strdup(rule->item);
# 109| clone->selector = oscap_strdup(rule->selector);
# 110| clone->role = rule->role;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_select_new’
openscap-1.4.3/src/XCCDF/profile.c:125:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘foo’
# 123| {
# 124| struct xccdf_select *foo = calloc(1, sizeof(struct xccdf_select));
# 125|-> foo->remarks = oscap_list_new();
# 126| return foo;
# 127| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_select_clone’
openscap-1.4.3/src/XCCDF/profile.c:132:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’
openscap-1.4.3/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_select_clone’
# 130| {
# 131| struct xccdf_select *clone = calloc(1, sizeof(struct xccdf_select));
# 132|-> clone->item = oscap_strdup(sel->item);
# 133| clone->remarks = oscap_list_clone(sel->remarks, (oscap_clone_func) oscap_text_clone);
# 134| clone->selected = sel->selected;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/profile.c: scope_hint: In function ‘xccdf_profile_clone’
openscap-1.4.3/src/XCCDF/profile.c:211:27: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_profile’
# 209| struct xccdf_item *old = XITEM(old_profile);
# 210| xccdf_item_base_clone(&new_profile->item, &(old->item));
# 211|-> new_profile->type = old->type;
# 212| xccdf_profile_item_clone(&new_profile->sub.profile, &old->sub.profile);
# 213| return XPROFILE(new_profile);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/result.c: scope_hint: In function ‘xccdf_score_new’
openscap-1.4.3/src/XCCDF/result.c:666:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘score’
openscap-1.4.3/src/XCCDF/item.h:29: included_from: Included from here.
openscap-1.4.3/src/XCCDF/result.c:73: included_from: Included from here.
openscap-1.4.3/src/XCCDF/result.c:1387:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’
# 664| {
# 665| struct xccdf_score *score = calloc(1, sizeof(struct xccdf_score));
# 666|-> score->score = NAN;
# 667| score->maximum = XCCDF_SCORE_MAX_DAFAULT;
# 668| return score;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/result.c: scope_hint: In function ‘xccdf_target_identifier_set_xml_node’
openscap-1.4.3/src/XCCDF/result.c:814:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ti’
# 812| bool xccdf_target_identifier_set_xml_node(struct xccdf_target_identifier *ti, void* node)
# 813| {
# 814|-> if (!ti->any_element) {
# 815| free(ti->system);
# 816| free(ti->href);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/result.c: scope_hint: In function ‘xccdf_target_identifier_set_system’
openscap-1.4.3/src/XCCDF/result.c:838:15: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ti’
# 836| bool xccdf_target_identifier_set_system(struct xccdf_target_identifier *ti, const char *newval)
# 837| {
# 838|-> if (ti->any_element) {
# 839| if (ti->element)
# 840| xmlFreeNode(ti->element);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/result.c: scope_hint: In function ‘xccdf_instance_new’
openscap-1.4.3/src/XCCDF/result.c:908:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘inst’
openscap-1.4.3/src/XCCDF/result.c: scope_hint: In function ‘xccdf_instance_new’
# 906| {
# 907| struct xccdf_instance *inst = calloc(1, sizeof(struct xccdf_instance));
# 908|-> inst->context = oscap_strdup(XCCDF_INSTANCE_DEFAULT_CONTEXT);
# 909| return inst;
# 910| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/result.c: scope_hint: In function ‘xccdf_identity_new_parse’
openscap-1.4.3/src/XCCDF/result.c:1353:37: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_identity_new()’
openscap-1.4.3/src/XCCDF/result.c:1348:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’
# 1351| identity->sub.authenticated = xccdf_attribute_get_bool(reader, XCCDFA_AUTHENTICATED);
# 1352| identity->sub.privileged = xccdf_attribute_get_bool(reader, XCCDFA_PRIVILEDGED);
# 1353|-> identity->name = oscap_element_string_copy(reader);
# 1354| return identity;
# 1355| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/result.c: scope_hint: In function ‘xccdf_target_fact_new_parse’
openscap-1.4.3/src/XCCDF/result.c:1362:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_target_fact_new()’
openscap-1.4.3/src/XCCDF/result.c:1359:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’
# 1360|
# 1361| struct xccdf_target_fact *fact = xccdf_target_fact_new();
# 1362|-> fact->type = oscap_string_to_enum(XCCDF_FACT_TYPE_MAP, xccdf_attribute_get(reader, XCCDFA_TYPE));
# 1363| fact->name = xccdf_attribute_copy(reader, XCCDFA_NAME);
# 1364| fact->value = oscap_element_string_copy(reader);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/result.c: scope_hint: In function ‘xccdf_rule_result_new_parse’
openscap-1.4.3/src/XCCDF/result.c:1404:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_rule_result_new()’
openscap-1.4.3/src/XCCDF/result.c:1400:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’
# 1402| struct xccdf_rule_result *rr = xccdf_rule_result_new();
# 1403|
# 1404|-> rr->idref = xccdf_attribute_copy(reader, XCCDFA_IDREF);
# 1405| rr->role = oscap_string_to_enum(XCCDF_ROLE_MAP, xccdf_attribute_get(reader, XCCDFA_ROLE));
# 1406| rr->time = xccdf_attribute_copy(reader, XCCDFA_TIME);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/result.c: scope_hint: In function ‘xccdf_override_new_parse’
openscap-1.4.3/src/XCCDF/result.c:1625:29: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_override_new()’
openscap-1.4.3/src/XCCDF/result.c:1621:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’
# 1623| struct xccdf_override *override = xccdf_override_new();
# 1624|
# 1625|-> override->time = xccdf_attribute_copy(reader, XCCDFA_TIME);
# 1626| override->authority = xccdf_attribute_copy(reader, XCCDFA_AUTHORITY);
# 1627|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/result.c: scope_hint: In function ‘xccdf_message_new_parse’
openscap-1.4.3/src/XCCDF/result.c:1685:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_message_new()’
openscap-1.4.3/src/XCCDF/result.c:1682:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’
# 1683|
# 1684| struct xccdf_message *msg = xccdf_message_new();
# 1685|-> msg->severity = oscap_string_to_enum(XCCDF_LEVEL_MAP, xccdf_attribute_get(reader, XCCDFA_SEVERITY));
# 1686| msg->content = oscap_element_string_copy(reader);
# 1687| return msg;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_default_score’
openscap-1.4.3/src/XCCDF/result_scoring.c:91:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘score’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘xccdf_item_get_default_score’
openscap-1.4.3/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_default_score’
# 89|
# 90| /* Count with this rule */
# 91|-> score->count = 1;
# 92|
# 93| /* If the test result is 'pass', assign the node a score of 100, otherwise assign a score of 0 */
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/result_scoring.c:108:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘score’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘xccdf_item_get_default_score’
openscap-1.4.3/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_default_score’
# 106| /* Init */
# 107| score = malloc(sizeof(struct xccdf_default_score));
# 108|-> score->count = 0;
# 109| score->score = 0.0;
# 110| score->accumulator = 0.0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.3/src/XCCDF/result_scoring.c:192:39: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘score’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.3/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.3/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.3/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’
# 190| /* max possible score = sum of weights*/
# 191| if (unweighted)
# 192|-> score->weight = 1.0;
# 193| else score->weight =
# 194| xccdf_item_get_weight(item);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/result_scoring.c:193:36: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘score’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.3/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.3/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’
# 191| if (unweighted)
# 192| score->weight = 1.0;
# 193|-> else score->weight =
# 194| xccdf_item_get_weight(item);
# 195|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/result_scoring.c:210:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘score’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.3/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’
openscap-1.4.3/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’
# 208| /* Init */
# 209| score = malloc(sizeof(struct xccdf_flat_score));
# 210|-> score->score = 0;
# 211| score->weight = 0.0;
# 212|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_result_calculate_score’
openscap-1.4.3/src/XCCDF/result_scoring.c:257:56: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘xccdf_result_calculate_score’
openscap-1.4.3/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_result_calculate_score’
# 255| if (oscap_streq(score_system, "urn:xccdf:scoring:default")) {
# 256| struct xccdf_default_score * item_score = xccdf_item_get_default_score(benchmark, test_result);
# 257|-> xccdf_score_set_score(score, item_score->score);
# 258| free(item_score);
# 259| } else if (oscap_streq(score_system, "urn:xccdf:scoring:flat")) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/result_scoring.c:261:58: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘xccdf_result_calculate_score’
openscap-1.4.3/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_result_calculate_score’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘xccdf_result_calculate_score’
openscap-1.4.3/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_result_calculate_score’
# 259| } else if (oscap_streq(score_system, "urn:xccdf:scoring:flat")) {
# 260| struct xccdf_flat_score * item_score = xccdf_item_get_flat_score(benchmark, test_result, false);
# 261|-> xccdf_score_set_maximum(score, item_score->weight);
# 262| xccdf_score_set_score(score, item_score->score);
# 263| free(item_score);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_rule_clone’
openscap-1.4.3/src/XCCDF/rule.c:301:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_rule’
# 299| struct xccdf_item *old = XITEM(rule);
# 300| xccdf_item_base_clone(&new_rule->item, &(old->item));
# 301|-> new_rule->type = old->type;
# 302| xccdf_rule_item_clone(&new_rule->sub.rule, &old->sub.rule);
# 303| return XRULE(new_rule);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_rule_parse’
openscap-1.4.3/src/XCCDF/rule.c:339:46: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_profile_note_new()’
openscap-1.4.3/src/XCCDF/item.h:29: included_from: Included from here.
openscap-1.4.3/src/XCCDF/rule.c:33: included_from: Included from here.
openscap-1.4.3/src/XCCDF/rule.c:308:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’
# 337| break;
# 338| struct xccdf_profile_note *note = xccdf_profile_note_new();
# 339|-> note->reftag = oscap_strdup(tag);
# 340| note->text = oscap_text_new_parse(XCCDF_TEXT_PROFNOTE, reader);
# 341| oscap_list_add(rule->sub.rule.profile_notes, note);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_ident_clone’
openscap-1.4.3/src/XCCDF/rule.c:445:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_ident_new()’
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_ident_clone’
# 443| {
# 444| struct xccdf_ident * clone = xccdf_ident_new();
# 445|-> clone->id = oscap_strdup(ident->id);
# 446| clone->system = oscap_strdup(ident->system);
# 447| return clone;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_ident_new_fill’
openscap-1.4.3/src/XCCDF/rule.c:458:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_ident_new()’
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_ident_new_fill’
# 456| {
# 457| struct xccdf_ident *ident = xccdf_ident_new();
# 458|-> ident->id = oscap_strdup(id);
# 459| ident->system = oscap_strdup(sys);
# 460| return ident;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_profile_note_clone’
openscap-1.4.3/src/XCCDF/rule.c:504:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_profile_note_new()’
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_profile_note_clone’
# 502| {
# 503| struct xccdf_profile_note * clone = xccdf_profile_note_new();
# 504|-> clone->reftag = oscap_strdup(note->reftag);
# 505| clone->text = oscap_text_clone(note->text);
# 506| return clone;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_new’
openscap-1.4.3/src/XCCDF/rule.c:523:29: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘check’
# 521| {
# 522| struct xccdf_check *check = calloc(1, sizeof(struct xccdf_check));
# 523|-> check->content_refs = oscap_list_new();
# 524| check->imports = oscap_list_new();
# 525| check->exports = oscap_list_new();
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_clone’
openscap-1.4.3/src/XCCDF/rule.c:535:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_check’
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_clone’
# 533| struct xccdf_check *new_check = calloc(1, sizeof(struct xccdf_check));
# 534|
# 535|-> new_check->id = oscap_strdup(old_check->id);
# 536| new_check->system = oscap_strdup(old_check->system);
# 537| new_check->selector = oscap_strdup(old_check->selector);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_import_clone’
openscap-1.4.3/src/XCCDF/rule.c:554:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_check_import_new()’
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_import_clone’
# 552| {
# 553| struct xccdf_check_import *new_import = xccdf_check_import_new();
# 554|-> new_import->name = oscap_strdup(old_import->name);
# 555| if (old_import->xpath)
# 556| new_import->xpath = oscap_strdup(old_import->xpath);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_export_clone’
openscap-1.4.3/src/XCCDF/rule.c:565:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_check_export_new()’
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_export_clone’
# 563| {
# 564| struct xccdf_check_export *new_export = xccdf_check_export_new();
# 565|-> new_export->name = oscap_strdup(old_export->name);
# 566| new_export->value = oscap_strdup(old_export->value);
# 567| return new_export;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_content_ref_clone’
openscap-1.4.3/src/XCCDF/rule.c:574:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_check_content_ref_new()’
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_content_ref_clone’
# 572| {
# 573| struct xccdf_check_content_ref *new_ref = xccdf_check_content_ref_new();
# 574|-> new_ref->name = oscap_strdup(old_ref->name);
# 575| new_ref->href = oscap_strdup(old_ref->href);
# 576| return new_ref;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_parse’
openscap-1.4.3/src/XCCDF/rule.c:612:43: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_check_content_ref_new()’
# 610| break;
# 611| struct xccdf_check_content_ref *ref = xccdf_check_content_ref_new();
# 612|-> ref->name = xccdf_attribute_copy(reader, XCCDFA_NAME);
# 613| ref->href = oscap_strdup(href);
# 614| oscap_list_add(check->content_refs, ref);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/rule.c:627:43: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_check_import_new()’
# 625| break;
# 626| struct xccdf_check_import *imp = xccdf_check_import_new();
# 627|-> imp->name = oscap_strdup(name);
# 628| if (xpath) // @import-xpath is just optional
# 629| imp->xpath = oscap_strdup(xpath);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/rule.c:639:43: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_check_export_new()’
# 637| break;
# 638| struct xccdf_check_export *exp = xccdf_check_export_new();
# 639|-> exp->name = oscap_strdup(name);
# 640| exp->value = xccdf_attribute_copy(reader, XCCDFA_VALUE_ID);
# 641| oscap_list_add(check->exports, exp);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_fix_clone’
openscap-1.4.3/src/XCCDF/rule.c:783:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_fix’
# 781| struct xccdf_fix *new_fix = calloc(1, sizeof(struct xccdf_fix));
# 782|
# 783|-> new_fix->reboot = old_fix->reboot;
# 784| new_fix->strategy = old_fix->strategy;
# 785| new_fix->disruption = old_fix->disruption;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_fix_parse’
openscap-1.4.3/src/XCCDF/rule.c:801:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_fix_new()’
# 799| {
# 800| struct xccdf_fix *fix = xccdf_fix_new();
# 801|-> fix->id = xccdf_attribute_copy(reader, XCCDFA_ID);
# 802| fix->system = xccdf_attribute_copy(reader, XCCDFA_SYSTEM);
# 803| fix->platform = xccdf_attribute_copy(reader, XCCDFA_PLATFORM);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_fixtext_clone’
openscap-1.4.3/src/XCCDF/rule.c:820:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_fixtext_new()’
# 818| {
# 819| struct xccdf_fixtext * clone = xccdf_fixtext_new();
# 820|-> clone->reboot = fixtext->reboot;
# 821| clone->strategy = fixtext->strategy;
# 822| clone->disruption = fixtext->disruption;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_fixtext_parse’
openscap-1.4.3/src/XCCDF/rule.c:832:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_fixtext_new()’
# 830| {
# 831| struct xccdf_fixtext *fix = xccdf_fixtext_new();
# 832|-> fix->fixref = xccdf_attribute_copy(reader, XCCDFA_FIXREF);
# 833| fix->text = oscap_text_new_parse(XCCDF_TEXT_HTMLSUB, reader);
# 834| fix->reboot = xccdf_attribute_get_bool(reader, XCCDFA_REBOOT);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/tailoring.c: scope_hint: In function ‘xccdf_tailoring_new’
openscap-1.4.3/src/XCCDF/tailoring.c:44:34: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘tailoring’
# 42| tailoring->id = NULL;
# 43|
# 44|-> tailoring->benchmark_ref = NULL;
# 45| tailoring->benchmark_ref_version = NULL;
# 46|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/value.c: scope_hint: In function ‘xccdf_value_clone’
openscap-1.4.3/src/XCCDF/value.c:64:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_value’
# 62| struct xccdf_item *old = XITEM(value);
# 63| xccdf_item_base_clone(&new_value->item, &old->item);
# 64|-> new_value->type = old->type;
# 65| xccdf_value_item_clone(&new_value->sub.value, &XITEM(value)->sub.value);
# 66| return XVALUE(new_value);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/value.c: scope_hint: In function ‘xccdf_value_instance_new’
openscap-1.4.3/src/XCCDF/value.c:390:27: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘inst’
# 388| {
# 389| struct xccdf_value_instance *inst = calloc(1, sizeof(struct xccdf_value_instance));
# 390|-> inst->lower_bound = NAN;
# 391| inst->upper_bound = NAN;
# 392|
Error: GCC_ANALYZER_WARNING (CWE-126):
openscap-1.4.3/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_oval_content_resources_free.part.0’
openscap-1.4.3/src/XCCDF/xccdf_session.c:1004:40: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
openscap-1.4.3/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_oval_content_resources_free.part.0’
openscap-1.4.3/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_oval_content_resources_free.part.0’
openscap-1.4.3/src/XCCDF/xccdf_session.c:1004:40: note: read of 8 bytes from after the end of the region
# 1002| {
# 1003| if (resources) {
# 1004|-> for (int i=0; resources[i]; i++) {
# 1005| free(resources[i]->href);
# 1006| if (resources[i]->source_owned) {
Error: GCC_ANALYZER_WARNING (CWE-126):
openscap-1.4.3/src/XCCDF/xccdf_session.c:1006:38: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
openscap-1.4.3/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_oval_content_resources_free.part.0’
openscap-1.4.3/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_oval_content_resources_free.part.0’
openscap-1.4.3/src/XCCDF/xccdf_session.c:1006:38: note: read of 8 bytes from after the end of the region
# 1004| for (int i=0; resources[i]; i++) {
# 1005| free(resources[i]->href);
# 1006|-> if (resources[i]->source_owned) {
# 1007| oscap_source_free(resources[i]->source);
# 1008| }
Error: GCC_ANALYZER_WARNING (CWE-126):
openscap-1.4.3/src/XCCDF/xccdf_session.c:1009:25: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
openscap-1.4.3/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_oval_content_resources_free.part.0’
openscap-1.4.3/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_oval_content_resources_free.part.0’
openscap-1.4.3/src/XCCDF/xccdf_session.c:1009:25: note: read of 8 bytes from after the end of the region
# 1007| oscap_source_free(resources[i]->source);
# 1008| }
# 1009|-> free(resources[i]);
# 1010| }
# 1011| free(resources);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_xccdf_session_get_oval_from_model’
openscap-1.4.3/src/XCCDF/xccdf_session.c:1059:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘resources’
# 1057|
# 1058| resources = malloc(sizeof(struct oval_content_resource *));
# 1059|-> resources[idx] = NULL;
# 1060|
# 1061| files = xccdf_policy_model_get_systems_and_files(session->xccdf.policy_model);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/xccdf_session.c:1100:46: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*<unknown>’
openscap-1.4.3/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_xccdf_session_get_oval_from_model’
# 1098| if (source != NULL) {
# 1099| resources[idx] = malloc(sizeof(struct oval_content_resource));
# 1100|-> resources[idx]->href = oscap_strdup(oscap_file_entry_get_file(file_entry));
# 1101| resources[idx]->source_owned = source_owned;
# 1102| resources[idx]->source = source;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/xccdf_session.c:1130:70: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(24)’
openscap-1.4.3/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_xccdf_session_get_oval_from_model’
# 1128|
# 1129| resources[idx] = malloc(sizeof(struct oval_content_resource));
# 1130|-> resources[idx]->href = oscap_strdup(printable_path);
# 1131| resources[idx]->source = oscap_source_new_take_memory(data, data_size, printable_path);
# 1132| resources[idx]->source_owned = true;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF_POLICY/check_engine_plugin.c: scope_hint: In function ‘check_engine_plugin_load2’
openscap-1.4.3/src/XCCDF_POLICY/check_engine_plugin.c:60:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’
openscap-1.4.3/src/XCCDF_POLICY/check_engine_plugin.c: scope_hint: In function ‘check_engine_plugin_load2’
# 58| char *full_path = path_prefix ? oscap_sprintf("%s/%s", path_prefix, path) : oscap_strdup(path);
# 59| // NB: valgrind reports a leak on the next line, I have confirmed this to be a false positive
# 60|-> ret->module_handle = dlopen(full_path, RTLD_LAZY);
# 61| free(full_path);
# 62|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy.c: scope_hint: In function ‘xccdf_policy_model_platforms_are_applicable_dict’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy.c:890:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘usr’
# 888|
# 889| struct cpe_check_cb_usr* usr = malloc(sizeof(struct cpe_check_cb_usr));
# 890|-> usr->model = model;
# 891| usr->dict = dict;
# 892| usr->lang_model = NULL;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy.c: scope_hint: In function ‘xccdf_policy_model_platforms_are_applicable_lang_model’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy.c:933:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘usr’
# 931|
# 932| struct cpe_check_cb_usr* usr = malloc(sizeof(struct cpe_check_cb_usr));
# 933|-> usr->model = model;
# 934| usr->dict = NULL;
# 935| usr->lang_model = lang_model;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy.c: scope_hint: In function ‘oscap_file_entry_dup’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy.c:1319:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘oscap_file_entry_new()’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy.c: scope_hint: In function ‘oscap_file_entry_dup’
# 1317|
# 1318| struct oscap_file_entry *ret = oscap_file_entry_new();
# 1319|-> ret->system_name = oscap_strdup(source->system_name);
# 1320| ret->file = oscap_strdup(source->file);
# 1321|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy.c: scope_hint: In function ‘xccdf_check_get_systems_and_files’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy.c:1435:37: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘oscap_file_entry_new()’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy.c: scope_hint: In function ‘xccdf_check_get_systems_and_files’
# 1433|
# 1434| file_entry = (struct oscap_file_entry *) oscap_file_entry_new();
# 1435|-> file_entry->system_name = oscap_strdup(system_name);
# 1436| file_entry->file = oscap_strdup(href);
# 1437|
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy.c: scope_hint: In function ‘xccdf_policy_evaluate’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy.c:2179:53: warning[-Wanalyzer-null-argument]: use of NULL ‘id’ where non-null expected
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy.c: scope_hint: In function ‘xccdf_policy_evaluate’
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 2177| rid_prefix = "OSCAP-Test-";
# 2178| }
# 2179|-> const size_t rid_len = strlen(rid_prefix) + strlen(id) + 1; // + 1 for terminating '\0'
# 2180| char *rid = malloc(rid_len);
# 2181| snprintf(rid, rid_len, "%s%s", rid_prefix, id);
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_write_text_to_fd’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c:106:32: warning[-Wanalyzer-null-argument]: use of NULL ‘text’ where non-null expected
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘_write_text_to_fd’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_write_text_to_fd’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘_write_text_to_fd’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_write_text_to_fd’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_write_text_to_fd’
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 104|
# 105| ssize_t written = 0;
# 106|-> const ssize_t length = strlen(text);
# 107|
# 108| while (written < length) {
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c:106:32: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘text’ where non-null expected
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘_write_text_to_fd’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_write_text_to_fd’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘_write_text_to_fd’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_write_text_to_fd’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_write_text_to_fd’
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 104|
# 105| ssize_t written = 0;
# 106|-> const ssize_t length = strlen(text);
# 107|
# 108| while (written < length) {
Error: GCC_ANALYZER_WARNING (CWE-775):
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c:416:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[0]’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c:26: included_from: Included from here.
# 414| {
# 415| if (rr == NULL) {
# 416|-> return 1;
# 417| }
# 418|
Error: GCC_ANALYZER_WARNING (CWE-775):
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c:416:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[1]’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.3/src/common/util.h: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_xccdf_fix_execute’
openscap-1.4.3/src/XCCDF_POLICY/xccdf_policy_remediate.c: scope_hint: In function ‘_xccdf_fix_execute’
# 414| {
# 415| if (rr == NULL) {
# 416|-> return 1;
# 417| }
# 418|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/elements.c: scope_hint: In function ‘oscap_text_consumer’
openscap-1.4.3/src/common/elements.c:81:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newtext’
# 79| int size = strlen(platform) + strlen(text) + 1;
# 80| char *newtext = (char *) malloc(size * sizeof(char));
# 81|-> *newtext = 0;
# 82| strcat(newtext, platform);
# 83| strcat(newtext, text);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/error.c: scope_hint: In function ‘oscap_err_new’
openscap-1.4.3/src/common/error.c:57:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘err’
# 55| {
# 56| struct oscap_err_t *err = (struct oscap_err_t*)malloc(sizeof(struct oscap_err_t));
# 57|-> err->family = family;
# 58| err->desc = oscap_sprintf("%s [%s:%d]", desc, file, line);
# 59| err->func = func;
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/common/list.c:37:35: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openscap-1.4.3/src/common/list.c: scope_hint: In function ‘oscap_create_lists’
openscap-1.4.3/src/common/list.c: scope_hint: In function ‘oscap_create_lists’
openscap-1.4.3/src/common/list.c: scope_hint: In function ‘oscap_create_lists’
openscap-1.4.3/src/common/list.c: scope_hint: In function ‘oscap_create_lists’
# 35| struct oscap_list *oscap_list_new(void)
# 36| {
# 37|-> struct oscap_list *list = calloc(1, sizeof(struct oscap_list));
# 38| return list;
# 39| }
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/src/common/list.c: scope_hint: In function ‘oscap_create_lists’
openscap-1.4.3/src/common/list.c:48:1: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openscap-1.4.3/src/common/list.c: scope_hint: In function ‘oscap_create_lists’
openscap-1.4.3/src/common/list.c: scope_hint: In function ‘oscap_create_lists’
openscap-1.4.3/src/common/list.c: scope_hint: In function ‘oscap_create_lists’
# 46| *cur = oscap_list_new();
# 47| va_end(ap);
# 48|-> }
# 49|
# 50| bool oscap_list_add(struct oscap_list * list, void *value)
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/list.c: scope_hint: In function ‘oscap_list_add.part.0’
openscap-1.4.3/src/common/list.c:56:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘item’
# 54|
# 55| struct oscap_list_item *item = malloc(sizeof(struct oscap_list_item));
# 56|-> item->next = NULL;
# 57| item->data = value;
# 58| ++list->itemcount;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/list.c:58:15: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘list’
openscap-1.4.3/src/common/list.c: scope_hint: In function ‘oscap_list_add.part.0’
openscap-1.4.3/src/common/list.c: scope_hint: In function ‘oscap_list_add.part.0’
# 56| item->next = NULL;
# 57| item->data = value;
# 58|-> ++list->itemcount;
# 59|
# 60| if (list->last == NULL)
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/list.c: scope_hint: In function ‘oscap_list_prepend’
openscap-1.4.3/src/common/list.c:75:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘item’
# 73|
# 74| struct oscap_list_item *item = malloc(sizeof(struct oscap_list_item));
# 75|-> item->next = NULL;
# 76| item->data = value;
# 77| ++list->itemcount;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/list.c: scope_hint: In function ‘oscap_iterator_new’
openscap-1.4.3/src/common/list.c:263:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘it’
# 261| struct oscap_iterator *it = calloc(1, sizeof(struct oscap_iterator));
# 262| it->cur = NULL;
# 263|-> it->filter = oscap_iterator_no_filter;
# 264| it->list = list;
# 265| return it;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/list.c:264:18: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘it’
openscap-1.4.3/src/common/list.c: scope_hint: In function ‘oscap_iterator_new_filter’
# 262| it->cur = NULL;
# 263| it->filter = oscap_iterator_no_filter;
# 264|-> it->list = list;
# 265| return it;
# 266| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/list.c:399:40: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘p’
openscap-1.4.3/src/common/list.c: scope_hint: In function ‘oscap_htable_add.part.0’
# 397| unsigned h = 0;
# 398| unsigned char *p;
# 399|-> for (p = (unsigned char *)str; *p != '\0'; p++)
# 400| h = (97 * h) + *p;
# 401| return h % htable_size;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/list.c: scope_hint: In function ‘oscap_htable_add.part.0’
openscap-1.4.3/src/common/list.c:489:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘newhtitem’
openscap-1.4.3/src/common/list.c: scope_hint: In function ‘oscap_htable_add.part.0’
# 487| struct oscap_htable_item *newhtitem;
# 488| newhtitem = malloc(sizeof(struct oscap_htable_item));
# 489|-> newhtitem->key = oscap_strdup(key);
# 490| newhtitem->value = item;
# 491| newhtitem->next = htable->table[hashcode];
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/list.c: scope_hint: In function ‘oscap_htable_iterator_new’
openscap-1.4.3/src/common/list.c:582:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘hit’
# 580| {
# 581| struct oscap_htable_iterator *hit = calloc(1, sizeof(struct oscap_htable_iterator));
# 582|-> hit->htable = htable;
# 583| hit->cur = NULL;
# 584| hit->hpos = 0;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/common/oscap_acquire.c: scope_hint: In function ‘oscap_acquire_temp_dir’
openscap-1.4.3/src/common/oscap_acquire.c:119:13: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘strdup("/tmp/oscap.XXXXXX")’ where non-null expected
openscap-1.4.3/src/common/oscap_acquire.c: scope_hint: In function ‘oscap_acquire_temp_dir’
openscap-1.4.3/src/common/oscap_acquire.c:38: included_from: Included from here.
/usr/include/stdlib.h:870:14: note: argument 1 of ‘mkdtemp’ must be non-null
# 117| {
# 118| char *temp_dir = oscap_strdup(TEMP_DIR_TEMPLATE);
# 119|-> if (mkdtemp(temp_dir) == NULL) {
# 120| free(temp_dir);
# 121| oscap_seterr(OSCAP_EFAMILY_GLIBC, "Could not create temp directory " TEMP_DIR_TEMPLATE ". %s", strerror(errno));
Error: COMPILER_WARNING (CWE-9001):
openscap-1.4.3/src/common/oscap_acquire.c: scope_hint: In function ‘oscap_acquire_url_download’
openscap-1.4.3/src/common/oscap_acquire.c:332:15: warning[-Wattribute-warning]: call to ‘Wcurl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument
# 332 | res = curl_easy_setopt(curl, CURLOPT_FAILONERROR, true);
# | ^
# 330|
# 331| /* CURLOPT_FAILONERROR - request failure on HTTP response >= 400 */
# 332|-> res = curl_easy_setopt(curl, CURLOPT_FAILONERROR, true);
# 333| if (res != 0) {
# 334| curl_easy_cleanup(curl);
Error: COMPILER_WARNING (CWE-9001):
openscap-1.4.3/src/common/oscap_acquire.c:360:15: warning[-Wattribute-warning]: call to ‘Wcurl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument
# 360 | res = curl_easy_setopt(curl, CURLOPT_TRANSFER_ENCODING, true);
# | ^
# 358| }
# 359|
# 360|-> res = curl_easy_setopt(curl, CURLOPT_TRANSFER_ENCODING, true);
# 361| if (res != 0) {
# 362| curl_easy_cleanup(curl);
Error: COMPILER_WARNING (CWE-9001):
openscap-1.4.3/src/common/oscap_acquire.c:367:15: warning[-Wattribute-warning]: call to ‘Wcurl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument
# 367 | res = curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, true);
# | ^
# 365| }
# 366|
# 367|-> res = curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, true);
# 368| if (res != 0) {
# 369| curl_easy_cleanup(curl);
Error: COMPILER_WARNING (CWE-9001):
openscap-1.4.3/src/common/oscap_acquire.c:374:15: warning[-Wattribute-warning]: call to ‘Wcurl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument
# 374 | res = curl_easy_setopt(curl, CURLOPT_VERBOSE, true);
# | ^
# 372| }
# 373|
# 374|-> res = curl_easy_setopt(curl, CURLOPT_VERBOSE, true);
# 375| if (res != 0) {
# 376| curl_easy_cleanup(curl);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/oscap_buffer.c: scope_hint: In function ‘oscap_buffer_new’
openscap-1.4.3/src/common/oscap_buffer.c:51:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘s’
# 49| struct oscap_buffer *s;
# 50| s = malloc(sizeof(struct oscap_buffer));
# 51|-> s->data = malloc(INITIAL_CAPACITY);
# 52| s->data[0] = '\0';
# 53| s->length = 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/oscap_buffer.c:52:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(64)’
# 50| s = malloc(sizeof(struct oscap_buffer));
# 51| s->data = malloc(INITIAL_CAPACITY);
# 52|-> s->data[0] = '\0';
# 53| s->length = 0;
# 54| s->capacity = INITIAL_CAPACITY;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/oscap_pcre.c: scope_hint: In function ‘oscap_pcre_compile’
openscap-1.4.3/src/common/oscap_pcre.c:108:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘res’
# 106| int errno;
# 107| PCRE2_SIZE erroffset2;
# 108|-> res->re_ctx = NULL;
# 109| res->re = pcre2_compile_8((PCRE2_SPTR)pattern, PCRE2_ZERO_TERMINATED, _oscap_pcre_opts_to_pcre(options), &errno, &erroffset2, NULL);
# 110| if (res->re == NULL) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/oscap_pcre.c: scope_hint: In function ‘oscap_pcre_get_substrings’
openscap-1.4.3/src/common/oscap_pcre.c:227:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘substrs’
# 225| memcpy(buf, str + ovector[2 * i], len);
# 226| buf[len] = '\0';
# 227|-> substrs[ret] = buf;
# 228| ++ret;
# 229| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/oscap_queue.c: scope_hint: In function ‘oscap_queue_new’
openscap-1.4.3/src/common/oscap_queue.c:46:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘queue’
# 44| {
# 45| struct oscap_queue *queue = malloc(sizeof(struct oscap_queue));
# 46|-> queue->begin = NULL;
# 47| queue->end = NULL;
# 48| return queue;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/oscap_queue.c: scope_hint: In function ‘oscap_queue_add’
openscap-1.4.3/src/common/oscap_queue.c:54:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘temp’
# 52| {
# 53| struct oscap_queue_item *temp = malloc(sizeof(struct oscap_queue_item));
# 54|-> temp->data = data;
# 55| temp->next = NULL;
# 56| if (queue->begin == NULL) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/reference.c: scope_hint: In function ‘oscap_reference_new_parse’
openscap-1.4.3/src/common/reference.c:142:15: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ref’
# 140| xmlNode* ref_node = xmlTextReaderExpand(reader);
# 141|
# 142|-> ref->href = (char*) xmlGetProp(ref_node, BAD_CAST "href");
# 143|
# 144| for (xmlNode* cur = ref_node->children; cur != NULL; cur = cur->next)
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/reference.c: scope_hint: In function ‘oscap_reference_clone’
openscap-1.4.3/src/common/reference.c:189:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘oscap_reference_new()’
# 187| struct oscap_reference *new_ref = oscap_reference_new();
# 188|
# 189|-> new_ref->is_dublincore = ref->is_dublincore;
# 190| DC_ITEM_CLONE(title);
# 191| DC_ITEM_CLONE(creator);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/text.c: scope_hint: In function ‘oscap_text_new_full’
openscap-1.4.3/src/common/text.c:80:18: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘text’
# 78| {
# 79| struct oscap_text *text = calloc(1, sizeof(struct oscap_text));
# 80|-> text->traits = traits;
# 81| text->text = oscap_strdup(string);
# 82| text->lang = oscap_strdup(lang);
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/tsort.c: scope_hint: In function ‘oscap_tsort_context_new’
openscap-1.4.3/src/common/tsort.c:44:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ctx’
# 42| {
# 43| struct oscap_tsort_context *ctx = calloc(1, sizeof(struct oscap_tsort_context));
# 44|-> ctx->visited = oscap_list_new();
# 45| ctx->cur_stack = oscap_list_new();
# 46| ctx->result = oscap_list_new();
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/common/util.c: scope_hint: In function ‘oscap_vsprintf’
openscap-1.4.3/src/common/util.c:167:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘ret’ where non-null expected
openscap-1.4.3/src/common/util.h:29: included_from: Included from here.
openscap-1.4.3/src/common/util.c:37: included_from: Included from here.
/usr/include/stdio.h:383:12: note: argument 1 of ‘vsprintf’ must be non-null
# 165|
# 166| ret = malloc(sizeof(char) * (length + 1));
# 167|-> vsprintf(ret, fmt, args);
# 168| assert(ret[length] == '\0');
# 169|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/util.c: scope_hint: In function ‘oscap_expand_ipv6’
openscap-1.4.3/src/common/util.c:242:54: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘output_it’
# 240| *output_it++ = ':';
# 241|
# 242|-> *output_it++ = '0';
# 243| closed_component = true;
# 244| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/util.c:251:38: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘output_it’
# 249| }
# 250| else {
# 251|-> *output_it++ = *input_it;
# 252| }
# 253|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/util.c:258:38: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘output_it’
# 256| // if this was not the last char of the input add a separator
# 257| if (closed_component && *input_it)
# 258|-> *output_it++ = ':';
# 259| }
# 260|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/util.c:261:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘output_it’
# 259| }
# 260|
# 261|-> *output_it = '\0';
# 262|
# 263| return ret;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/common/util.c: scope_hint: In function ‘oscap_path_startswith’
openscap-1.4.3/src/common/util.c:474:28: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openscap-1.4.3/src/common/util.c: scope_hint: In function ‘oscap_path_startswith’
openscap-1.4.3/src/common/util.c: scope_hint: In function ‘oscap_path_startswith’
# 472| char **prefix_split = oscap_split(prefix_dup, del);
# 473| int i = 0, j = 0;
# 474|-> while (prefix_split[i] && path_split[j]) {
# 475| if (!strcmp(prefix_split[i], "")) {
# 476| ++i;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/common/util.c: scope_hint: In function ‘oscap_concat’
openscap-1.4.3/src/common/util.c:504:9: warning[-Wanalyzer-null-argument]: use of NULL ‘str1’ where non-null expected
openscap-1.4.3/src/common/util.c:30: included_from: Included from here.
/usr/include/string.h:159:14: note: argument 1 of ‘strncat’ must be non-null
# 502| size_t str2_len = strlen(str2);
# 503| str1 = realloc(str1, str1_len + str2_len + 1);
# 504|-> strncat(str1, str2, str2_len);
# 505| return str1;
# 506| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/XCCDF/elements.h:29: included_from: Included from here.
openscap-1.4.3/src/XCCDF/result.c: scope_hint: In function ‘xccdf_override_set_old_result’
openscap-1.4.3/src/common/util.h:225:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘obj’
openscap-1.4.3/src/common/util.h:232:9: note: in expansion of macro ‘OSCAP_SETTER_GENERIC_NODELETE’
openscap-1.4.3/src/common/util.h:259:43: note: in expansion of macro ‘OSCAP_SETTER_SIMPLE’
openscap-1.4.3/src/XCCDF/result.c:700:1: note: in expansion of macro ‘OSCAP_ACCESSOR_SIMPLE’
openscap-1.4.3/src/common/util.h:194:55: note: in definition of macro ‘OSCAP_SETTER_HEADER’
openscap-1.4.3/src/common/util.h:232:9: note: in expansion of macro ‘OSCAP_SETTER_GENERIC_NODELETE’
openscap-1.4.3/src/common/util.h:259:43: note: in expansion of macro ‘OSCAP_SETTER_SIMPLE’
openscap-1.4.3/src/XCCDF/result.c:700:1: note: in expansion of macro ‘OSCAP_ACCESSOR_SIMPLE’
openscap-1.4.3/src/common/util.h:232:9: note: in expansion of macro ‘OSCAP_SETTER_GENERIC_NODELETE’
openscap-1.4.3/src/common/util.h:259:43: note: in expansion of macro ‘OSCAP_SETTER_SIMPLE’
openscap-1.4.3/src/XCCDF/result.c:700:1: note: in expansion of macro ‘OSCAP_ACCESSOR_SIMPLE’
# 223| #define OSCAP_SETTER_GENERIC_NODELETE(SNAME, MTYPE, MNAME, ASSIGNER) \
# 224| OSCAP_SETTER_HEADER(SNAME, MTYPE, MNAME) \
# 225|-> { obj->MNAME = ASSIGNER(newval); return true; }
# 226|
# 227| /**
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/source/bz2.c: scope_hint: In function ‘bz2_fd_open’
openscap-1.4.3/src/source/bz2.c:60:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘b’
# 58| if (f) {
# 59| b = malloc(sizeof(struct bz2_file));
# 60|-> b->f = f;
# 61| b->file = BZ2_bzReadOpen(&bzerror, f, 0, 0, NULL, 0);
# 62| b->eof = false;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/source/bz2.c: scope_hint: In function ‘bz2_mem_open’
openscap-1.4.3/src/source/bz2.c:128:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘b’
# 126| {
# 127| struct bz2_mem *b = calloc(1, sizeof(struct bz2_mem));
# 128|-> b->stream = calloc(1, sizeof(bz_stream));
# 129| // next_in should point at the compressed data
# 130| b->stream->next_in = (char *) buffer;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/source/bz2.c:130:28: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘calloc(1, 80)’
# 128| b->stream = calloc(1, sizeof(bz_stream));
# 129| // next_in should point at the compressed data
# 130|-> b->stream->next_in = (char *) buffer;
# 131| // and avail_in should indicate how many bytes the library may read
# 132| b->stream->avail_in = size;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/source/signature.c: scope_hint: In function ‘oscap_signature_ctx_new’
openscap-1.4.3/src/source/signature.c:57:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ctx’
# 55| {
# 56| struct oscap_signature_ctx *ctx = malloc(sizeof(struct oscap_signature_ctx));
# 57|-> ctx->pubkey_pem = NULL;
# 58| ctx->pubkey_cert_pem = NULL;
# 59| return ctx;
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/src/source/xslt.c: scope_hint: In function ‘apply_xslt_path_internal’
openscap-1.4.3/src/source/xslt.c:129:21: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘strdup(xsltfile)’ where non-null expected
openscap-1.4.3/src/source/xslt.c: scope_hint: In function ‘apply_xslt_path_internal’
openscap-1.4.3/src/source/xslt.c:36: included_from: Included from here.
/usr/include/unistd.h:287:12: note: argument 1 of ‘access’ must be non-null
# 127| if (strstr(xsltfile, "/") == xsltfile) {
# 128| xsltpath = oscap_strdup(xsltfile);
# 129|-> if (access(xsltpath, R_OK)) {
# 130| oscap_seterr(OSCAP_EFAMILY_OSCAP, "XSLT file '%s' not found when trying to transform '%s'",
# 131| xsltfile, oscap_source_readable_origin(source));
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/src/source/xslt.c:172:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘args’
openscap-1.4.3/src/source/xslt.c: scope_hint: In function ‘apply_xslt_path_internal’
# 170|
# 171| for (size_t i = 0; i < argc; i += 2) {
# 172|-> args[i] = (char*) params[i];
# 173| if (params[i+1]) args[i+1] = oscap_sprintf("'%s'", params[i+1]);
# 174| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/tests/API/CPE/name/test_api_cpe_uri.c: scope_hint: In function ‘main’
openscap-1.4.3/tests/API/CPE/name/test_api_cpe_uri.c:140:33: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cpes’
# 138|
# 139| for (i = 0; i < argc - 3; i++)
# 140|-> cpe_name_free(cpes[i]);
# 141| free(cpes);
# 142| cpe_name_free(candidate_cpe);
Error: GCC_ANALYZER_WARNING (CWE-775):
openscap-1.4.3/tests/API/crypt/test_crapi_digest.c: scope_hint: In function ‘main’
openscap-1.4.3/tests/API/crypt/test_crapi_digest.c:105:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(filename, 0)’
# 103| }
# 104|
# 105|-> if (crapi_init (NULL) != 0) {
# 106| fprintf (stderr, "crapi_init() != 0\n");
# 107| abort ();
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/tests/API/crypt/test_crapi_digest.c:122:13: warning[-Wanalyzer-null-argument]: use of NULL ‘comp_sum’ where non-null expected
openscap-1.4.3/tests/API/crypt/test_crapi_digest.c:30: included_from: Included from here.
/usr/include/string.h:163:12: note: argument 2 of ‘strcmp’ must be non-null
# 120| mem2hex (dst, dstlen, comp_sum, comp_sum_len);
# 121|
# 122|-> if (strcmp(orig_sum, comp_sum) != 0) {
# 123| fprintf (stderr, "crapi_digest::%s(%s) != %s (== %s)\n", algorithm_str, filename, orig_sum, comp_sum);
# 124| abort ();
Error: GCC_ANALYZER_WARNING (CWE-775):
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c:44:30: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "rb")’
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c:37:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c:37:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c:43:9: note: in expansion of macro ‘oscap_assert’
# 42|
# 43| oscap_assert(buffer != NULL);
# 44|-> *buffer = malloc(len + 1);
# 45| oscap_assert(*buffer != NULL);
# 46|
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c:44:30: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "rb")’
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c:37:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c:37:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c:43:9: note: in expansion of macro ‘oscap_assert’
# 42|
# 43| oscap_assert(buffer != NULL);
# 44|-> *buffer = malloc(len + 1);
# 45| oscap_assert(*buffer != NULL);
# 46|
Error: COMPILER_WARNING (CWE-252):
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c: scope_hint: In function ‘read_file’
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c:47:9: warning[-Wunused-result]: ignoring return value of ‘fread’ declared with attribute ‘warn_unused_result’
# 47 | fread(*buffer, len, 1, file);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 45| oscap_assert(*buffer != NULL);
# 46|
# 47|-> fread(*buffer, len, 1, file);
# 48| fclose(file);
# 49| return len;
Error: GCC_ANALYZER_WARNING (CWE-775):
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c:32: included_from: Included from here.
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c: scope_hint: In function ‘read_file’
openscap-1.4.3/tests/oscap_assert.h:30:12: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "rb")’
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c:43:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c:37:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c:37:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c:43:9: note: in expansion of macro ‘oscap_assert’
# 28| /* Unlike standard assert() macro this works even if NDEBUG is defined. */
# 29| #define oscap_assert(expr) \
# 30|-> if (!(expr)) { \
# 31| fprintf(stderr, "Assertion failed: %s, file %s, line %d, function %s.", #expr, __FILE__, __LINE__, __PRETTY_FUNCTION__); \
# 32| abort(); \
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/tests/oscap_assert.h:30:12: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "rb")’
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c:43:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c:37:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c:37:9: note: in expansion of macro ‘oscap_assert’
openscap-1.4.3/tests/bz2/test_bz2_memory_source.c:43:9: note: in expansion of macro ‘oscap_assert’
# 28| /* Unlike standard assert() macro this works even if NDEBUG is defined. */
# 29| #define oscap_assert(expr) \
# 30|-> if (!(expr)) { \
# 31| fprintf(stderr, "Assertion failed: %s, file %s, line %d, function %s.", #expr, __FILE__, __LINE__, __PRETTY_FUNCTION__); \
# 32| abort(); \
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/utils/oscap-ds.c: scope_hint: In function ‘getopt_ds’
openscap-1.4.3/utils/oscap-ds.c:157:41: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*action.ds_action’
# 155| }
# 156| action->ds_action = malloc(sizeof(struct ds_action));
# 157|-> action->ds_action->file = argv[3];
# 158| }
# 159| else if (action->module == &DS_RDS_VALIDATE_MODULE) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/utils/oscap-ds.c:165:41: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*action.ds_action’
# 163| }
# 164| action->ds_action = malloc(sizeof(struct ds_action));
# 165|-> action->ds_action->file = argv[optind];
# 166| }
# 167| return true;
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/utils/oscap-ds.c: scope_hint: In function ‘app_ds_rds_create’
openscap-1.4.3/utils/oscap-ds.c:394:38: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘oval_result_files’
# 392| for (i = 0; i < action->ds_action->oval_result_count; ++i)
# 393| {
# 394|-> oval_result_files[i] = action->ds_action->oval_results[i];
# 395|
# 396| if (action->validate)
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/utils/oscap-ds.c:408:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘oval_result_files’
# 406| }
# 407| }
# 408|-> oval_result_files[i] = NULL;
# 409|
# 410| ret = ds_rds_create(action->ds_action->file, action->ds_action->xccdf_result,
Error: GCC_ANALYZER_WARNING (CWE-688):
openscap-1.4.3/utils/oscap-tool.c: scope_hint: In function ‘oscap_parse_common_opts’
openscap-1.4.3/utils/oscap-tool.c:257:21: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘argv’ where non-null expected
openscap-1.4.3/utils/oscap-tool.c: scope_hint: In function ‘oscap_parse_common_opts’
/usr/include/getopt.h:36: included_from: Included from here.
openscap-1.4.3/utils/oscap-tool.h:32: included_from: Included from here.
openscap-1.4.3/utils/oscap-tool.c:27: included_from: Included from here.
/usr/include/bits/getopt_ext.h:66:12: note: argument 2 of ‘getopt_long’ must be non-null
# 255| int r;
# 256| opterr = 0;
# 257|-> while ((r = getopt_long(argc, argv, "+h", opts, NULL)) != -1) {
# 258| switch (r) {
# 259| case 0:
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/utils/oscap-tool.c: scope_hint: In function ‘getopt_parse_env’
openscap-1.4.3/utils/oscap-tool.c:305:20: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openscap-1.4.3/utils/oscap-tool.c: scope_hint: In function ‘getopt_parse_env’
# 303| eargc++;
# 304| void *new_eargv = realloc(eargv, eargc * sizeof(char *));
# 305|-> if (new_eargv == NULL)
# 306| goto exit;
# 307| eargv = new_eargv;
Error: GCC_ANALYZER_WARNING (CWE-401):
openscap-1.4.3/utils/oscap-tool.c:328:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openscap-1.4.3/utils/oscap-tool.c: scope_hint: In function ‘getopt_parse_env’
# 326| exit:
# 327| free(opts);
# 328|-> free(eargv);
# 329| }
# 330|
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/utils/oscap-xccdf.c: scope_hint: In function ‘getopt_xccdf’
openscap-1.4.3/utils/oscap-xccdf.c:1392:46: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*action.f_ovals’
# 1390| int i = 1;
# 1391| while (argc > (optind+i)) {
# 1392|-> action->f_ovals[i-1] = argv[optind + i];
# 1393| i++;
# 1394| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openscap-1.4.3/utils/oscap-xccdf.c:1395:42: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*action.f_ovals’
# 1393| i++;
# 1394| }
# 1395|-> action->f_ovals[i-1] = NULL;
# 1396| } else {
# 1397| action->f_ovals = NULL;