Error: GCC_ANALYZER_WARNING (CWE-401): [#def1] openscap-1.4.4/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_dict_model_new’ openscap-1.4.4/src/CPE/cpedict_priv.c:303:25: warning[-Wanalyzer-malloc-leak]: leak of ‘dict’ # 301| memset(dict, 0, sizeof(struct cpe_dict_model)); # 302| # 303|-> dict->vendors = oscap_list_new(); # 304| dict->items = oscap_list_new(); # 305| Error: GCC_ANALYZER_WARNING (CWE-401): [#def2] openscap-1.4.4/src/CPE/cpedict_priv.c:304:23: warning[-Wanalyzer-malloc-leak]: leak of ‘dict’ # 302| # 303| dict->vendors = oscap_list_new(); # 304|-> dict->items = oscap_list_new(); # 305| # 306| dict->base_version = 2; // default to CPE 2.x Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] openscap-1.4.4/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_item_new’ openscap-1.4.4/src/CPE/cpedict_priv.c:341:23: warning[-Wanalyzer-malloc-leak]: leak of ‘item’ # 339| memset(item, 0, sizeof(struct cpe_item)); # 340| # 341|-> item->notes = oscap_list_new(); # 342| item->references = oscap_list_new(); # 343| item->checks = oscap_list_new(); Error: GCC_ANALYZER_WARNING (CWE-401): [#def4] openscap-1.4.4/src/CPE/cpedict_priv.c:342:28: warning[-Wanalyzer-malloc-leak]: leak of ‘item’ # 340| # 341| item->notes = oscap_list_new(); # 342|-> item->references = oscap_list_new(); # 343| item->checks = oscap_list_new(); # 344| item->titles = oscap_list_new(); Error: GCC_ANALYZER_WARNING (CWE-401): [#def5] openscap-1.4.4/src/CPE/cpedict_priv.c:343:24: warning[-Wanalyzer-malloc-leak]: leak of ‘item’ # 341| item->notes = oscap_list_new(); # 342| item->references = oscap_list_new(); # 343|-> item->checks = oscap_list_new(); # 344| item->titles = oscap_list_new(); # 345| Error: GCC_ANALYZER_WARNING (CWE-401): [#def6] openscap-1.4.4/src/CPE/cpedict_priv.c:344:24: warning[-Wanalyzer-malloc-leak]: leak of ‘item’ # 342| item->references = oscap_list_new(); # 343| item->checks = oscap_list_new(); # 344|-> item->titles = oscap_list_new(); # 345| # 346| return item; Error: GCC_ANALYZER_WARNING (CWE-476): [#def7] openscap-1.4.4/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_notes_new’ openscap-1.4.4/src/CPE/cpedict_priv.c:385:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘notes’ # 383| { # 384| struct cpe_notes *notes = calloc(1, sizeof(struct cpe_notes)); # 385|-> notes->notes = oscap_list_new(); # 386| return notes; # 387| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] openscap-1.4.4/src/CPE/cpedict_priv.c:385:24: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_item_new()’ openscap-1.4.4/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_notes_new’ # 383| { # 384| struct cpe_notes *notes = calloc(1, sizeof(struct cpe_notes)); # 385|-> notes->notes = oscap_list_new(); # 386| return notes; # 387| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def9] openscap-1.4.4/src/CPE/cpedict_priv.c:385:24: warning[-Wanalyzer-malloc-leak]: leak of ‘notes’ # 383| { # 384| struct cpe_notes *notes = calloc(1, sizeof(struct cpe_notes)); # 385|-> notes->notes = oscap_list_new(); # 386| return notes; # 387| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def10] openscap-1.4.4/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_vendor_new’ openscap-1.4.4/src/CPE/cpedict_priv.c:418:24: warning[-Wanalyzer-malloc-leak]: leak of ‘item’ # 416| # 417| item->value = NULL; # 418|-> item->titles = oscap_list_new(); # 419| item->products = oscap_list_new(); # 420| Error: GCC_ANALYZER_WARNING (CWE-401): [#def11] openscap-1.4.4/src/CPE/cpedict_priv.c:419:26: warning[-Wanalyzer-malloc-leak]: leak of ‘item’ # 417| item->value = NULL; # 418| item->titles = oscap_list_new(); # 419|-> item->products = oscap_list_new(); # 420| # 421| return item; Error: GCC_ANALYZER_WARNING (CWE-401): [#def12] openscap-1.4.4/src/CPE/cpedict_priv.c:434:26: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_vendor_new()’ # 432| memset(item, 0, sizeof(struct cpe_product)); # 433| # 434|-> item->versions = oscap_list_new(); # 435| item->value = NULL; # 436| Error: GCC_ANALYZER_WARNING (CWE-401): [#def13] openscap-1.4.4/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_product_new’ openscap-1.4.4/src/CPE/cpedict_priv.c:434:26: warning[-Wanalyzer-malloc-leak]: leak of ‘item’ # 432| memset(item, 0, sizeof(struct cpe_product)); # 433| # 434|-> item->versions = oscap_list_new(); # 435| item->value = NULL; # 436| Error: GCC_ANALYZER_WARNING (CWE-401): [#def14] openscap-1.4.4/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_version_new’ openscap-1.4.4/src/CPE/cpedict_priv.c:450:25: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_vendor_new()’ # 448| memset(item, 0, sizeof(struct cpe_version)); # 449| # 450|-> item->updates = oscap_list_new(); # 451| item->value = NULL; # 452| Error: GCC_ANALYZER_WARNING (CWE-401): [#def15] openscap-1.4.4/src/CPE/cpedict_priv.c:450:25: warning[-Wanalyzer-malloc-leak]: leak of ‘item’ # 448| memset(item, 0, sizeof(struct cpe_version)); # 449| # 450|-> item->updates = oscap_list_new(); # 451| item->value = NULL; # 452| Error: GCC_ANALYZER_WARNING (CWE-688): [#def16] openscap-1.4.4/src/DS/rds.c: scope_hint: In function ‘ds_rds_create_source’ openscap-1.4.4/src/DS/rds.c:850:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘tailoring_doc_timestamp’ where non-null expected openscap-1.4.4/src/DS/rds.c:44: included_from: Included from here. /usr/include/time.h:108:15: note: argument 1 of ‘strftime’ must be non-null # 848| const size_t max_timestamp_len = 32; # 849| tailoring_doc_timestamp = malloc(max_timestamp_len); # 850|-> strftime(tailoring_doc_timestamp, max_timestamp_len, "%Y-%m-%dT%H:%M:%S", localtime(&file_stat.st_mtime)); # 851| } # 852| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def17] openscap-1.4.4/src/OVAL/probes/SEAP/public/sexp.h:28: included_from: Included from here. openscap-1.4.4/src/OVAL/probes/SEAP/public/sexp-datatype.h:29: included_from: Included from here. openscap-1.4.4/src/OVAL/probes/SEAP/_sexp-datatype.h:27: included_from: Included from here. openscap-1.4.4/src/OVAL/probes/SEAP/_sexp-types.h:31: included_from: Included from here. openscap-1.4.4/src/OVAL/probes/SEAP/seap-descriptor.h:33: included_from: Included from here. openscap-1.4.4/src/OVAL/probes/SEAP/sch_queue.h:28: included_from: Included from here. openscap-1.4.4/src/OVAL/probes/SEAP/_seap.h:28: included_from: Included from here. openscap-1.4.4/src/OVAL/probes/probe/probe.h:37: included_from: Included from here. openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:63: included_from: Included from here. openscap-1.4.4/src/OVAL/probes/SEAP/public/sexp-manip.h:115:26: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:327:44: note: in expansion of macro ‘SEXP_number_geti’ openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:327:44: note: in expansion of macro ‘SEXP_number_geti’ openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:327:44: note: in expansion of macro ‘SEXP_number_geti’ openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:327:44: note: in expansion of macro ‘SEXP_number_geti’ # 113| * The size of the integer may be architecture dependent. # 114| */ # 115|-> #define SEXP_number_geti SEXP_number_geti_32 # 116| # 117| /** Error: GCC_ANALYZER_WARNING (CWE-401): [#def18] openscap-1.4.4/src/OVAL/probes/SEAP/sexp-manip.c: scope_hint: In function ‘SEXP_list_join’ openscap-1.4.4/src/OVAL/probes/SEAP/sexp-manip.c:1255:55: warning[-Wanalyzer-malloc-leak]: leak of ‘SEXP_new()’ # 1253| # 1254| list_j = SEXP_new (); # 1255|-> list_j->s_valp = SEXP_rawval_list_copy (list_a->s_valp); # 1256| # 1257| SEXP_list_foreach (memb, list_b) Error: GCC_ANALYZER_WARNING (CWE-401): [#def19] openscap-1.4.4/src/OVAL/probes/SEAP/sexp-manip.c: scope_hint: In function ‘SEXP_list_it_new’ openscap-1.4.4/src/OVAL/probes/SEAP/sexp-manip.c:1333:34: warning[-Wanalyzer-malloc-leak]: leak of ‘SEXP_list_it_new(a)’ # 1331| } # 1332| # 1333|-> SEXP_val_dsc(&v_dsc, list->s_valp); # 1334| # 1335| if (v_dsc.type != SEXP_VALTYPE_LIST) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def20] openscap-1.4.4/src/OVAL/probes/SEAP/sexp-manip.c:1333:34: warning[-Wanalyzer-malloc-leak]: leak of ‘SEXP_list_it_new(b)’ # 1331| } # 1332| # 1333|-> SEXP_val_dsc(&v_dsc, list->s_valp); # 1334| # 1335| if (v_dsc.type != SEXP_VALTYPE_LIST) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def21] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:230:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 228| SEXP_t *msg; # 229| msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "xmlXPathEvalExpression() error"); # 230|-> probe_cobj_add_msg(probe_ctx_getresult(pfd->ctx), msg); # 231| SEXP_free(msg); # 232| probe_cobj_set_flag(probe_ctx_getresult(pfd->ctx), SYSCHAR_FLAG_ERROR); Error: GCC_ANALYZER_WARNING (CWE-401): [#def22] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:231:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 229| msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "xmlXPathEvalExpression() error"); # 230| probe_cobj_add_msg(probe_ctx_getresult(pfd->ctx), msg); # 231|-> SEXP_free(msg); # 232| probe_cobj_set_flag(probe_ctx_getresult(pfd->ctx), SYSCHAR_FLAG_ERROR); # 233| Error: GCC_ANALYZER_WARNING (CWE-401): [#def23] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:232:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 230| probe_cobj_add_msg(probe_ctx_getresult(pfd->ctx), msg); # 231| SEXP_free(msg); # 232|-> probe_cobj_set_flag(probe_ctx_getresult(pfd->ctx), SYSCHAR_FLAG_ERROR); # 233| # 234| ret = -3; Error: GCC_ANALYZER_WARNING (CWE-401): [#def24] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:245:16: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 243| } # 244| # 245|-> item = probe_item_create(OVAL_INDEPENDENT_XML_FILE_CONTENT, NULL, # 246| "filepath", OVAL_DATATYPE_STRING, filepath, # 247| "path", OVAL_DATATYPE_STRING, path, Error: GCC_ANALYZER_WARNING (CWE-401): [#def25] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:259:21: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 257| int b; # 258| # 259|-> b = xmlXPathCastToBoolean(xpath_obj); # 260| val = SEXP_number_newb(b); # 261| probe_item_ent_add(item, "value_of", NULL, val); Error: GCC_ANALYZER_WARNING (CWE-401): [#def26] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:260:23: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 258| # 259| b = xmlXPathCastToBoolean(xpath_obj); # 260|-> val = SEXP_number_newb(b); # 261| probe_item_ent_add(item, "value_of", NULL, val); # 262| SEXP_free(val); Error: GCC_ANALYZER_WARNING (CWE-401): [#def27] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:261:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 259| b = xmlXPathCastToBoolean(xpath_obj); # 260| val = SEXP_number_newb(b); # 261|-> probe_item_ent_add(item, "value_of", NULL, val); # 262| SEXP_free(val); # 263| break; Error: GCC_ANALYZER_WARNING (CWE-401): [#def28] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:262:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 260| val = SEXP_number_newb(b); # 261| probe_item_ent_add(item, "value_of", NULL, val); # 262|-> SEXP_free(val); # 263| break; # 264| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def29] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:270:21: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 268| double d; # 269| # 270|-> d = xmlXPathCastToNumber(xpath_obj); # 271| val = SEXP_number_newi_32(d); # 272| probe_item_ent_add(item, "value_of", NULL, val); Error: GCC_ANALYZER_WARNING (CWE-401): [#def30] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:271:23: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 269| # 270| d = xmlXPathCastToNumber(xpath_obj); # 271|-> val = SEXP_number_newi_32(d); # 272| probe_item_ent_add(item, "value_of", NULL, val); # 273| SEXP_free(val); Error: GCC_ANALYZER_WARNING (CWE-401): [#def31] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:272:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 270| d = xmlXPathCastToNumber(xpath_obj); # 271| val = SEXP_number_newi_32(d); # 272|-> probe_item_ent_add(item, "value_of", NULL, val); # 273| SEXP_free(val); # 274| break; Error: GCC_ANALYZER_WARNING (CWE-401): [#def32] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:273:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 271| val = SEXP_number_newi_32(d); # 272| probe_item_ent_add(item, "value_of", NULL, val); # 273|-> SEXP_free(val); # 274| break; # 275| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def33] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:281:30: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 279| char *s; # 280| # 281|-> s = (char *) xmlXPathCastToString(xpath_obj); # 282| val = SEXP_string_newf("%s", s); # 283| xmlFree(s); Error: GCC_ANALYZER_WARNING (CWE-401): [#def34] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:282:23: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 280| # 281| s = (char *) xmlXPathCastToString(xpath_obj); # 282|-> val = SEXP_string_newf("%s", s); # 283| xmlFree(s); # 284| probe_item_ent_add(item, "value_of", NULL, val); Error: GCC_ANALYZER_WARNING (CWE-401): [#def35] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:283:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 281| s = (char *) xmlXPathCastToString(xpath_obj); # 282| val = SEXP_string_newf("%s", s); # 283|-> xmlFree(s); # 284| probe_item_ent_add(item, "value_of", NULL, val); # 285| SEXP_free(val); Error: GCC_ANALYZER_WARNING (CWE-401): [#def36] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:284:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 282| val = SEXP_string_newf("%s", s); # 283| xmlFree(s); # 284|-> probe_item_ent_add(item, "value_of", NULL, val); # 285| SEXP_free(val); # 286| break; Error: GCC_ANALYZER_WARNING (CWE-401): [#def37] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:285:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 283| xmlFree(s); # 284| probe_item_ent_add(item, "value_of", NULL, val); # 285|-> SEXP_free(val); # 286| break; # 287| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def38] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:315:49: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 313| xmlChar *value; # 314| # 315|-> value = xmlNodeGetContent(cur_node); # 316| probe_item_ent_add(item, "value_of", NULL, # 317| r0 = SEXP_string_newf ("%s", (char *) value)); Error: GCC_ANALYZER_WARNING (CWE-401): [#def39] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:316:41: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 314| # 315| value = xmlNodeGetContent(cur_node); # 316|-> probe_item_ent_add(item, "value_of", NULL, # 317| r0 = SEXP_string_newf ("%s", (char *) value)); # 318| xmlFree(value); Error: GCC_ANALYZER_WARNING (CWE-401): [#def40] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:317:65: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 315| value = xmlNodeGetContent(cur_node); # 316| probe_item_ent_add(item, "value_of", NULL, # 317|-> r0 = SEXP_string_newf ("%s", (char *) value)); # 318| xmlFree(value); # 319| SEXP_free (r0); Error: GCC_ANALYZER_WARNING (CWE-401): [#def41] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:318:41: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 316| probe_item_ent_add(item, "value_of", NULL, # 317| r0 = SEXP_string_newf ("%s", (char *) value)); # 318|-> xmlFree(value); # 319| SEXP_free (r0); # 320| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def42] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:319:41: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 317| r0 = SEXP_string_newf ("%s", (char *) value)); # 318| xmlFree(value); # 319|-> SEXP_free (r0); # 320| } # 321| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def43] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:326:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 324| } # 325| default: # 326|-> probe_item_setstatus(item, SYSCHAR_STATUS_DOES_NOT_EXIST); # 327| break; # 328| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def44] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:330:9: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 328| } # 329| # 330|-> probe_item_collect(pfd->ctx, item); # 331| item = NULL; # 332| cleanup: Error: GCC_ANALYZER_WARNING (CWE-401): [#def45] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:334:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 332| cleanup: # 333| if (item != NULL) # 334|-> SEXP_free(item); # 335| if (xpath_obj != NULL) # 336| xmlXPathFreeObject(xpath_obj); Error: GCC_ANALYZER_WARNING (CWE-401): [#def46] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:336:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 334| SEXP_free(item); # 335| if (xpath_obj != NULL) # 336|-> xmlXPathFreeObject(xpath_obj); # 337| if (xpath_ctx != NULL) # 338| xmlXPathFreeContext(xpath_ctx); Error: GCC_ANALYZER_WARNING (CWE-401): [#def47] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:338:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 336| xmlXPathFreeObject(xpath_obj); # 337| if (xpath_ctx != NULL) # 338|-> xmlXPathFreeContext(xpath_ctx); # 339| if (doc != NULL) # 340| xmlFreeDoc(doc); Error: GCC_ANALYZER_WARNING (CWE-401): [#def48] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:340:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 338| xmlXPathFreeContext(xpath_ctx); # 339| if (doc != NULL) # 340|-> xmlFreeDoc(doc); # 341| if (doc_no_ns != NULL) # 342| xmlFreeDoc(doc_no_ns); Error: GCC_ANALYZER_WARNING (CWE-401): [#def49] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:342:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 340| xmlFreeDoc(doc); # 341| if (doc_no_ns != NULL) # 342|-> xmlFreeDoc(doc_no_ns); # 343| if (whole_path != NULL) # 344| free(whole_path); Error: GCC_ANALYZER_WARNING (CWE-401): [#def50] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:324:21: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ # 322| } # 323| # 324|-> mnt_opval = probe_ent_getattrval(mnt_entity, "operation"); # 325| # 326| if (mnt_opval != NULL) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def51] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:328:17: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:327:44: note: in expansion of macro ‘SEXP_number_geti’ # 326| if (mnt_opval != NULL) { # 327| mnt_op = (oval_operation_t)SEXP_number_geti(mnt_opval); # 328|-> SEXP_free(mnt_opval); # 329| } else # 330| mnt_op = OVAL_OPERATION_EQUALS; Error: GCC_ANALYZER_WARNING (CWE-401): [#def52] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:332:22: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ # 330| mnt_op = OVAL_OPERATION_EQUALS; # 331| # 332|-> mnt_entval = probe_ent_getval(mnt_entity); # 333| # 334| if (!SEXP_stringp(mnt_entval)) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def53] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:334:14: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ # 332| mnt_entval = probe_ent_getval(mnt_entity); # 333| # 334|-> if (!SEXP_stringp(mnt_entval)) { # 335| SEXP_free(mnt_entval); # 336| SEXP_free(mnt_entity); Error: GCC_ANALYZER_WARNING (CWE-401): [#def54] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:335:17: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ # 333| # 334| if (!SEXP_stringp(mnt_entval)) { # 335|-> SEXP_free(mnt_entval); # 336| SEXP_free(mnt_entity); # 337| fclose(mnt_fp); Error: GCC_ANALYZER_WARNING (CWE-401): [#def55] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:336:17: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ # 334| if (!SEXP_stringp(mnt_entval)) { # 335| SEXP_free(mnt_entval); # 336|-> SEXP_free(mnt_entity); # 337| fclose(mnt_fp); # 338| return (PROBE_EINVAL); Error: GCC_ANALYZER_WARNING (CWE-401): [#def56] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:341:9: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ # 339| } # 340| # 341|-> SEXP_string_cstr_r(mnt_entval, mnt_path, sizeof mnt_path); # 342| SEXP_free(mnt_entval); # 343| SEXP_free(mnt_entity); Error: GCC_ANALYZER_WARNING (CWE-401): [#def57] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:342:9: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ # 340| # 341| SEXP_string_cstr_r(mnt_entval, mnt_path, sizeof mnt_path); # 342|-> SEXP_free(mnt_entval); # 343| SEXP_free(mnt_entity); # 344| Error: GCC_ANALYZER_WARNING (CWE-401): [#def58] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:343:9: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ # 341| SEXP_string_cstr_r(mnt_entval, mnt_path, sizeof mnt_path); # 342| SEXP_free(mnt_entval); # 343|-> SEXP_free(mnt_entity); # 344| # 345| if (mnt_fp != NULL) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def59] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:355:21: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ # 353| blkid_cache blkcache; # 354| # 355|-> if (blkid_get_cache(&blkcache, NULL) != 0) { # 356| endmntent(mnt_fp); # 357| return (PROBE_EUNKNOWN); Error: GCC_ANALYZER_WARNING (CWE-401): [#def60] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:361:30: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:327:44: note: in expansion of macro ‘SEXP_number_geti’ # 359| #endif # 360| if (mnt_op == OVAL_OPERATION_PATTERN_MATCH) { # 361|-> re = oscap_pcre_compile(mnt_path, OSCAP_PCRE_OPTS_UTF8, &estr, &eoff); # 362| # 363| if (re == NULL) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def61] openscap-1.4.4/src/XCCDF/result_scoring.c:143:54: warning[-Wanalyzer-malloc-leak]: leak of ‘score’ openscap-1.4.4/src/common/util.h: scope_hint: In function ‘xccdf_item_get_default_score’ openscap-1.4.4/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_default_score’ # 141| score->score = score->score / score->accumulator; # 142| /* Default weight */ # 143|-> score->weight_score = score->score * xccdf_item_get_weight(item); # 144| # 145| xccdf_item_iterator_free(child_it); Error: GCC_ANALYZER_WARNING (CWE-401): [#def62] openscap-1.4.4/src/XCCDF/result_scoring.c:145:17: warning[-Wanalyzer-malloc-leak]: leak of ‘score’ openscap-1.4.4/src/common/util.h: scope_hint: In function ‘xccdf_item_get_default_score’ openscap-1.4.4/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_default_score’ # 143| score->weight_score = score->score * xccdf_item_get_weight(item); # 144| # 145|-> xccdf_item_iterator_free(child_it); # 146| } break; # 147| Error: GCC_ANALYZER_WARNING (CWE-401): [#def63] openscap-1.4.4/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/XCCDF/result_scoring.c:166:30: warning[-Wanalyzer-malloc-leak]: leak of ‘score’ openscap-1.4.4/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’ # 164| struct xccdf_item *child; # 165| # 166|-> xccdf_type_t itype = xccdf_item_get_type(item); # 167| # 168| switch (itype) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def64] openscap-1.4.4/src/XCCDF/result_scoring.c:171:39: warning[-Wanalyzer-malloc-leak]: leak of ‘score’ openscap-1.4.4/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’ # 169| case XCCDF_RULE:{ # 170| /* Rule */ # 171|-> const char *rule_id = xccdf_rule_get_id((const struct xccdf_rule *) item); # 172| rule_result = xccdf_result_get_rule_result_by_id(test_result, rule_id); # 173| if (rule_result == NULL) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def65] openscap-1.4.4/src/XCCDF/result_scoring.c:172:31: warning[-Wanalyzer-malloc-leak]: leak of ‘score’ openscap-1.4.4/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’ # 170| /* Rule */ # 171| const char *rule_id = xccdf_rule_get_id((const struct xccdf_rule *) item); # 172|-> rule_result = xccdf_result_get_rule_result_by_id(test_result, rule_id); # 173| if (rule_result == NULL) { # 174| dE("Rule result ID(%s) not fount", rule_id); Error: GCC_ANALYZER_WARNING (CWE-401): [#def66] openscap-1.4.4/src/XCCDF/result_scoring.c:177:21: warning[-Wanalyzer-malloc-leak]: leak of ‘score’ openscap-1.4.4/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’ # 175| return NULL; # 176| } # 177|-> if (xccdf_rule_result_get_role(rule_result) == XCCDF_ROLE_UNSCORED) { # 178| return NULL; # 179| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def67] openscap-1.4.4/src/XCCDF/result_scoring.c:182:22: warning[-Wanalyzer-malloc-leak]: leak of ‘score’ openscap-1.4.4/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’ # 180| # 181| /* Ignore these rules */ # 182|-> if ((xccdf_rule_result_get_result(rule_result) == XCCDF_RESULT_NOT_SELECTED) || # 183| (xccdf_rule_result_get_result(rule_result) == XCCDF_RESULT_NOT_APPLICABLE) || # 184| (xccdf_rule_result_get_result(rule_result) == XCCDF_RESULT_INFORMATIONAL) || Error: GCC_ANALYZER_WARNING (CWE-401): [#def68] openscap-1.4.4/src/XCCDF/result_scoring.c:183:34: warning[-Wanalyzer-malloc-leak]: leak of ‘score’ openscap-1.4.4/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/common/util.h: scope_hint: In function ‘xccdf_item_get_flat_score’ openscap-1.4.4/src/XCCDF/result_scoring.c: scope_hint: In function ‘xccdf_item_get_flat_score’ # 181| /* Ignore these rules */ # 182| if ((xccdf_rule_result_get_result(rule_result) == XCCDF_RESULT_NOT_SELECTED) || # 183|-> (xccdf_rule_result_get_result(rule_result) == XCCDF_RESULT_NOT_APPLICABLE) || # 184| (xccdf_rule_result_get_result(rule_result) == XCCDF_RESULT_INFORMATIONAL) || # 185| (xccdf_rule_result_get_result(rule_result) == XCCDF_RESULT_NOT_CHECKED)) Error: GCC_ANALYZER_WARNING (CWE-401): [#def69] openscap-1.4.4/src/XCCDF/result_scoring.c:184:34: warning[-Wanalyzer-malloc-leak]: leak of ‘score’ # 182| if ((xccdf_rule_result_get_result(rule_result) == XCCDF_RESULT_NOT_SELECTED) || # 183| (xccdf_rule_result_get_result(rule_result) == XCCDF_RESULT_NOT_APPLICABLE) || # 184|-> (xccdf_rule_result_get_result(rule_result) == XCCDF_RESULT_INFORMATIONAL) || # 185| (xccdf_rule_result_get_result(rule_result) == XCCDF_RESULT_NOT_CHECKED)) # 186| return NULL; Error: GCC_ANALYZER_WARNING (CWE-401): [#def70] openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_parse’ openscap-1.4.4/src/XCCDF/rule.c:586:21: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_check_new()’ # 584| struct xccdf_check *check = xccdf_check_new(); # 585| # 586|-> check->id = xccdf_attribute_copy(reader, XCCDFA_ID); # 587| check->system = xccdf_attribute_copy(reader, XCCDFA_SYSTEM); # 588| check->selector = xccdf_attribute_copy(reader, XCCDFA_SELECTOR); Error: GCC_ANALYZER_WARNING (CWE-401): [#def71] openscap-1.4.4/src/XCCDF/rule.c:587:25: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_check_new()’ # 585| # 586| check->id = xccdf_attribute_copy(reader, XCCDFA_ID); # 587|-> check->system = xccdf_attribute_copy(reader, XCCDFA_SYSTEM); # 588| check->selector = xccdf_attribute_copy(reader, XCCDFA_SELECTOR); # 589| check->oper = oscap_string_to_enum(XCCDF_BOOLOP_MAP, xccdf_attribute_get(reader, XCCDFA_OPERATOR)); Error: GCC_ANALYZER_WARNING (CWE-401): [#def72] openscap-1.4.4/src/XCCDF/rule.c:588:27: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_check_new()’ # 586| check->id = xccdf_attribute_copy(reader, XCCDFA_ID); # 587| check->system = xccdf_attribute_copy(reader, XCCDFA_SYSTEM); # 588|-> check->selector = xccdf_attribute_copy(reader, XCCDFA_SELECTOR); # 589| check->oper = oscap_string_to_enum(XCCDF_BOOLOP_MAP, xccdf_attribute_get(reader, XCCDFA_OPERATOR)); # 590| if (xccdf_attribute_has(reader, XCCDFA_MULTICHECK) && el != XCCDFE_COMPLEX_CHECK) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def73] openscap-1.4.4/src/XCCDF/rule.c:589:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_check_new()’ # 587| check->system = xccdf_attribute_copy(reader, XCCDFA_SYSTEM); # 588| check->selector = xccdf_attribute_copy(reader, XCCDFA_SELECTOR); # 589|-> check->oper = oscap_string_to_enum(XCCDF_BOOLOP_MAP, xccdf_attribute_get(reader, XCCDFA_OPERATOR)); # 590| if (xccdf_attribute_has(reader, XCCDFA_MULTICHECK) && el != XCCDFE_COMPLEX_CHECK) { # 591| check->flags.def_multicheck = true; Error: GCC_ANALYZER_WARNING (CWE-476): [#def74] openscap-1.4.4/src/XCCDF/rule.c:612:43: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_check_content_ref_new()’ # 610| break; # 611| struct xccdf_check_content_ref *ref = xccdf_check_content_ref_new(); # 612|-> ref->name = xccdf_attribute_copy(reader, XCCDFA_NAME); # 613| ref->href = oscap_strdup(href); # 614| oscap_list_add(check->content_refs, ref); Error: GCC_ANALYZER_WARNING (CWE-401): [#def75] openscap-1.4.4/src/XCCDF/rule.c:612:45: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_check_content_ref_new()’ # 610| break; # 611| struct xccdf_check_content_ref *ref = xccdf_check_content_ref_new(); # 612|-> ref->name = xccdf_attribute_copy(reader, XCCDFA_NAME); # 613| ref->href = oscap_strdup(href); # 614| oscap_list_add(check->content_refs, ref); Error: GCC_ANALYZER_WARNING (CWE-401): [#def76] openscap-1.4.4/src/XCCDF/rule.c:614:33: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_parse’ # 612| ref->name = xccdf_attribute_copy(reader, XCCDFA_NAME); # 613| ref->href = oscap_strdup(href); # 614|-> oscap_list_add(check->content_refs, ref); # 615| break; # 616| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def77] openscap-1.4.4/src/XCCDF/rule.c:614:33: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_check_content_ref_new()’ # 612| ref->name = xccdf_attribute_copy(reader, XCCDFA_NAME); # 613| ref->href = oscap_strdup(href); # 614|-> oscap_list_add(check->content_refs, ref); # 615| break; # 616| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def78] openscap-1.4.4/src/XCCDF/rule.c:627:43: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_check_import_new()’ # 625| break; # 626| struct xccdf_check_import *imp = xccdf_check_import_new(); # 627|-> imp->name = oscap_strdup(name); # 628| if (xpath) // @import-xpath is just optional # 629| imp->xpath = oscap_strdup(xpath); Error: GCC_ANALYZER_WARNING (CWE-401): [#def79] openscap-1.4.4/src/XCCDF/rule.c:630:48: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_parse’ # 628| if (xpath) // @import-xpath is just optional # 629| imp->xpath = oscap_strdup(xpath); # 630|-> imp->content = oscap_element_string_copy(reader); # 631| oscap_list_add(check->imports, imp); # 632| break; Error: GCC_ANALYZER_WARNING (CWE-401): [#def80] openscap-1.4.4/src/XCCDF/rule.c:630:48: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_check_import_new()’ # 628| if (xpath) // @import-xpath is just optional # 629| imp->xpath = oscap_strdup(xpath); # 630|-> imp->content = oscap_element_string_copy(reader); # 631| oscap_list_add(check->imports, imp); # 632| break; Error: GCC_ANALYZER_WARNING (CWE-401): [#def81] openscap-1.4.4/src/XCCDF/rule.c:631:33: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_parse’ # 629| imp->xpath = oscap_strdup(xpath); # 630| imp->content = oscap_element_string_copy(reader); # 631|-> oscap_list_add(check->imports, imp); # 632| break; # 633| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def82] openscap-1.4.4/src/XCCDF/rule.c:631:33: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_check_import_new()’ # 629| imp->xpath = oscap_strdup(xpath); # 630| imp->content = oscap_element_string_copy(reader); # 631|-> oscap_list_add(check->imports, imp); # 632| break; # 633| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def83] openscap-1.4.4/src/XCCDF/rule.c:639:43: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_check_export_new()’ # 637| break; # 638| struct xccdf_check_export *exp = xccdf_check_export_new(); # 639|-> exp->name = oscap_strdup(name); # 640| exp->value = xccdf_attribute_copy(reader, XCCDFA_VALUE_ID); # 641| oscap_list_add(check->exports, exp); Error: GCC_ANALYZER_WARNING (CWE-401): [#def84] openscap-1.4.4/src/XCCDF/rule.c:640:46: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_parse’ # 638| struct xccdf_check_export *exp = xccdf_check_export_new(); # 639| exp->name = oscap_strdup(name); # 640|-> exp->value = xccdf_attribute_copy(reader, XCCDFA_VALUE_ID); # 641| oscap_list_add(check->exports, exp); # 642| break; Error: GCC_ANALYZER_WARNING (CWE-401): [#def85] openscap-1.4.4/src/XCCDF/rule.c:640:46: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_check_export_new()’ # 638| struct xccdf_check_export *exp = xccdf_check_export_new(); # 639| exp->name = oscap_strdup(name); # 640|-> exp->value = xccdf_attribute_copy(reader, XCCDFA_VALUE_ID); # 641| oscap_list_add(check->exports, exp); # 642| break; Error: GCC_ANALYZER_WARNING (CWE-401): [#def86] openscap-1.4.4/src/XCCDF/rule.c:641:33: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_parse’ # 639| exp->name = oscap_strdup(name); # 640| exp->value = xccdf_attribute_copy(reader, XCCDFA_VALUE_ID); # 641|-> oscap_list_add(check->exports, exp); # 642| break; # 643| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def87] openscap-1.4.4/src/XCCDF/rule.c:641:33: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_check_export_new()’ # 639| exp->name = oscap_strdup(name); # 640| exp->value = xccdf_attribute_copy(reader, XCCDFA_VALUE_ID); # 641|-> oscap_list_add(check->exports, exp); # 642| break; # 643| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def88] openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_inject_content_ref’ openscap-1.4.4/src/XCCDF/rule.c:687:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_inject_content_ref’ openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_inject_content_ref’ # 685| if (name != NULL) # 686| xccdf_check_content_ref_set_name(content_clone, name); # 687|-> oscap_list_free(check->content_refs, (oscap_destruct_func) xccdf_check_content_ref_free); # 688| check->content_refs = oscap_list_new(); # 689| return oscap_list_add(check->content_refs, content_clone); Error: GCC_ANALYZER_WARNING (CWE-401): [#def89] openscap-1.4.4/src/XCCDF/rule.c:688:31: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_inject_content_ref’ openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_inject_content_ref’ # 686| xccdf_check_content_ref_set_name(content_clone, name); # 687| oscap_list_free(check->content_refs, (oscap_destruct_func) xccdf_check_content_ref_free); # 688|-> check->content_refs = oscap_list_new(); # 689| return oscap_list_add(check->content_refs, content_clone); # 690| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def90] openscap-1.4.4/src/XCCDF/rule.c:689:16: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_inject_content_ref’ openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_check_inject_content_ref’ # 687| oscap_list_free(check->content_refs, (oscap_destruct_func) xccdf_check_content_ref_free); # 688| check->content_refs = oscap_list_new(); # 689|-> return oscap_list_add(check->content_refs, content_clone); # 690| } # 691| Error: GCC_ANALYZER_WARNING (CWE-476): [#def91] openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_fix_clone’ openscap-1.4.4/src/XCCDF/rule.c:783:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_fix’ # 781| struct xccdf_fix *new_fix = calloc(1, sizeof(struct xccdf_fix)); # 782| # 783|-> new_fix->reboot = old_fix->reboot; # 784| new_fix->strategy = old_fix->strategy; # 785| new_fix->disruption = old_fix->disruption; Error: GCC_ANALYZER_WARNING (CWE-476): [#def92] openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_fix_parse’ openscap-1.4.4/src/XCCDF/rule.c:801:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_fix_new()’ # 799| { # 800| struct xccdf_fix *fix = xccdf_fix_new(); # 801|-> fix->id = xccdf_attribute_copy(reader, XCCDFA_ID); # 802| fix->system = xccdf_attribute_copy(reader, XCCDFA_SYSTEM); # 803| fix->platform = xccdf_attribute_copy(reader, XCCDFA_PLATFORM); Error: GCC_ANALYZER_WARNING (CWE-401): [#def93] openscap-1.4.4/src/XCCDF/rule.c:801:19: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_fix_new()’ # 799| { # 800| struct xccdf_fix *fix = xccdf_fix_new(); # 801|-> fix->id = xccdf_attribute_copy(reader, XCCDFA_ID); # 802| fix->system = xccdf_attribute_copy(reader, XCCDFA_SYSTEM); # 803| fix->platform = xccdf_attribute_copy(reader, XCCDFA_PLATFORM); Error: GCC_ANALYZER_WARNING (CWE-401): [#def94] openscap-1.4.4/src/XCCDF/rule.c:802:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_fix_new()’ # 800| struct xccdf_fix *fix = xccdf_fix_new(); # 801| fix->id = xccdf_attribute_copy(reader, XCCDFA_ID); # 802|-> fix->system = xccdf_attribute_copy(reader, XCCDFA_SYSTEM); # 803| fix->platform = xccdf_attribute_copy(reader, XCCDFA_PLATFORM); # 804| fix->reboot = xccdf_attribute_get_bool(reader, XCCDFA_REBOOT); Error: GCC_ANALYZER_WARNING (CWE-401): [#def95] openscap-1.4.4/src/XCCDF/rule.c:803:25: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_fix_new()’ # 801| fix->id = xccdf_attribute_copy(reader, XCCDFA_ID); # 802| fix->system = xccdf_attribute_copy(reader, XCCDFA_SYSTEM); # 803|-> fix->platform = xccdf_attribute_copy(reader, XCCDFA_PLATFORM); # 804| fix->reboot = xccdf_attribute_get_bool(reader, XCCDFA_REBOOT); # 805| fix->strategy = oscap_string_to_enum(XCCDF_STRATEGY_MAP, xccdf_attribute_get(reader, XCCDFA_STRATEGY)); Error: GCC_ANALYZER_WARNING (CWE-401): [#def96] openscap-1.4.4/src/XCCDF/rule.c:804:27: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_fix_new()’ # 802| fix->system = xccdf_attribute_copy(reader, XCCDFA_SYSTEM); # 803| fix->platform = xccdf_attribute_copy(reader, XCCDFA_PLATFORM); # 804|-> fix->reboot = xccdf_attribute_get_bool(reader, XCCDFA_REBOOT); # 805| fix->strategy = oscap_string_to_enum(XCCDF_STRATEGY_MAP, xccdf_attribute_get(reader, XCCDFA_STRATEGY)); # 806| fix->disruption = oscap_string_to_enum(XCCDF_LEVEL_MAP, xccdf_attribute_get(reader, XCCDFA_DISRUPTION)); Error: GCC_ANALYZER_WARNING (CWE-401): [#def97] openscap-1.4.4/src/XCCDF/rule.c:805:27: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_fix_new()’ # 803| fix->platform = xccdf_attribute_copy(reader, XCCDFA_PLATFORM); # 804| fix->reboot = xccdf_attribute_get_bool(reader, XCCDFA_REBOOT); # 805|-> fix->strategy = oscap_string_to_enum(XCCDF_STRATEGY_MAP, xccdf_attribute_get(reader, XCCDFA_STRATEGY)); # 806| fix->disruption = oscap_string_to_enum(XCCDF_LEVEL_MAP, xccdf_attribute_get(reader, XCCDFA_DISRUPTION)); # 807| fix->complexity = oscap_string_to_enum(XCCDF_LEVEL_MAP, xccdf_attribute_get(reader, XCCDFA_COMPLEXITY)); Error: GCC_ANALYZER_WARNING (CWE-476): [#def98] openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_fixtext_clone’ openscap-1.4.4/src/XCCDF/rule.c:820:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_fixtext_new()’ # 818| { # 819| struct xccdf_fixtext * clone = xccdf_fixtext_new(); # 820|-> clone->reboot = fixtext->reboot; # 821| clone->strategy = fixtext->strategy; # 822| clone->disruption = fixtext->disruption; Error: GCC_ANALYZER_WARNING (CWE-401): [#def99] openscap-1.4.4/src/XCCDF/rule.c:820:32: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_fixtext_new()’ openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_fixtext_clone’ # 818| { # 819| struct xccdf_fixtext * clone = xccdf_fixtext_new(); # 820|-> clone->reboot = fixtext->reboot; # 821| clone->strategy = fixtext->strategy; # 822| clone->disruption = fixtext->disruption; Error: GCC_ANALYZER_WARNING (CWE-401): [#def100] openscap-1.4.4/src/XCCDF/rule.c:825:23: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_fixtext_clone’ # 823| clone->complexity = fixtext->complexity; # 824| clone->fixref = oscap_strdup(fixtext->fixref); # 825|-> clone->text = oscap_text_clone(fixtext->text); # 826| return clone; # 827| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def101] openscap-1.4.4/src/XCCDF/rule.c: scope_hint: In function ‘xccdf_fixtext_parse’ openscap-1.4.4/src/XCCDF/rule.c:832:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xccdf_fixtext_new()’ # 830| { # 831| struct xccdf_fixtext *fix = xccdf_fixtext_new(); # 832|-> fix->fixref = xccdf_attribute_copy(reader, XCCDFA_FIXREF); # 833| fix->text = oscap_text_new_parse(XCCDF_TEXT_HTMLSUB, reader); # 834| fix->reboot = xccdf_attribute_get_bool(reader, XCCDFA_REBOOT); Error: GCC_ANALYZER_WARNING (CWE-401): [#def102] openscap-1.4.4/src/XCCDF/rule.c:832:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_fixtext_new()’ # 830| { # 831| struct xccdf_fixtext *fix = xccdf_fixtext_new(); # 832|-> fix->fixref = xccdf_attribute_copy(reader, XCCDFA_FIXREF); # 833| fix->text = oscap_text_new_parse(XCCDF_TEXT_HTMLSUB, reader); # 834| fix->reboot = xccdf_attribute_get_bool(reader, XCCDFA_REBOOT); Error: GCC_ANALYZER_WARNING (CWE-401): [#def103] openscap-1.4.4/src/XCCDF/rule.c:833:21: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_fixtext_new()’ # 831| struct xccdf_fixtext *fix = xccdf_fixtext_new(); # 832| fix->fixref = xccdf_attribute_copy(reader, XCCDFA_FIXREF); # 833|-> fix->text = oscap_text_new_parse(XCCDF_TEXT_HTMLSUB, reader); # 834| fix->reboot = xccdf_attribute_get_bool(reader, XCCDFA_REBOOT); # 835| fix->strategy = oscap_string_to_enum(XCCDF_STRATEGY_MAP, xccdf_attribute_get(reader, XCCDFA_STRATEGY)); Error: GCC_ANALYZER_WARNING (CWE-401): [#def104] openscap-1.4.4/src/XCCDF/rule.c:834:27: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_fixtext_new()’ # 832| fix->fixref = xccdf_attribute_copy(reader, XCCDFA_FIXREF); # 833| fix->text = oscap_text_new_parse(XCCDF_TEXT_HTMLSUB, reader); # 834|-> fix->reboot = xccdf_attribute_get_bool(reader, XCCDFA_REBOOT); # 835| fix->strategy = oscap_string_to_enum(XCCDF_STRATEGY_MAP, xccdf_attribute_get(reader, XCCDFA_STRATEGY)); # 836| fix->disruption = oscap_string_to_enum(XCCDF_LEVEL_MAP, xccdf_attribute_get(reader, XCCDFA_DISRUPTION)); Error: GCC_ANALYZER_WARNING (CWE-401): [#def105] openscap-1.4.4/src/XCCDF/rule.c:835:27: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_fixtext_new()’ # 833| fix->text = oscap_text_new_parse(XCCDF_TEXT_HTMLSUB, reader); # 834| fix->reboot = xccdf_attribute_get_bool(reader, XCCDFA_REBOOT); # 835|-> fix->strategy = oscap_string_to_enum(XCCDF_STRATEGY_MAP, xccdf_attribute_get(reader, XCCDFA_STRATEGY)); # 836| fix->disruption = oscap_string_to_enum(XCCDF_LEVEL_MAP, xccdf_attribute_get(reader, XCCDFA_DISRUPTION)); # 837| fix->complexity = oscap_string_to_enum(XCCDF_LEVEL_MAP, xccdf_attribute_get(reader, XCCDFA_COMPLEXITY)); Error: GCC_ANALYZER_WARNING (CWE-401): [#def106] openscap-1.4.4/src/XCCDF/tailoring.c:191:51: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/tailoring.c:126:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’ openscap-1.4.4/src/XCCDF/tailoring.c: scope_hint: In function ‘xccdf_tailoring_parse’ # 189| dI("Parsing Tailoring Profiles without reference to Benchmark"); # 190| } # 191|-> struct xccdf_item *item = xccdf_profile_parse(reader, benchmark); # 192| if (!xccdf_tailoring_add_profile(tailoring, XPROFILE(item))) { # 193| dW("Failed to add profile to tailoring while parsing!"); Error: GCC_ANALYZER_WARNING (CWE-401): [#def107] openscap-1.4.4/src/XCCDF/tailoring.c:201:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/tailoring.c:126:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’ openscap-1.4.4/src/XCCDF/tailoring.c: scope_hint: In function ‘xccdf_tailoring_parse’ # 199| xmlTextReaderConstLocalName(reader)); # 200| } # 201|-> xmlTextReaderRead(reader); # 202| } # 203| Error: GCC_ANALYZER_WARNING (CWE-401): [#def108] openscap-1.4.4/src/XCCDF/tailoring.c:399:22: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_tailoring_new()’ openscap-1.4.4/src/XCCDF/tailoring.c:126:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’ openscap-1.4.4/src/XCCDF/tailoring.c: scope_hint: In function ‘xccdf_tailoring_parse’ # 397| bool xccdf_tailoring_set_id(struct xccdf_tailoring *tailoring, const char* newval) # 398| { # 399|-> if (tailoring->id) # 400| free(tailoring->id); # 401|
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.92.0 |
| diffbase-analyzer-version-cppcheck | 2.19.1 |
| diffbase-analyzer-version-gcc | 16.0.0 |
| diffbase-analyzer-version-gcc-analyzer | 16.0.0 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-233.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | openscap-1.4.4-0.20260112191348495074.pr2301.23.g016338c21 |
| diffbase-store-results-to | /tmp/tmp72jvbokr/openscap-1.4.4-0.20260112191348495074.pr2301.23.g016338c21.tar.xz |
| diffbase-time-created | 2026-01-12 19:37:13 |
| diffbase-time-finished | 2026-01-12 19:49:47 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmp72jvbokr/openscap-1.4.4-0.20260112191348495074.pr2301.23.g016338c21.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmp72jvbokr/openscap-1.4.4-0.20260112191348495074.pr2301.23.g016338c21.src.rpm' |
| diffbase-tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-233.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | openscap-1.4.4-0.20260112115410058871.main.21.g7a61a088a |
| store-results-to | /tmp/tmpy37nacxu/openscap-1.4.4-0.20260112115410058871.main.21.g7a61a088a.tar.xz |
| time-created | 2026-01-12 19:22:33 |
| time-finished | 2026-01-12 19:36:41 |
| title | Fixed findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpy37nacxu/openscap-1.4.4-0.20260112115410058871.main.21.g7a61a088a.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmpy37nacxu/openscap-1.4.4-0.20260112115410058871.main.21.g7a61a088a.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |