Newly introduced findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-476): [#def1]
openscap-1.4.4/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_xccdf_session_get_oval_from_model’
openscap-1.4.4/src/XCCDF/xccdf_session.c:1059:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘resources’
# 1057|   
# 1058|   	resources = malloc(sizeof(struct oval_content_resource *));
# 1059|-> 	resources[idx] = NULL;
# 1060|   
# 1061|   	files = xccdf_policy_model_get_systems_and_files(session->xccdf.policy_model);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def2]
openscap-1.4.4/src/XCCDF/xccdf_session.c:1100:46: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*<unknown>’
openscap-1.4.4/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_xccdf_session_get_oval_from_model’
# 1098|   		if (source != NULL) {
# 1099|   			resources[idx] = malloc(sizeof(struct oval_content_resource));
# 1100|-> 			resources[idx]->href = oscap_strdup(oscap_file_entry_get_file(file_entry));
# 1101|   			resources[idx]->source_owned = source_owned;
# 1102|   			resources[idx]->source = source;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def3]
openscap-1.4.4/src/XCCDF/xccdf_session.c:1130:70: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(24)’
openscap-1.4.4/src/XCCDF/xccdf_session.c: scope_hint: In function ‘_xccdf_session_get_oval_from_model’
# 1128|   
# 1129|   						resources[idx] = malloc(sizeof(struct oval_content_resource));
# 1130|-> 						resources[idx]->href = oscap_strdup(printable_path);
# 1131|   						resources[idx]->source = oscap_source_new_take_memory(data, data_size, printable_path);
# 1132|   						resources[idx]->source_owned = true;

Scan Properties

analyzer-version-clippy	1.92.0
analyzer-version-cppcheck	2.18.3
analyzer-version-gcc	15.2.1
analyzer-version-gcc-analyzer	15.2.1
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.92.0
diffbase-analyzer-version-cppcheck	2.18.3
diffbase-analyzer-version-gcc	15.2.1
diffbase-analyzer-version-gcc-analyzer	15.2.1
diffbase-analyzer-version-shellcheck	0.11.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-85.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	openscap-1.4.4-0.20251205154128683266.main.5.gdd3157225
diffbase-store-results-to	/tmp/tmptbl1mhi_/openscap-1.4.4-0.20251205154128683266.main.5.gdd3157225.tar.xz
diffbase-time-created	2025-12-17 20:57:35
diffbase-time-finished	2025-12-17 21:04:59
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'cppcheck,unicontrol,gcc,shellcheck,clippy' '-o' '/tmp/tmptbl1mhi_/openscap-1.4.4-0.20251205154128683266.main.5.gdd3157225.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmptbl1mhi_/openscap-1.4.4-0.20251205154128683266.main.5.gdd3157225.src.rpm'
diffbase-tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-85.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	openscap-1.4.4-0.20251217204352268956.pr2287.6.gccb2a32b0
store-results-to	/tmp/tmp0jgprz0o/openscap-1.4.4-0.20251217204352268956.pr2287.6.gccb2a32b0.tar.xz
time-created	2025-12-17 21:05:29
time-finished	2025-12-17 21:11:29
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'cppcheck,unicontrol,gcc,shellcheck,clippy' '-o' '/tmp/tmp0jgprz0o/openscap-1.4.4-0.20251217204352268956.pr2287.6.gccb2a32b0.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmp0jgprz0o/openscap-1.4.4-0.20251217204352268956.pr2287.6.gccb2a32b0.src.rpm'
tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9