Error: GCC_ANALYZER_WARNING (CWE-476): [#def1] openscap-1.4.4/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_notes_new’ openscap-1.4.4/src/CPE/cpedict_priv.c:385:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘notes’ # 383| { # 384| struct cpe_notes *notes = calloc(1, sizeof(struct cpe_notes)); # 385|-> notes->notes = oscap_list_new(); # 386| return notes; # 387| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def2] openscap-1.4.4/src/CPE/cpedict_priv.c:385:24: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_item_new()’ openscap-1.4.4/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_notes_new’ # 383| { # 384| struct cpe_notes *notes = calloc(1, sizeof(struct cpe_notes)); # 385|-> notes->notes = oscap_list_new(); # 386| return notes; # 387| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] openscap-1.4.4/src/CPE/cpedict_priv.c:385:24: warning[-Wanalyzer-malloc-leak]: leak of ‘notes’ # 383| { # 384| struct cpe_notes *notes = calloc(1, sizeof(struct cpe_notes)); # 385|-> notes->notes = oscap_list_new(); # 386| return notes; # 387| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def4] openscap-1.4.4/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_vendor_new’ openscap-1.4.4/src/CPE/cpedict_priv.c:418:24: warning[-Wanalyzer-malloc-leak]: leak of ‘item’ # 416| # 417| item->value = NULL; # 418|-> item->titles = oscap_list_new(); # 419| item->products = oscap_list_new(); # 420| Error: GCC_ANALYZER_WARNING (CWE-401): [#def5] openscap-1.4.4/src/CPE/cpedict_priv.c:419:26: warning[-Wanalyzer-malloc-leak]: leak of ‘item’ # 417| item->value = NULL; # 418| item->titles = oscap_list_new(); # 419|-> item->products = oscap_list_new(); # 420| # 421| return item; Error: GCC_ANALYZER_WARNING (CWE-401): [#def6] openscap-1.4.4/src/CPE/cpedict_priv.c:434:26: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_vendor_new()’ # 432| memset(item, 0, sizeof(struct cpe_product)); # 433| # 434|-> item->versions = oscap_list_new(); # 435| item->value = NULL; # 436| Error: GCC_ANALYZER_WARNING (CWE-401): [#def7] openscap-1.4.4/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_product_new’ openscap-1.4.4/src/CPE/cpedict_priv.c:434:26: warning[-Wanalyzer-malloc-leak]: leak of ‘item’ # 432| memset(item, 0, sizeof(struct cpe_product)); # 433| # 434|-> item->versions = oscap_list_new(); # 435| item->value = NULL; # 436| Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] openscap-1.4.4/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_version_new’ openscap-1.4.4/src/CPE/cpedict_priv.c:450:25: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_vendor_new()’ # 448| memset(item, 0, sizeof(struct cpe_version)); # 449| # 450|-> item->updates = oscap_list_new(); # 451| item->value = NULL; # 452| Error: GCC_ANALYZER_WARNING (CWE-401): [#def9] openscap-1.4.4/src/CPE/cpedict_priv.c:450:25: warning[-Wanalyzer-malloc-leak]: leak of ‘item’ # 448| memset(item, 0, sizeof(struct cpe_version)); # 449| # 450|-> item->updates = oscap_list_new(); # 451| item->value = NULL; # 452| Error: GCC_ANALYZER_WARNING (CWE-401): [#def10] openscap-1.4.4/src/CPE/cpedict_priv.c:466:26: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_vendor_new()’ # 464| memset(item, 0, sizeof(struct cpe_update)); # 465| # 466|-> item->editions = oscap_list_new(); # 467| item->value = NULL; # 468| Error: GCC_ANALYZER_WARNING (CWE-401): [#def11] openscap-1.4.4/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_update_new’ openscap-1.4.4/src/CPE/cpedict_priv.c:466:26: warning[-Wanalyzer-malloc-leak]: leak of ‘item’ # 464| memset(item, 0, sizeof(struct cpe_update)); # 465| # 466|-> item->editions = oscap_list_new(); # 467| item->value = NULL; # 468| Error: GCC_ANALYZER_WARNING (CWE-401): [#def12] openscap-1.4.4/src/CPE/cpedict_priv.c:482:27: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_vendor_new()’ # 480| memset(item, 0, sizeof(struct cpe_edition)); # 481| # 482|-> item->languages = oscap_list_new(); # 483| item->value = NULL; # 484| Error: GCC_ANALYZER_WARNING (CWE-401): [#def13] openscap-1.4.4/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_edition_new’ openscap-1.4.4/src/CPE/cpedict_priv.c:482:27: warning[-Wanalyzer-malloc-leak]: leak of ‘item’ # 480| memset(item, 0, sizeof(struct cpe_edition)); # 481| # 482|-> item->languages = oscap_list_new(); # 483| item->value = NULL; # 484| Error: GCC_ANALYZER_WARNING (CWE-401): [#def14] openscap-1.4.4/src/CPE/cpedict_priv.c: scope_hint: In function ‘cpe_generator_parse’ openscap-1.4.4/src/CPE/cpedict_priv.c:618:17: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_generator_new()’ # 616| # 617| // skip nodes until new element # 618|-> xmlTextReaderNextElement(reader); # 619| # 620| while (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_GENERATOR_STR) != 0) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def15] openscap-1.4.4/src/CPE/cpedict_priv.c:620:24: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_generator_new()’ # 618| xmlTextReaderNextElement(reader); # 619| # 620|-> while (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_GENERATOR_STR) != 0) { # 621| # 622| if ((xmlStrcmp(xmlTextReaderConstLocalName(reader), Error: GCC_ANALYZER_WARNING (CWE-401): [#def16] openscap-1.4.4/src/CPE/cpedict_priv.c:622:30: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_generator_new()’ # 620| while (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_GENERATOR_STR) != 0) { # 621| # 622|-> if ((xmlStrcmp(xmlTextReaderConstLocalName(reader), # 623| TAG_PRODUCT_NAME_STR) == 0) && # 624| (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def17] openscap-1.4.4/src/CPE/cpedict_priv.c:624:30: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_generator_new()’ # 622| if ((xmlStrcmp(xmlTextReaderConstLocalName(reader), # 623| TAG_PRODUCT_NAME_STR) == 0) && # 624|-> (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)) { # 625| ret->product_name = oscap_element_string_copy(reader); # 626| } else Error: GCC_ANALYZER_WARNING (CWE-401): [#def18] openscap-1.4.4/src/CPE/cpedict_priv.c:625:53: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_generator_new()’ # 623| TAG_PRODUCT_NAME_STR) == 0) && # 624| (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)) { # 625|-> ret->product_name = oscap_element_string_copy(reader); # 626| } else # 627| if ((xmlStrcmp(xmlTextReaderConstLocalName(reader), Error: GCC_ANALYZER_WARNING (CWE-401): [#def19] openscap-1.4.4/src/CPE/cpedict_priv.c:627:34: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_generator_new()’ # 625| ret->product_name = oscap_element_string_copy(reader); # 626| } else # 627|-> if ((xmlStrcmp(xmlTextReaderConstLocalName(reader), # 628| TAG_PRODUCT_VERSION_STR) == 0) && # 629| (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def20] openscap-1.4.4/src/CPE/cpedict_priv.c:629:34: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_generator_new()’ # 627| if ((xmlStrcmp(xmlTextReaderConstLocalName(reader), # 628| TAG_PRODUCT_VERSION_STR) == 0) && # 629|-> (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)) { # 630| ret->product_version = oscap_element_string_copy(reader); # 631| } else Error: GCC_ANALYZER_WARNING (CWE-401): [#def21] openscap-1.4.4/src/CPE/cpedict_priv.c:630:56: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_generator_new()’ # 628| TAG_PRODUCT_VERSION_STR) == 0) && # 629| (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)) { # 630|-> ret->product_version = oscap_element_string_copy(reader); # 631| } else # 632| if ((xmlStrcmp(xmlTextReaderConstLocalName(reader), Error: GCC_ANALYZER_WARNING (CWE-401): [#def22] openscap-1.4.4/src/CPE/cpedict_priv.c:632:34: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_generator_new()’ # 630| ret->product_version = oscap_element_string_copy(reader); # 631| } else # 632|-> if ((xmlStrcmp(xmlTextReaderConstLocalName(reader), # 633| TAG_SCHEMA_VERSION_STR) == 0) && # 634| (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def23] openscap-1.4.4/src/CPE/cpedict_priv.c:634:34: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_generator_new()’ # 632| if ((xmlStrcmp(xmlTextReaderConstLocalName(reader), # 633| TAG_SCHEMA_VERSION_STR) == 0) && # 634|-> (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)) { # 635| ret->schema_version = oscap_element_string_copy(reader); # 636| cpe_parser_ctx_set_schema_version(ctx, ret->schema_version); Error: GCC_ANALYZER_WARNING (CWE-401): [#def24] openscap-1.4.4/src/CPE/cpedict_priv.c:635:55: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_generator_new()’ # 633| TAG_SCHEMA_VERSION_STR) == 0) && # 634| (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)) { # 635|-> ret->schema_version = oscap_element_string_copy(reader); # 636| cpe_parser_ctx_set_schema_version(ctx, ret->schema_version); # 637| } else Error: GCC_ANALYZER_WARNING (CWE-401): [#def25] openscap-1.4.4/src/CPE/cpedict_priv.c:636:33: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_generator_new()’ # 634| (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)) { # 635| ret->schema_version = oscap_element_string_copy(reader); # 636|-> cpe_parser_ctx_set_schema_version(ctx, ret->schema_version); # 637| } else # 638| if ((xmlStrcmp(xmlTextReaderConstLocalName(reader), Error: GCC_ANALYZER_WARNING (CWE-401): [#def26] openscap-1.4.4/src/CPE/cpedict_priv.c:638:34: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_generator_new()’ # 636| cpe_parser_ctx_set_schema_version(ctx, ret->schema_version); # 637| } else # 638|-> if ((xmlStrcmp(xmlTextReaderConstLocalName(reader), # 639| TAG_TIMESTAMP_STR) == 0) && # 640| (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def27] openscap-1.4.4/src/CPE/cpelang_priv.c:292:21: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ # 290| # 291| if (!xmlStrcmp(xmlTextReaderConstLocalName(reader), ATTR_TITLE_STR) && # 292|-> xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { # 293| oscap_list_add(ret->titles, oscap_text_new_parse(OSCAP_TEXT_TRAITS_PLAIN, reader)); # 294| } else Error: GCC_ANALYZER_WARNING (CWE-401): [#def28] openscap-1.4.4/src/CPE/cpelang_priv.c:292:21: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_platform_new()’ # 290| # 291| if (!xmlStrcmp(xmlTextReaderConstLocalName(reader), ATTR_TITLE_STR) && # 292|-> xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { # 293| oscap_list_add(ret->titles, oscap_text_new_parse(OSCAP_TEXT_TRAITS_PLAIN, reader)); # 294| } else Error: GCC_ANALYZER_WARNING (CWE-401): [#def29] openscap-1.4.4/src/CPE/cpelang_priv.c:293:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ # 291| if (!xmlStrcmp(xmlTextReaderConstLocalName(reader), ATTR_TITLE_STR) && # 292| xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { # 293|-> oscap_list_add(ret->titles, oscap_text_new_parse(OSCAP_TEXT_TRAITS_PLAIN, reader)); # 294| } else # 295| if (!xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_REMARK_STR) && Error: GCC_ANALYZER_WARNING (CWE-401): [#def30] openscap-1.4.4/src/CPE/cpelang_priv.c:293:25: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_platform_new()’ # 291| if (!xmlStrcmp(xmlTextReaderConstLocalName(reader), ATTR_TITLE_STR) && # 292| xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { # 293|-> oscap_list_add(ret->titles, oscap_text_new_parse(OSCAP_TEXT_TRAITS_PLAIN, reader)); # 294| } else # 295| if (!xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_REMARK_STR) && Error: GCC_ANALYZER_WARNING (CWE-401): [#def31] openscap-1.4.4/src/CPE/cpelang_priv.c:293:53: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ # 291| if (!xmlStrcmp(xmlTextReaderConstLocalName(reader), ATTR_TITLE_STR) && # 292| xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { # 293|-> oscap_list_add(ret->titles, oscap_text_new_parse(OSCAP_TEXT_TRAITS_PLAIN, reader)); # 294| } else # 295| if (!xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_REMARK_STR) && Error: GCC_ANALYZER_WARNING (CWE-401): [#def32] openscap-1.4.4/src/CPE/cpelang_priv.c:293:53: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_platform_new()’ # 291| if (!xmlStrcmp(xmlTextReaderConstLocalName(reader), ATTR_TITLE_STR) && # 292| xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { # 293|-> oscap_list_add(ret->titles, oscap_text_new_parse(OSCAP_TEXT_TRAITS_PLAIN, reader)); # 294| } else # 295| if (!xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_REMARK_STR) && Error: GCC_ANALYZER_WARNING (CWE-401): [#def33] openscap-1.4.4/src/CPE/cpelang_priv.c:295:26: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ # 293| oscap_list_add(ret->titles, oscap_text_new_parse(OSCAP_TEXT_TRAITS_PLAIN, reader)); # 294| } else # 295|-> if (!xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_REMARK_STR) && # 296| xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { # 297| ret->remark = parse_text_element(reader, (char *)TAG_REMARK_STR); // TODO: 0-n remarks ! Error: GCC_ANALYZER_WARNING (CWE-401): [#def34] openscap-1.4.4/src/CPE/cpelang_priv.c:295:26: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_platform_new()’ # 293| oscap_list_add(ret->titles, oscap_text_new_parse(OSCAP_TEXT_TRAITS_PLAIN, reader)); # 294| } else # 295|-> if (!xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_REMARK_STR) && # 296| xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { # 297| ret->remark = parse_text_element(reader, (char *)TAG_REMARK_STR); // TODO: 0-n remarks ! Error: GCC_ANALYZER_WARNING (CWE-401): [#def35] openscap-1.4.4/src/CPE/cpelang_priv.c:296:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ # 294| } else # 295| if (!xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_REMARK_STR) && # 296|-> xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { # 297| ret->remark = parse_text_element(reader, (char *)TAG_REMARK_STR); // TODO: 0-n remarks ! # 298| } else Error: GCC_ANALYZER_WARNING (CWE-401): [#def36] openscap-1.4.4/src/CPE/cpelang_priv.c:296:25: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_platform_new()’ # 294| } else # 295| if (!xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_REMARK_STR) && # 296|-> xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { # 297| ret->remark = parse_text_element(reader, (char *)TAG_REMARK_STR); // TODO: 0-n remarks ! # 298| } else Error: GCC_ANALYZER_WARNING (CWE-401): [#def37] openscap-1.4.4/src/CPE/cpelang_priv.c:299:26: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ # 297| ret->remark = parse_text_element(reader, (char *)TAG_REMARK_STR); // TODO: 0-n remarks ! # 298| } else # 299|-> if (!xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_LOGICAL_TEST_STR) && # 300| xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { # 301| /* Maybe we shall not allocate this in constructor? */ Error: GCC_ANALYZER_WARNING (CWE-401): [#def38] openscap-1.4.4/src/CPE/cpelang_priv.c:299:26: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_platform_new()’ # 297| ret->remark = parse_text_element(reader, (char *)TAG_REMARK_STR); // TODO: 0-n remarks ! # 298| } else # 299|-> if (!xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_LOGICAL_TEST_STR) && # 300| xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { # 301| /* Maybe we shall not allocate this in constructor? */ Error: GCC_ANALYZER_WARNING (CWE-401): [#def39] openscap-1.4.4/src/CPE/cpelang_priv.c:300:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ # 298| } else # 299| if (!xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_LOGICAL_TEST_STR) && # 300|-> xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { # 301| /* Maybe we shall not allocate this in constructor? */ # 302| cpe_testexpr_free(ret->expr); Error: GCC_ANALYZER_WARNING (CWE-401): [#def40] openscap-1.4.4/src/CPE/cpelang_priv.c:300:25: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_platform_new()’ # 298| } else # 299| if (!xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_LOGICAL_TEST_STR) && # 300|-> xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { # 301| /* Maybe we shall not allocate this in constructor? */ # 302| cpe_testexpr_free(ret->expr); Error: GCC_ANALYZER_WARNING (CWE-401): [#def41] openscap-1.4.4/src/CPE/cpelang_priv.c: scope_hint: In function ‘cpe_testexpr_meta_free’ openscap-1.4.4/src/CPE/cpelang_priv.c:302:25: warning[-Wanalyzer-malloc-leak]: leak of ‘cpe_platform_new()’ # 300| xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { # 301| /* Maybe we shall not allocate this in constructor? */ # 302|-> cpe_testexpr_free(ret->expr); # 303| ret->expr = cpe_testexpr_parse(reader); # 304| } else if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) Error: GCC_ANALYZER_WARNING (CWE-401): [#def42] openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_OBJECTREF_tag’ openscap-1.4.4/src/OVAL/oval_component.c:275:25: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 2)’ # 273| __attribute__nonnull__(component); # 274| # 275|-> return component->type; # 276| } # 277| Error: GCC_ANALYZER_WARNING (CWE-401): [#def43] openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘oval_component_new’ openscap-1.4.4/src/OVAL/oval_component.c:743:57: warning[-Wanalyzer-malloc-leak]: leak of ‘function’ # 741| # 742| component = (oval_component_t *) function; # 743|-> function->function_components = oval_collection_new(); # 744| } # 745| break; Error: GCC_ANALYZER_WARNING (CWE-401): [#def44] openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘oval_component_clone’ openscap-1.4.4/src/OVAL/oval_component.c:773:30: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(new_model, *old_component.type)’ # 771| return NULL; # 772| # 773|-> switch (new_component->type) { # 774| case OVAL_FUNCTION_ARITHMETIC:{ # 775| oval_arithmetic_operation_t operation = oval_component_get_arithmetic_operation(old_component); Error: GCC_ANALYZER_WARNING (CWE-476): [#def45] openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘oval_component_set_variable’ openscap-1.4.4/src/OVAL/oval_component.c:939:22: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’ # 937| # 938| /* type == OVAL_COMPONENT_VARREF */ # 939|-> if (component->type == OVAL_COMPONENT_VARREF) { # 940| oval_component_VARREF_t *varref = (oval_component_VARREF_t *) component; # 941| varref->variable = variable; Error: GCC_ANALYZER_WARNING (CWE-401): [#def46] openscap-1.4.4/src/OVAL/oval_component.c:954:16: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 1)’ openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘oval_component_parse_tag’ # 952| { # 953| # 954|-> return oval_value_parse_tag(reader, context, oval_value_consume, component); # 955| } # 956| Error: GCC_ANALYZER_WARNING (CWE-401): [#def47] openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_OBJECTREF_tag’ openscap-1.4.4/src/OVAL/oval_component.c:962:32: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 2)’ # 960| # 961| struct oval_definition_model *model = context->definition_model; # 962|-> char *objref = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "object_ref"); # 963| struct oval_object *object = oval_definition_model_get_new_object(model, objref); # 964| char *field; Error: GCC_ANALYZER_WARNING (CWE-401): [#def48] openscap-1.4.4/src/OVAL/oval_component.c:963:38: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 2)’ # 961| struct oval_definition_model *model = context->definition_model; # 962| char *objref = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "object_ref"); # 963|-> struct oval_object *object = oval_definition_model_get_new_object(model, objref); # 964| char *field; # 965| Error: GCC_ANALYZER_WARNING (CWE-401): [#def49] openscap-1.4.4/src/OVAL/oval_component.c:974:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ # 972| if (field) # 973| free(field); # 974|-> field = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "record_field"); # 975| oval_component_set_record_field(component, field); # 976| if (field) Error: GCC_ANALYZER_WARNING (CWE-401): [#def50] openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_VARREF_tag’ openscap-1.4.4/src/OVAL/oval_component.c:987:32: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 3)’ # 985| # 986| struct oval_definition_model *model = context->definition_model; # 987|-> char *varref = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "var_ref"); # 988| struct oval_variable *variable = oval_definition_model_get_new_variable(model, varref, OVAL_VARIABLE_UNKNOWN); # 989| if (varref != NULL) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def51] openscap-1.4.4/src/OVAL/oval_component.c:988:42: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 3)’ # 986| struct oval_definition_model *model = context->definition_model; # 987| char *varref = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "var_ref"); # 988|-> struct oval_variable *variable = oval_definition_model_get_new_variable(model, varref, OVAL_VARIABLE_UNKNOWN); # 989| if (varref != NULL) { # 990| free(varref); Error: GCC_ANALYZER_WARNING (CWE-401): [#def52] openscap-1.4.4/src/OVAL/oval_component.c:1017:16: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 10)’ openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_TIMEDIF_tag’ # 1015| { # 1016| oval_component_FUNCTION_t *function = (oval_component_FUNCTION_t *) component; # 1017|-> return oval_parser_parse_tag(reader, context, &oval_subcomp_tag_consume, function); # 1018| } # 1019| Error: GCC_ANALYZER_WARNING (CWE-401): [#def53] openscap-1.4.4/src/OVAL/oval_component.c:1017:16: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 11)’ openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘oval_component_parse_tag’ # 1015| { # 1016| oval_component_FUNCTION_t *function = (oval_component_FUNCTION_t *) component; # 1017|-> return oval_parser_parse_tag(reader, context, &oval_subcomp_tag_consume, function); # 1018| } # 1019| Error: GCC_ANALYZER_WARNING (CWE-401): [#def54] openscap-1.4.4/src/OVAL/oval_component.c:1017:16: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 12)’ openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_REGEX_CAPTURE_tag’ # 1015| { # 1016| oval_component_FUNCTION_t *function = (oval_component_FUNCTION_t *) component; # 1017|-> return oval_parser_parse_tag(reader, context, &oval_subcomp_tag_consume, function); # 1018| } # 1019| Error: GCC_ANALYZER_WARNING (CWE-401): [#def55] openscap-1.4.4/src/OVAL/oval_component.c:1017:16: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 13)’ openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_ARITHMETIC_tag’ # 1015| { # 1016| oval_component_FUNCTION_t *function = (oval_component_FUNCTION_t *) component; # 1017|-> return oval_parser_parse_tag(reader, context, &oval_subcomp_tag_consume, function); # 1018| } # 1019| Error: GCC_ANALYZER_WARNING (CWE-401): [#def56] openscap-1.4.4/src/OVAL/oval_component.c:1017:16: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 14)’ openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘oval_component_parse_tag’ # 1015| { # 1016| oval_component_FUNCTION_t *function = (oval_component_FUNCTION_t *) component; # 1017|-> return oval_parser_parse_tag(reader, context, &oval_subcomp_tag_consume, function); # 1018| } # 1019| Error: GCC_ANALYZER_WARNING (CWE-401): [#def57] openscap-1.4.4/src/OVAL/oval_component.c:1017:16: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 15)’ openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘oval_component_parse_tag’ # 1015| { # 1016| oval_component_FUNCTION_t *function = (oval_component_FUNCTION_t *) component; # 1017|-> return oval_parser_parse_tag(reader, context, &oval_subcomp_tag_consume, function); # 1018| } # 1019| Error: GCC_ANALYZER_WARNING (CWE-401): [#def58] openscap-1.4.4/src/OVAL/oval_component.c:1017:16: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 5)’ openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_BEGEND_tag’ # 1015| { # 1016| oval_component_FUNCTION_t *function = (oval_component_FUNCTION_t *) component; # 1017|-> return oval_parser_parse_tag(reader, context, &oval_subcomp_tag_consume, function); # 1018| } # 1019| Error: GCC_ANALYZER_WARNING (CWE-401): [#def59] openscap-1.4.4/src/OVAL/oval_component.c:1017:16: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 6)’ openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘oval_component_parse_tag’ # 1015| { # 1016| oval_component_FUNCTION_t *function = (oval_component_FUNCTION_t *) component; # 1017|-> return oval_parser_parse_tag(reader, context, &oval_subcomp_tag_consume, function); # 1018| } # 1019| Error: GCC_ANALYZER_WARNING (CWE-401): [#def60] openscap-1.4.4/src/OVAL/oval_component.c:1017:16: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 7)’ openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_BEGEND_tag’ # 1015| { # 1016| oval_component_FUNCTION_t *function = (oval_component_FUNCTION_t *) component; # 1017|-> return oval_parser_parse_tag(reader, context, &oval_subcomp_tag_consume, function); # 1018| } # 1019| Error: GCC_ANALYZER_WARNING (CWE-401): [#def61] openscap-1.4.4/src/OVAL/oval_component.c:1017:16: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 8)’ openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_SPLIT_tag’ # 1015| { # 1016| oval_component_FUNCTION_t *function = (oval_component_FUNCTION_t *) component; # 1017|-> return oval_parser_parse_tag(reader, context, &oval_subcomp_tag_consume, function); # 1018| } # 1019| Error: GCC_ANALYZER_WARNING (CWE-401): [#def62] openscap-1.4.4/src/OVAL/oval_component.c:1017:16: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 9)’ openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_SUBSTRING_tag’ # 1015| { # 1016| oval_component_FUNCTION_t *function = (oval_component_FUNCTION_t *) component; # 1017|-> return oval_parser_parse_tag(reader, context, &oval_subcomp_tag_consume, function); # 1018| } # 1019| Error: GCC_ANALYZER_WARNING (CWE-401): [#def63] openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_ARITHMETIC_tag’ openscap-1.4.4/src/OVAL/oval_component.c:1026:49: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 13)’ # 1024| # 1025| oval_component_ARITHMETIC_t *arithmetic = (oval_component_ARITHMETIC_t *) component; # 1026|-> oval_arithmetic_operation_t operation = oval_arithmetic_operation_parse(reader, "arithmetic_operation", # 1027| OVAL_ARITHMETIC_UNKNOWN); # 1028| arithmetic->operation = operation; Error: GCC_ANALYZER_WARNING (CWE-476): [#def64] openscap-1.4.4/src/OVAL/oval_component.c:1028:31: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’ # 1026| oval_arithmetic_operation_t operation = oval_arithmetic_operation_parse(reader, "arithmetic_operation", # 1027| OVAL_ARITHMETIC_UNKNOWN); # 1028|-> arithmetic->operation = operation; # 1029| return _oval_component_parse_FUNCTION_tag(reader, context, component); # 1030| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def65] openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_BEGEND_tag’ openscap-1.4.4/src/OVAL/oval_component.c:1039:27: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’ # 1037| # 1038| oval_component_BEGEND_t *begend = (oval_component_BEGEND_t *) component; # 1039|-> begend->character = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "character"); # 1040| # 1041| return _oval_component_parse_FUNCTION_tag(reader, context, component); Error: GCC_ANALYZER_WARNING (CWE-401): [#def66] openscap-1.4.4/src/OVAL/oval_component.c:1039:37: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 5)’ # 1037| # 1038| oval_component_BEGEND_t *begend = (oval_component_BEGEND_t *) component; # 1039|-> begend->character = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "character"); # 1040| # 1041| return _oval_component_parse_FUNCTION_tag(reader, context, component); Error: GCC_ANALYZER_WARNING (CWE-401): [#def67] openscap-1.4.4/src/OVAL/oval_component.c:1039:37: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 7)’ # 1037| # 1038| oval_component_BEGEND_t *begend = (oval_component_BEGEND_t *) component; # 1039|-> begend->character = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "character"); # 1040| # 1041| return _oval_component_parse_FUNCTION_tag(reader, context, component); Error: GCC_ANALYZER_WARNING (CWE-476): [#def68] openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_SPLIT_tag’ openscap-1.4.4/src/OVAL/oval_component.c:1051:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’ # 1049| # 1050| oval_component_SPLIT_t *split = (oval_component_SPLIT_t *) component; # 1051|-> split->delimiter = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "delimiter"); # 1052| # 1053| return _oval_component_parse_FUNCTION_tag(reader, context, component); Error: GCC_ANALYZER_WARNING (CWE-401): [#def69] openscap-1.4.4/src/OVAL/oval_component.c:1051:36: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 8)’ # 1049| # 1050| oval_component_SPLIT_t *split = (oval_component_SPLIT_t *) component; # 1051|-> split->delimiter = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "delimiter"); # 1052| # 1053| return _oval_component_parse_FUNCTION_tag(reader, context, component); Error: GCC_ANALYZER_WARNING (CWE-401): [#def70] openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_GLOB_TO_REGEX_tag’ openscap-1.4.4/src/OVAL/oval_component.c:1063:9: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 16)’ openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_GLOB_TO_REGEX_tag’ # 1061| # 1062| oval_component_GLOB_t *glob_to_regex = (oval_component_GLOB_t *) component; # 1063|-> glob_to_regex->glob_noescape = oval_parser_boolean_attribute(reader, "glob_noescape", 0); # 1064| # 1065| return _oval_component_parse_FUNCTION_tag(reader, context, component); Error: GCC_ANALYZER_WARNING (CWE-476): [#def71] openscap-1.4.4/src/OVAL/oval_component.c:1063:38: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘component’ # 1061| # 1062| oval_component_GLOB_t *glob_to_regex = (oval_component_GLOB_t *) component; # 1063|-> glob_to_regex->glob_noescape = oval_parser_boolean_attribute(reader, "glob_noescape", 0); # 1064| # 1065| return _oval_component_parse_FUNCTION_tag(reader, context, component); Error: GCC_ANALYZER_WARNING (CWE-401): [#def72] openscap-1.4.4/src/OVAL/oval_component.c:1063:40: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 16)’ # 1061| # 1062| oval_component_GLOB_t *glob_to_regex = (oval_component_GLOB_t *) component; # 1063|-> glob_to_regex->glob_noescape = oval_parser_boolean_attribute(reader, "glob_noescape", 0); # 1064| # 1065| return _oval_component_parse_FUNCTION_tag(reader, context, component); Error: GCC_ANALYZER_WARNING (CWE-401): [#def73] openscap-1.4.4/src/OVAL/oval_component.c: scope_hint: In function ‘_oval_component_parse_SUBSTRING_tag’ openscap-1.4.4/src/OVAL/oval_component.c:1076:36: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 9)’ # 1074| # 1075| oval_component_SUBSTRING_t *substring = (oval_component_SUBSTRING_t *) component; # 1076|-> char *start_text = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "substring_start"); # 1077| char *length_text = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "substring_length"); # 1078| int start = (start_text == NULL) ? 0 : atoi(start_text); Error: GCC_ANALYZER_WARNING (CWE-401): [#def74] openscap-1.4.4/src/OVAL/oval_component.c:1077:37: warning[-Wanalyzer-malloc-leak]: leak of ‘oval_component_new(model, 9)’ # 1075| oval_component_SUBSTRING_t *substring = (oval_component_SUBSTRING_t *) component; # 1076| char *start_text = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "substring_start"); # 1077|-> char *length_text = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "substring_length"); # 1078| int start = (start_text == NULL) ? 0 : atoi(start_text); # 1079| int length = (length_text == NULL) ? 0 : atoi(length_text); Error: GCC_ANALYZER_WARNING (CWE-404): [#def75] openscap-1.4.4/src/OVAL/oval_probe_ext.c:824:30: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ # 822| size_t probe_urilen; # 823| # 824|-> if (!probe_table_exists(obj_subtype)) { # 825| oval_syschar_add_new_message(sys, "OVAL object not supported", OVAL_MESSAGE_LEVEL_WARNING); # 826| oval_syschar_set_flag(sys, SYSCHAR_FLAG_NOT_COLLECTED); Error: GCC_ANALYZER_WARNING (CWE-404): [#def76] openscap-1.4.4/src/OVAL/oval_probe_ext.c:825:33: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ # 823| # 824| if (!probe_table_exists(obj_subtype)) { # 825|-> oval_syschar_add_new_message(sys, "OVAL object not supported", OVAL_MESSAGE_LEVEL_WARNING); # 826| oval_syschar_set_flag(sys, SYSCHAR_FLAG_NOT_COLLECTED); # 827| va_end(ap); Error: GCC_ANALYZER_WARNING (CWE-404): [#def77] openscap-1.4.4/src/OVAL/oval_probe_ext.c:826:33: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ # 824| if (!probe_table_exists(obj_subtype)) { # 825| oval_syschar_add_new_message(sys, "OVAL object not supported", OVAL_MESSAGE_LEVEL_WARNING); # 826|-> oval_syschar_set_flag(sys, SYSCHAR_FLAG_NOT_COLLECTED); # 827| va_end(ap); # 828| return (1); Error: GCC_ANALYZER_WARNING (CWE-404): [#def78] openscap-1.4.4/src/OVAL/oval_probe_ext.c:831:40: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ # 829| } # 830| # 831|-> probe_urilen = snprintf(probe_uri, sizeof probe_uri, "%s://%s", # 832| OVAL_PROBE_SCHEME, oval_subtype_get_text(obj_subtype)); # 833| Error: GCC_ANALYZER_WARNING (CWE-404): [#def79] openscap-1.4.4/src/OVAL/oval_probe_ext.c:843:33: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ openscap-1.4.4/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’ openscap-1.4.4/src/common/debug_priv.h:61:17: note: in expansion of macro ‘oscap_dlprintf’ openscap-1.4.4/src/OVAL/oval_probe_ext.c:840:25: note: in expansion of macro ‘dI’ # 841| # 842| if (oval_pdtbl_add(pext->pdtbl, obj_subtype, -1, probe_uri) != 0) { # 843|-> oval_syschar_add_new_message(sys, "OVAL object not supported", OVAL_MESSAGE_LEVEL_WARNING); # 844| oval_syschar_set_flag(sys, SYSCHAR_FLAG_NOT_COLLECTED); # 845| va_end(ap); Error: GCC_ANALYZER_WARNING (CWE-404): [#def80] openscap-1.4.4/src/OVAL/oval_probe_ext.c:844:33: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ openscap-1.4.4/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’ openscap-1.4.4/src/common/debug_priv.h:61:17: note: in expansion of macro ‘oscap_dlprintf’ openscap-1.4.4/src/OVAL/oval_probe_ext.c:840:25: note: in expansion of macro ‘dI’ # 842| if (oval_pdtbl_add(pext->pdtbl, obj_subtype, -1, probe_uri) != 0) { # 843| oval_syschar_add_new_message(sys, "OVAL object not supported", OVAL_MESSAGE_LEVEL_WARNING); # 844|-> oval_syschar_set_flag(sys, SYSCHAR_FLAG_NOT_COLLECTED); # 845| va_end(ap); # 846| return (1); Error: GCC_ANALYZER_WARNING (CWE-404): [#def81] openscap-1.4.4/src/OVAL/oval_probe_ext.c:974:18: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ # 972| } # 973| # 974|-> object = oval_syschar_get_object(syschar); # 975| ret = oval_object_to_sexp(pext->sess_ptr, oval_subtype_to_str(oval_object_get_subtype(object)), syschar, &s_obj); # 976| Error: GCC_ANALYZER_WARNING (CWE-404): [#def82] openscap-1.4.4/src/OVAL/oval_probe_ext.c:975:15: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ # 973| # 974| object = oval_syschar_get_object(syschar); # 975|-> ret = oval_object_to_sexp(pext->sess_ptr, oval_subtype_to_str(oval_object_get_subtype(object)), syschar, &s_obj); # 976| # 977| if (ret != 0) Error: GCC_ANALYZER_WARNING (CWE-404): [#def83] openscap-1.4.4/src/OVAL/oval_probe_ext.c: scope_hint: In function ‘oval_probe_ext_reset’ openscap-1.4.4/src/OVAL/oval_probe_ext.c:1024:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ # 1022| int oval_probe_ext_reset(SEAP_CTX_t *ctx, oval_pd_t *pd, oval_pext_t *pext) # 1023| { # 1024|-> SEAP_cmd_exec(ctx, pd->sd, SEAP_EXEC_RECV, PROBECMD_RESET, NULL, SEAP_CMDTYPE_SYNC, NULL, NULL); # 1025| # 1026| return (0); Error: GCC_ANALYZER_WARNING (CWE-401): [#def84] openscap-1.4.4/src/OVAL/probes/SEAP/public/sexp.h:28: included_from: Included from here. openscap-1.4.4/src/OVAL/probes/SEAP/public/sexp-datatype.h:29: included_from: Included from here. openscap-1.4.4/src/OVAL/probes/SEAP/_sexp-datatype.h:27: included_from: Included from here. openscap-1.4.4/src/OVAL/probes/SEAP/_sexp-types.h:31: included_from: Included from here. openscap-1.4.4/src/OVAL/probes/SEAP/seap-descriptor.h:33: included_from: Included from here. openscap-1.4.4/src/OVAL/probes/SEAP/sch_queue.h:28: included_from: Included from here. openscap-1.4.4/src/OVAL/probes/SEAP/_seap.h:28: included_from: Included from here. openscap-1.4.4/src/OVAL/probes/probe/probe.h:37: included_from: Included from here. openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:63: included_from: Included from here. openscap-1.4.4/src/OVAL/probes/SEAP/public/sexp-manip.h:115:26: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:327:44: note: in expansion of macro ‘SEXP_number_geti’ openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:327:44: note: in expansion of macro ‘SEXP_number_geti’ openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:327:44: note: in expansion of macro ‘SEXP_number_geti’ openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:327:44: note: in expansion of macro ‘SEXP_number_geti’ # 113| * The size of the integer may be architecture dependent. # 114| */ # 115|-> #define SEXP_number_geti SEXP_number_geti_32 # 116| # 117| /** Error: GCC_ANALYZER_WARNING (CWE-401): [#def85] openscap-1.4.4/src/OVAL/probes/independent/environmentvariable58_probe.c: scope_hint: In function ‘read_environment’ openscap-1.4.4/src/OVAL/probes/independent/environmentvariable58_probe.c:387:17: warning[-Wanalyzer-malloc-leak]: leak of ‘new_buffer’ # 385| } # 386| # 387|-> close(fd); # 388| } # 389| closedir(d); Error: GCC_ANALYZER_WARNING (CWE-401): [#def86] openscap-1.4.4/src/OVAL/probes/independent/system_info_probe.c:555:60: warning[-Wanalyzer-malloc-leak]: leak of ‘_get_os_release(oscap_probe_root)’ # 553| /* ovec[0] and ovec[1] - are the start and the end of the whole pattern match (=".....") # 554| * ovec[2] and ovec[3] - are start and end char positions of the capture group (.*?) */ # 555|-> ptr = strndup(os_release_data+ovec[2], ovec[3]-ovec[2]); # 556| ret = ptr; # 557| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def87] openscap-1.4.4/src/OVAL/probes/independent/system_info_probe.c:558:9: warning[-Wanalyzer-malloc-leak]: leak of ‘_get_os_release(oscap_probe_root)’ # 556| ret = ptr; # 557| } # 558|-> oscap_pcre_free(re); # 559| # 560| finish: Error: GCC_ANALYZER_WARNING (CWE-401): [#def88] openscap-1.4.4/src/OVAL/probes/independent/textfilecontent54_probe.c:194:31: warning[-Wanalyzer-malloc-leak]: leak of ‘new_buf’ # 192| SEXP_t *msg; # 193| # 194|-> msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "read(): '%s' %s.", whole_path, strerror(errno)); # 195| probe_cobj_add_msg(probe_ctx_getresult(pfd->ctx), msg); # 196| SEXP_free(msg); Error: GCC_ANALYZER_WARNING (CWE-401): [#def89] openscap-1.4.4/src/OVAL/probes/independent/textfilecontent54_probe.c:194:31: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 192| SEXP_t *msg; # 193| # 194|-> msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "read(): '%s' %s.", whole_path, strerror(errno)); # 195| probe_cobj_add_msg(probe_ctx_getresult(pfd->ctx), msg); # 196| SEXP_free(msg); Error: GCC_ANALYZER_WARNING (CWE-401): [#def90] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:230:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 228| SEXP_t *msg; # 229| msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "xmlXPathEvalExpression() error"); # 230|-> probe_cobj_add_msg(probe_ctx_getresult(pfd->ctx), msg); # 231| SEXP_free(msg); # 232| probe_cobj_set_flag(probe_ctx_getresult(pfd->ctx), SYSCHAR_FLAG_ERROR); Error: GCC_ANALYZER_WARNING (CWE-401): [#def91] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:231:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 229| msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "xmlXPathEvalExpression() error"); # 230| probe_cobj_add_msg(probe_ctx_getresult(pfd->ctx), msg); # 231|-> SEXP_free(msg); # 232| probe_cobj_set_flag(probe_ctx_getresult(pfd->ctx), SYSCHAR_FLAG_ERROR); # 233| Error: GCC_ANALYZER_WARNING (CWE-401): [#def92] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:232:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 230| probe_cobj_add_msg(probe_ctx_getresult(pfd->ctx), msg); # 231| SEXP_free(msg); # 232|-> probe_cobj_set_flag(probe_ctx_getresult(pfd->ctx), SYSCHAR_FLAG_ERROR); # 233| # 234| ret = -3; Error: GCC_ANALYZER_WARNING (CWE-401): [#def93] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:245:16: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 243| } # 244| # 245|-> item = probe_item_create(OVAL_INDEPENDENT_XML_FILE_CONTENT, NULL, # 246| "filepath", OVAL_DATATYPE_STRING, filepath, # 247| "path", OVAL_DATATYPE_STRING, path, Error: GCC_ANALYZER_WARNING (CWE-401): [#def94] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:259:21: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 257| int b; # 258| # 259|-> b = xmlXPathCastToBoolean(xpath_obj); # 260| val = SEXP_number_newb(b); # 261| probe_item_ent_add(item, "value_of", NULL, val); Error: GCC_ANALYZER_WARNING (CWE-401): [#def95] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:260:23: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 258| # 259| b = xmlXPathCastToBoolean(xpath_obj); # 260|-> val = SEXP_number_newb(b); # 261| probe_item_ent_add(item, "value_of", NULL, val); # 262| SEXP_free(val); Error: GCC_ANALYZER_WARNING (CWE-401): [#def96] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:261:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 259| b = xmlXPathCastToBoolean(xpath_obj); # 260| val = SEXP_number_newb(b); # 261|-> probe_item_ent_add(item, "value_of", NULL, val); # 262| SEXP_free(val); # 263| break; Error: GCC_ANALYZER_WARNING (CWE-401): [#def97] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:262:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 260| val = SEXP_number_newb(b); # 261| probe_item_ent_add(item, "value_of", NULL, val); # 262|-> SEXP_free(val); # 263| break; # 264| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def98] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:270:21: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 268| double d; # 269| # 270|-> d = xmlXPathCastToNumber(xpath_obj); # 271| val = SEXP_number_newi_32(d); # 272| probe_item_ent_add(item, "value_of", NULL, val); Error: GCC_ANALYZER_WARNING (CWE-401): [#def99] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:271:23: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 269| # 270| d = xmlXPathCastToNumber(xpath_obj); # 271|-> val = SEXP_number_newi_32(d); # 272| probe_item_ent_add(item, "value_of", NULL, val); # 273| SEXP_free(val); Error: GCC_ANALYZER_WARNING (CWE-401): [#def100] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:272:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 270| d = xmlXPathCastToNumber(xpath_obj); # 271| val = SEXP_number_newi_32(d); # 272|-> probe_item_ent_add(item, "value_of", NULL, val); # 273| SEXP_free(val); # 274| break; Error: GCC_ANALYZER_WARNING (CWE-401): [#def101] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:273:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 271| val = SEXP_number_newi_32(d); # 272| probe_item_ent_add(item, "value_of", NULL, val); # 273|-> SEXP_free(val); # 274| break; # 275| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def102] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:281:30: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 279| char *s; # 280| # 281|-> s = (char *) xmlXPathCastToString(xpath_obj); # 282| val = SEXP_string_newf("%s", s); # 283| xmlFree(s); Error: GCC_ANALYZER_WARNING (CWE-401): [#def103] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:282:23: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 280| # 281| s = (char *) xmlXPathCastToString(xpath_obj); # 282|-> val = SEXP_string_newf("%s", s); # 283| xmlFree(s); # 284| probe_item_ent_add(item, "value_of", NULL, val); Error: GCC_ANALYZER_WARNING (CWE-401): [#def104] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:283:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 281| s = (char *) xmlXPathCastToString(xpath_obj); # 282| val = SEXP_string_newf("%s", s); # 283|-> xmlFree(s); # 284| probe_item_ent_add(item, "value_of", NULL, val); # 285| SEXP_free(val); Error: GCC_ANALYZER_WARNING (CWE-401): [#def105] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:284:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 282| val = SEXP_string_newf("%s", s); # 283| xmlFree(s); # 284|-> probe_item_ent_add(item, "value_of", NULL, val); # 285| SEXP_free(val); # 286| break; Error: GCC_ANALYZER_WARNING (CWE-401): [#def106] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:285:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 283| xmlFree(s); # 284| probe_item_ent_add(item, "value_of", NULL, val); # 285|-> SEXP_free(val); # 286| break; # 287| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def107] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:315:49: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 313| xmlChar *value; # 314| # 315|-> value = xmlNodeGetContent(cur_node); # 316| probe_item_ent_add(item, "value_of", NULL, # 317| r0 = SEXP_string_newf ("%s", (char *) value)); Error: GCC_ANALYZER_WARNING (CWE-401): [#def108] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:316:41: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 314| # 315| value = xmlNodeGetContent(cur_node); # 316|-> probe_item_ent_add(item, "value_of", NULL, # 317| r0 = SEXP_string_newf ("%s", (char *) value)); # 318| xmlFree(value); Error: GCC_ANALYZER_WARNING (CWE-401): [#def109] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:317:65: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 315| value = xmlNodeGetContent(cur_node); # 316| probe_item_ent_add(item, "value_of", NULL, # 317|-> r0 = SEXP_string_newf ("%s", (char *) value)); # 318| xmlFree(value); # 319| SEXP_free (r0); Error: GCC_ANALYZER_WARNING (CWE-401): [#def110] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:318:41: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 316| probe_item_ent_add(item, "value_of", NULL, # 317| r0 = SEXP_string_newf ("%s", (char *) value)); # 318|-> xmlFree(value); # 319| SEXP_free (r0); # 320| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def111] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:319:41: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 317| r0 = SEXP_string_newf ("%s", (char *) value)); # 318| xmlFree(value); # 319|-> SEXP_free (r0); # 320| } # 321| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def112] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:326:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 324| } # 325| default: # 326|-> probe_item_setstatus(item, SYSCHAR_STATUS_DOES_NOT_EXIST); # 327| break; # 328| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def113] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:330:9: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 328| } # 329| # 330|-> probe_item_collect(pfd->ctx, item); # 331| item = NULL; # 332| cleanup: Error: GCC_ANALYZER_WARNING (CWE-401): [#def114] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:334:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 332| cleanup: # 333| if (item != NULL) # 334|-> SEXP_free(item); # 335| if (xpath_obj != NULL) # 336| xmlXPathFreeObject(xpath_obj); Error: GCC_ANALYZER_WARNING (CWE-401): [#def115] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:336:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 334| SEXP_free(item); # 335| if (xpath_obj != NULL) # 336|-> xmlXPathFreeObject(xpath_obj); # 337| if (xpath_ctx != NULL) # 338| xmlXPathFreeContext(xpath_ctx); Error: GCC_ANALYZER_WARNING (CWE-401): [#def116] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:338:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 336| xmlXPathFreeObject(xpath_obj); # 337| if (xpath_ctx != NULL) # 338|-> xmlXPathFreeContext(xpath_ctx); # 339| if (doc != NULL) # 340| xmlFreeDoc(doc); Error: GCC_ANALYZER_WARNING (CWE-401): [#def117] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:340:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 338| xmlXPathFreeContext(xpath_ctx); # 339| if (doc != NULL) # 340|-> xmlFreeDoc(doc); # 341| if (doc_no_ns != NULL) # 342| xmlFreeDoc(doc_no_ns); Error: GCC_ANALYZER_WARNING (CWE-401): [#def118] openscap-1.4.4/src/OVAL/probes/independent/xmlfilecontent_probe.c:342:17: warning[-Wanalyzer-malloc-leak]: leak of ‘whole_path’ # 340| xmlFreeDoc(doc); # 341| if (doc_no_ns != NULL) # 342|-> xmlFreeDoc(doc_no_ns); # 343| if (whole_path != NULL) # 344| free(whole_path); Error: GCC_ANALYZER_WARNING (CWE-401): [#def119] openscap-1.4.4/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c: scope_hint: In function ‘inetlisteningservers_probe_main’ openscap-1.4.4/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c:566:29: warning[-Wanalyzer-malloc-leak]: leak of ‘req’ # 564| memset(req, 0, sizeof(*req)); # 565| # 566|-> req->protocol_ent = probe_obj_getent(object, "protocol", 1); # 567| if (req->protocol_ent == NULL) { # 568| err = PROBE_ENOVAL; Error: GCC_ANALYZER_WARNING (CWE-401): [#def120] openscap-1.4.4/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c:572:34: warning[-Wanalyzer-malloc-leak]: leak of ‘req’ # 570| } # 571| # 572|-> req->local_address_ent = probe_obj_getent(object, "local_address", 1); # 573| if (req->local_address_ent == NULL) { # 574| err = PROBE_ENOVAL; Error: GCC_ANALYZER_WARNING (CWE-401): [#def121] openscap-1.4.4/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c:578:31: warning[-Wanalyzer-malloc-leak]: leak of ‘req’ # 576| } # 577| # 578|-> req->local_port_ent = probe_obj_getent(object, "local_port", 1); # 579| if (req->local_port_ent == NULL) { # 580| err = PROBE_ENOVAL; Error: GCC_ANALYZER_WARNING (CWE-401): [#def122] openscap-1.4.4/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c:589:23: warning[-Wanalyzer-malloc-leak]: leak of ‘req’ openscap-1.4.4/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c: scope_hint: In function ‘inetlisteningservers_probe_main’ # 587| SEXP_t *msg; # 588| # 589|-> msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "Permission error."); # 590| probe_cobj_add_msg(probe_ctx_getresult(ctx), msg); # 591| SEXP_free(msg); Error: GCC_ANALYZER_WARNING (CWE-401): [#def123] openscap-1.4.4/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c:590:17: warning[-Wanalyzer-malloc-leak]: leak of ‘req’ openscap-1.4.4/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c: scope_hint: In function ‘inetlisteningservers_probe_main’ # 588| # 589| msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "Permission error."); # 590|-> probe_cobj_add_msg(probe_ctx_getresult(ctx), msg); # 591| SEXP_free(msg); # 592| probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR); Error: GCC_ANALYZER_WARNING (CWE-401): [#def124] openscap-1.4.4/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c:591:17: warning[-Wanalyzer-malloc-leak]: leak of ‘req’ # 589| msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "Permission error."); # 590| probe_cobj_add_msg(probe_ctx_getresult(ctx), msg); # 591|-> SEXP_free(msg); # 592| probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR); # 593| Error: GCC_ANALYZER_WARNING (CWE-401): [#def125] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:324:21: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ # 322| } # 323| # 324|-> mnt_opval = probe_ent_getattrval(mnt_entity, "operation"); # 325| # 326| if (mnt_opval != NULL) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def126] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:328:17: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:327:44: note: in expansion of macro ‘SEXP_number_geti’ # 326| if (mnt_opval != NULL) { # 327| mnt_op = (oval_operation_t)SEXP_number_geti(mnt_opval); # 328|-> SEXP_free(mnt_opval); # 329| } else # 330| mnt_op = OVAL_OPERATION_EQUALS; Error: GCC_ANALYZER_WARNING (CWE-401): [#def127] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:332:22: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ # 330| mnt_op = OVAL_OPERATION_EQUALS; # 331| # 332|-> mnt_entval = probe_ent_getval(mnt_entity); # 333| # 334| if (!SEXP_stringp(mnt_entval)) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def128] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:334:14: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ # 332| mnt_entval = probe_ent_getval(mnt_entity); # 333| # 334|-> if (!SEXP_stringp(mnt_entval)) { # 335| SEXP_free(mnt_entval); # 336| SEXP_free(mnt_entity); Error: GCC_ANALYZER_WARNING (CWE-401): [#def129] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:335:17: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ # 333| # 334| if (!SEXP_stringp(mnt_entval)) { # 335|-> SEXP_free(mnt_entval); # 336| SEXP_free(mnt_entity); # 337| fclose(mnt_fp); Error: GCC_ANALYZER_WARNING (CWE-401): [#def130] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:336:17: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ # 334| if (!SEXP_stringp(mnt_entval)) { # 335| SEXP_free(mnt_entval); # 336|-> SEXP_free(mnt_entity); # 337| fclose(mnt_fp); # 338| return (PROBE_EINVAL); Error: GCC_ANALYZER_WARNING (CWE-401): [#def131] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:341:9: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ # 339| } # 340| # 341|-> SEXP_string_cstr_r(mnt_entval, mnt_path, sizeof mnt_path); # 342| SEXP_free(mnt_entval); # 343| SEXP_free(mnt_entity); Error: GCC_ANALYZER_WARNING (CWE-401): [#def132] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:342:9: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ # 340| # 341| SEXP_string_cstr_r(mnt_entval, mnt_path, sizeof mnt_path); # 342|-> SEXP_free(mnt_entval); # 343| SEXP_free(mnt_entity); # 344| Error: GCC_ANALYZER_WARNING (CWE-401): [#def133] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:343:9: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ # 341| SEXP_string_cstr_r(mnt_entval, mnt_path, sizeof mnt_path); # 342| SEXP_free(mnt_entval); # 343|-> SEXP_free(mnt_entity); # 344| # 345| if (mnt_fp != NULL) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def134] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:355:21: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ # 353| blkid_cache blkcache; # 354| # 355|-> if (blkid_get_cache(&blkcache, NULL) != 0) { # 356| endmntent(mnt_fp); # 357| return (PROBE_EUNKNOWN); Error: GCC_ANALYZER_WARNING (CWE-401): [#def135] openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:361:30: warning[-Wanalyzer-malloc-leak]: leak of ‘mnt_fp’ openscap-1.4.4/src/OVAL/probes/unix/linux/partition_probe.c:327:44: note: in expansion of macro ‘SEXP_number_geti’ # 359| #endif # 360| if (mnt_op == OVAL_OPERATION_PATTERN_MATCH) { # 361|-> re = oscap_pcre_compile(mnt_path, OSCAP_PCRE_OPTS_UTF8, &estr, &eoff); # 362| # 363| if (re == NULL) { Error: GCC_ANALYZER_WARNING (CWE-775): [#def136] openscap-1.4.4/src/SCE/sce_engine.c:543:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stderr_pipefd[0]’ # 541| // we won't read from the pipes, so close the reading fd # 542| close(stdout_pipefd[0]); # 543|-> close(stderr_pipefd[0]); # 544| # 545| // forward stdout and stderr to our custom opened pipes Error: GCC_ANALYZER_WARNING (CWE-775): [#def137] openscap-1.4.4/src/SCE/sce_engine.c:543:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stderr_pipefd[1]’ # 541| // we won't read from the pipes, so close the reading fd # 542| close(stdout_pipefd[0]); # 543|-> close(stderr_pipefd[0]); # 544| # 545| // forward stdout and stderr to our custom opened pipes Error: GCC_ANALYZER_WARNING (CWE-775): [#def138] openscap-1.4.4/src/SCE/sce_engine.c:543:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_pipefd[1]’ # 541| // we won't read from the pipes, so close the reading fd # 542| close(stdout_pipefd[0]); # 543|-> close(stderr_pipefd[0]); # 544| # 545| // forward stdout and stderr to our custom opened pipes Error: GCC_ANALYZER_WARNING (CWE-401): [#def139] openscap-1.4.4/src/SCE/sce_engine.c:543:25: warning[-Wanalyzer-malloc-leak]: leak of ‘new_env_values’ # 541| // we won't read from the pipes, so close the reading fd # 542| close(stdout_pipefd[0]); # 543|-> close(stderr_pipefd[0]); # 544| # 545| // forward stdout and stderr to our custom opened pipes Error: GCC_ANALYZER_WARNING (CWE-775): [#def140] openscap-1.4.4/src/SCE/sce_engine.c:552:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stderr_pipefd[1]’ # 550| // ones now, stdout and stderr will be closed properly after the execved # 551| // script/executable finishes # 552|-> close(stdout_pipefd[1]); # 553| close(stderr_pipefd[1]); # 554| Error: GCC_ANALYZER_WARNING (CWE-775): [#def141] openscap-1.4.4/src/SCE/sce_engine.c:552:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_pipefd[1]’ # 550| // ones now, stdout and stderr will be closed properly after the execved # 551| // script/executable finishes # 552|-> close(stdout_pipefd[1]); # 553| close(stderr_pipefd[1]); # 554| Error: GCC_ANALYZER_WARNING (CWE-476): [#def142] openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_status_new_fill’ openscap-1.4.4/src/XCCDF/item.c:1006:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ret’ # 1004| return NULL; # 1005| ret = calloc(1, sizeof(struct xccdf_status)); # 1006|-> if ((ret->status = oscap_string_to_enum(XCCDF_STATUS_MAP, status)) == XCCDF_STATUS_NOT_SPECIFIED) { # 1007| free(ret); # 1008| return NULL; Error: GCC_ANALYZER_WARNING (CWE-401): [#def143] openscap-1.4.4/src/XCCDF/item.c:1006:28: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’ # 1004| return NULL; # 1005| ret = calloc(1, sizeof(struct xccdf_status)); # 1006|-> if ((ret->status = oscap_string_to_enum(XCCDF_STATUS_MAP, status)) == XCCDF_STATUS_NOT_SPECIFIED) { # 1007| free(ret); # 1008| return NULL; Error: GCC_ANALYZER_WARNING (CWE-401): [#def144] openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_process_element’ openscap-1.4.4/src/XCCDF/item.c:1006:28: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_status_new_fill(oscap_element_string_copy(reader), xccdf_attribute_get(reader, 8))’ # 1004| return NULL; # 1005| ret = calloc(1, sizeof(struct xccdf_status)); # 1006|-> if ((ret->status = oscap_string_to_enum(XCCDF_STATUS_MAP, status)) == XCCDF_STATUS_NOT_SPECIFIED) { # 1007| free(ret); # 1008| return NULL; Error: GCC_ANALYZER_WARNING (CWE-401): [#def145] openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_status_new_fill’ openscap-1.4.4/src/XCCDF/item.c:1010:21: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’ # 1008| return NULL; # 1009| } # 1010|-> ret->date = oscap_get_date(date); # 1011| return ret; # 1012| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def146] openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_model_clone’ openscap-1.4.4/src/XCCDF/item.c:1060:27: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new_model’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_model_clone’ # 1058| { # 1059| struct xccdf_model *new_model = calloc(1, sizeof(struct xccdf_model)); # 1060|-> new_model->system = oscap_strdup(old_model->system); # 1061| # 1062| //params maps char * to char * so we will need to oscap_strdup the items. Error: GCC_ANALYZER_WARNING (CWE-401): [#def147] openscap-1.4.4/src/XCCDF/item.c:1063:29: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_model_clone’ # 1061| # 1062| //params maps char * to char * so we will need to oscap_strdup the items. # 1063|-> new_model->params = oscap_htable_clone(old_model->params, (oscap_clone_func) oscap_strdup); # 1064| //new_model->params = NULL; # 1065| return new_model; Error: GCC_ANALYZER_WARNING (CWE-401): [#def148] openscap-1.4.4/src/XCCDF/item.c:1063:29: warning[-Wanalyzer-malloc-leak]: leak of ‘new_model’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_model_clone’ # 1061| # 1062| //params maps char * to char * so we will need to oscap_strdup the items. # 1063|-> new_model->params = oscap_htable_clone(old_model->params, (oscap_clone_func) oscap_strdup); # 1064| //new_model->params = NULL; # 1065| return new_model; Error: GCC_ANALYZER_WARNING (CWE-476): [#def149] openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_model_new’ openscap-1.4.4/src/XCCDF/item.c:1071:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘model’ # 1069| { # 1070| struct xccdf_model *model = calloc(1, sizeof(struct xccdf_model)); # 1071|-> model->params = oscap_htable_new(); # 1072| return model; # 1073| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def150] openscap-1.4.4/src/XCCDF/item.c:1071:21: warning[-Wanalyzer-malloc-leak]: leak of ‘model’ # 1069| { # 1070| struct xccdf_model *model = calloc(1, sizeof(struct xccdf_model)); # 1071|-> model->params = oscap_htable_new(); # 1072| return model; # 1073| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def151] openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_model_new_xml’ openscap-1.4.4/src/XCCDF/item.c:1085:25: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_model_new()’ # 1083| # 1084| model = xccdf_model_new(); # 1085|-> model->system = xccdf_attribute_copy(reader, XCCDFA_SYSTEM); # 1086| # 1087| while (oscap_to_start_element(reader, depth)) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def152] openscap-1.4.4/src/XCCDF/item.c:1087:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_model_new()’ # 1085| model->system = xccdf_attribute_copy(reader, XCCDFA_SYSTEM); # 1086| # 1087|-> while (oscap_to_start_element(reader, depth)) { # 1088| if (xccdf_element_get(reader) == XCCDFE_PARAM) { # 1089| const char *name = xccdf_attribute_get(reader, XCCDFA_NAME); Error: GCC_ANALYZER_WARNING (CWE-401): [#def153] openscap-1.4.4/src/XCCDF/item.c:1088:21: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_model_new()’ # 1086| # 1087| while (oscap_to_start_element(reader, depth)) { # 1088|-> if (xccdf_element_get(reader) == XCCDFE_PARAM) { # 1089| const char *name = xccdf_attribute_get(reader, XCCDFA_NAME); # 1090| char *value = oscap_element_string_copy(reader); Error: GCC_ANALYZER_WARNING (CWE-401): [#def154] openscap-1.4.4/src/XCCDF/item.c:1089:44: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_model_new()’ # 1087| while (oscap_to_start_element(reader, depth)) { # 1088| if (xccdf_element_get(reader) == XCCDFE_PARAM) { # 1089|-> const char *name = xccdf_attribute_get(reader, XCCDFA_NAME); # 1090| char *value = oscap_element_string_copy(reader); # 1091| if (!name || !value || !oscap_htable_add(model->params, name, value)) Error: GCC_ANALYZER_WARNING (CWE-401): [#def155] openscap-1.4.4/src/XCCDF/item.c:1090:39: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_model_new()’ # 1088| if (xccdf_element_get(reader) == XCCDFE_PARAM) { # 1089| const char *name = xccdf_attribute_get(reader, XCCDFA_NAME); # 1090|-> char *value = oscap_element_string_copy(reader); # 1091| if (!name || !value || !oscap_htable_add(model->params, name, value)) # 1092| free(value); Error: GCC_ANALYZER_WARNING (CWE-401): [#def156] openscap-1.4.4/src/XCCDF/item.c:1091:29: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_model_new()’ # 1089| const char *name = xccdf_attribute_get(reader, XCCDFA_NAME); # 1090| char *value = oscap_element_string_copy(reader); # 1091|-> if (!name || !value || !oscap_htable_add(model->params, name, value)) # 1092| free(value); # 1093| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def157] openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_warning_new’ openscap-1.4.4/src/XCCDF/item.c:1119:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘w’ # 1117| { # 1118| struct xccdf_warning *w = calloc(1, sizeof(struct xccdf_warning)); # 1119|-> w->category = XCCDF_WARNING_GENERAL; # 1120| return w; # 1121| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def158] openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_warning_new_parse’ openscap-1.4.4/src/XCCDF/item.c:1126:19: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_warning_new()’ # 1124| { # 1125| struct xccdf_warning *w = xccdf_warning_new(); # 1126|-> w->category = oscap_string_to_enum(XCCDF_WARNING_MAP, xccdf_attribute_get(reader, XCCDFA_CATEGORY)); # 1127| w->text = oscap_text_new_parse(XCCDF_TEXT_HTMLSUB, reader); # 1128| return w; Error: GCC_ANALYZER_WARNING (CWE-401): [#def159] openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_item_process_element’ openscap-1.4.4/src/XCCDF/item.c:1126:19: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_warning_new_parse(reader)’ # 1124| { # 1125| struct xccdf_warning *w = xccdf_warning_new(); # 1126|-> w->category = oscap_string_to_enum(XCCDF_WARNING_MAP, xccdf_attribute_get(reader, XCCDFA_CATEGORY)); # 1127| w->text = oscap_text_new_parse(XCCDF_TEXT_HTMLSUB, reader); # 1128| return w; Error: GCC_ANALYZER_WARNING (CWE-476): [#def160] openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_value_instance_clone’ openscap-1.4.4/src/XCCDF/item.c:1217:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’ # 1215| { # 1216| struct xccdf_value_instance * clone = calloc(1, sizeof(struct xccdf_value_instance)); # 1217|-> clone->type = val->type; # 1218| # 1219| clone->value = oscap_strdup(val->value); Error: GCC_ANALYZER_WARNING (CWE-401): [#def161] openscap-1.4.4/src/XCCDF/item.c:1221:22: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_value_instance_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_value_instance_clone’ # 1219| clone->value = oscap_strdup(val->value); # 1220| clone->defval = oscap_strdup(val->defval); # 1221|-> clone->choices = oscap_list_clone(val->choices, (oscap_clone_func) oscap_strdup); # 1222| clone->match = oscap_strdup(val->match); # 1223| clone->lower_bound = val->lower_bound; Error: GCC_ANALYZER_WARNING (CWE-401): [#def162] openscap-1.4.4/src/XCCDF/item.c:1221:22: warning[-Wanalyzer-malloc-leak]: leak of ‘clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_value_instance_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_value_instance_clone’ # 1219| clone->value = oscap_strdup(val->value); # 1220| clone->defval = oscap_strdup(val->defval); # 1221|-> clone->choices = oscap_list_clone(val->choices, (oscap_clone_func) oscap_strdup); # 1222| clone->match = oscap_strdup(val->match); # 1223| clone->lower_bound = val->lower_bound; Error: GCC_ANALYZER_WARNING (CWE-401): [#def163] openscap-1.4.4/src/XCCDF/item.c:1227:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_value_instance_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_value_instance_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_value_instance_clone’ # 1225| # 1226| clone->flags = val->flags; # 1227|-> xccdf_value_instance_set_selector(clone, xccdf_value_instance_get_selector(val)); # 1228| return clone; # 1229| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def164] openscap-1.4.4/src/XCCDF/item.c:1227:9: warning[-Wanalyzer-malloc-leak]: leak of ‘clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_value_instance_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_value_instance_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_value_instance_clone’ # 1225| # 1226| clone->flags = val->flags; # 1227|-> xccdf_value_instance_set_selector(clone, xccdf_value_instance_get_selector(val)); # 1228| return clone; # 1229| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def165] openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_identity_clone’ openscap-1.4.4/src/XCCDF/item.c:1248:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_identity_clone’ # 1246| clone->sub.authenticated = identity->sub.authenticated; # 1247| clone->sub.privileged = identity->sub.privileged; # 1248|-> clone->name = oscap_strdup(identity->name); # 1249| return clone; # 1250| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def166] openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_target_fact_clone’ openscap-1.4.4/src/XCCDF/item.c:1255:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’ # 1253| { # 1254| struct xccdf_target_fact * clone = calloc(1, sizeof(struct xccdf_target_fact)); # 1255|-> clone->type = tf->type; # 1256| clone->name = oscap_strdup(tf->name); # 1257| clone->value = oscap_strdup(tf->value); Error: GCC_ANALYZER_WARNING (CWE-476): [#def167] openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_override_clone’ openscap-1.4.4/src/XCCDF/item.c:1264:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’ # 1262| { # 1263| struct xccdf_override * clone = calloc(1, sizeof(struct xccdf_override)); # 1264|-> clone->time = override->time; # 1265| clone->authority = oscap_strdup(clone->authority); # 1266| clone->old_result = override->old_result; Error: GCC_ANALYZER_WARNING (CWE-401): [#def168] openscap-1.4.4/src/XCCDF/item.c:1268:25: warning[-Wanalyzer-malloc-leak]: leak of ‘clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_override_clone’ # 1266| clone->old_result = override->old_result; # 1267| clone->new_result = override->new_result; # 1268|-> clone->remark = oscap_text_clone(override->remark); # 1269| return clone; # 1270| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def169] openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_message_clone’ openscap-1.4.4/src/XCCDF/item.c:1275:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_message_clone’ # 1273| { # 1274| struct xccdf_message * clone = calloc(1, sizeof(struct xccdf_message)); # 1275|-> clone->content = oscap_strdup(message->content); # 1276| clone->severity = message->severity; # 1277| return clone; Error: GCC_ANALYZER_WARNING (CWE-476): [#def170] openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_instance_clone’ openscap-1.4.4/src/XCCDF/item.c:1283:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_instance_clone’ # 1281| { # 1282| struct xccdf_instance * clone = calloc(1, sizeof(struct xccdf_instance)); # 1283|-> clone->context = oscap_strdup(instance->context); # 1284| clone->parent_context = oscap_strdup(instance->parent_context); # 1285| clone->content = oscap_strdup(instance->content); Error: GCC_ANALYZER_WARNING (CWE-476): [#def171] openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c:1292:22: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ # 1290| { # 1291| struct xccdf_rule_result * clone = calloc(1, sizeof(struct xccdf_rule_result)); # 1292|-> clone->idref = oscap_strdup(result->idref); # 1293| clone->role = result->role; # 1294| clone->time = oscap_strdup(result->time); Error: GCC_ANALYZER_WARNING (CWE-401): [#def172] openscap-1.4.4/src/XCCDF/item.c:1299:28: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ # 1297| clone->result = result->result; # 1298| clone->version = oscap_strdup(result->version); # 1299|-> clone->overrides = oscap_list_clone(result->overrides, (oscap_clone_func) xccdf_override_clone); # 1300| clone->idents = oscap_list_clone(result->idents, (oscap_clone_func) xccdf_ident_clone); # 1301| clone->messages = oscap_list_clone(result->messages, (oscap_clone_func) xccdf_message_clone); Error: GCC_ANALYZER_WARNING (CWE-401): [#def173] openscap-1.4.4/src/XCCDF/item.c:1299:28: warning[-Wanalyzer-malloc-leak]: leak of ‘clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ # 1297| clone->result = result->result; # 1298| clone->version = oscap_strdup(result->version); # 1299|-> clone->overrides = oscap_list_clone(result->overrides, (oscap_clone_func) xccdf_override_clone); # 1300| clone->idents = oscap_list_clone(result->idents, (oscap_clone_func) xccdf_ident_clone); # 1301| clone->messages = oscap_list_clone(result->messages, (oscap_clone_func) xccdf_message_clone); Error: GCC_ANALYZER_WARNING (CWE-401): [#def174] openscap-1.4.4/src/XCCDF/item.c:1300:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ # 1298| clone->version = oscap_strdup(result->version); # 1299| clone->overrides = oscap_list_clone(result->overrides, (oscap_clone_func) xccdf_override_clone); # 1300|-> clone->idents = oscap_list_clone(result->idents, (oscap_clone_func) xccdf_ident_clone); # 1301| clone->messages = oscap_list_clone(result->messages, (oscap_clone_func) xccdf_message_clone); # 1302| clone->instances = oscap_list_clone(result->instances, (oscap_clone_func) xccdf_instance_clone); Error: GCC_ANALYZER_WARNING (CWE-401): [#def175] openscap-1.4.4/src/XCCDF/item.c:1300:25: warning[-Wanalyzer-malloc-leak]: leak of ‘clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ # 1298| clone->version = oscap_strdup(result->version); # 1299| clone->overrides = oscap_list_clone(result->overrides, (oscap_clone_func) xccdf_override_clone); # 1300|-> clone->idents = oscap_list_clone(result->idents, (oscap_clone_func) xccdf_ident_clone); # 1301| clone->messages = oscap_list_clone(result->messages, (oscap_clone_func) xccdf_message_clone); # 1302| clone->instances = oscap_list_clone(result->instances, (oscap_clone_func) xccdf_instance_clone); Error: GCC_ANALYZER_WARNING (CWE-401): [#def176] openscap-1.4.4/src/XCCDF/item.c:1301:27: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ # 1299| clone->overrides = oscap_list_clone(result->overrides, (oscap_clone_func) xccdf_override_clone); # 1300| clone->idents = oscap_list_clone(result->idents, (oscap_clone_func) xccdf_ident_clone); # 1301|-> clone->messages = oscap_list_clone(result->messages, (oscap_clone_func) xccdf_message_clone); # 1302| clone->instances = oscap_list_clone(result->instances, (oscap_clone_func) xccdf_instance_clone); # 1303| clone->fixes = oscap_list_clone(result->fixes, (oscap_clone_func) xccdf_fix_clone); Error: GCC_ANALYZER_WARNING (CWE-401): [#def177] openscap-1.4.4/src/XCCDF/item.c:1301:27: warning[-Wanalyzer-malloc-leak]: leak of ‘clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ # 1299| clone->overrides = oscap_list_clone(result->overrides, (oscap_clone_func) xccdf_override_clone); # 1300| clone->idents = oscap_list_clone(result->idents, (oscap_clone_func) xccdf_ident_clone); # 1301|-> clone->messages = oscap_list_clone(result->messages, (oscap_clone_func) xccdf_message_clone); # 1302| clone->instances = oscap_list_clone(result->instances, (oscap_clone_func) xccdf_instance_clone); # 1303| clone->fixes = oscap_list_clone(result->fixes, (oscap_clone_func) xccdf_fix_clone); Error: GCC_ANALYZER_WARNING (CWE-401): [#def178] openscap-1.4.4/src/XCCDF/item.c:1302:28: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ # 1300| clone->idents = oscap_list_clone(result->idents, (oscap_clone_func) xccdf_ident_clone); # 1301| clone->messages = oscap_list_clone(result->messages, (oscap_clone_func) xccdf_message_clone); # 1302|-> clone->instances = oscap_list_clone(result->instances, (oscap_clone_func) xccdf_instance_clone); # 1303| clone->fixes = oscap_list_clone(result->fixes, (oscap_clone_func) xccdf_fix_clone); # 1304| clone->checks = oscap_list_clone(result->checks, (oscap_clone_func) xccdf_check_clone); Error: GCC_ANALYZER_WARNING (CWE-401): [#def179] openscap-1.4.4/src/XCCDF/item.c:1302:28: warning[-Wanalyzer-malloc-leak]: leak of ‘clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ # 1300| clone->idents = oscap_list_clone(result->idents, (oscap_clone_func) xccdf_ident_clone); # 1301| clone->messages = oscap_list_clone(result->messages, (oscap_clone_func) xccdf_message_clone); # 1302|-> clone->instances = oscap_list_clone(result->instances, (oscap_clone_func) xccdf_instance_clone); # 1303| clone->fixes = oscap_list_clone(result->fixes, (oscap_clone_func) xccdf_fix_clone); # 1304| clone->checks = oscap_list_clone(result->checks, (oscap_clone_func) xccdf_check_clone); Error: GCC_ANALYZER_WARNING (CWE-401): [#def180] openscap-1.4.4/src/XCCDF/item.c:1303:24: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ # 1301| clone->messages = oscap_list_clone(result->messages, (oscap_clone_func) xccdf_message_clone); # 1302| clone->instances = oscap_list_clone(result->instances, (oscap_clone_func) xccdf_instance_clone); # 1303|-> clone->fixes = oscap_list_clone(result->fixes, (oscap_clone_func) xccdf_fix_clone); # 1304| clone->checks = oscap_list_clone(result->checks, (oscap_clone_func) xccdf_check_clone); # 1305| return clone; Error: GCC_ANALYZER_WARNING (CWE-401): [#def181] openscap-1.4.4/src/XCCDF/item.c:1303:24: warning[-Wanalyzer-malloc-leak]: leak of ‘clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ # 1301| clone->messages = oscap_list_clone(result->messages, (oscap_clone_func) xccdf_message_clone); # 1302| clone->instances = oscap_list_clone(result->instances, (oscap_clone_func) xccdf_instance_clone); # 1303|-> clone->fixes = oscap_list_clone(result->fixes, (oscap_clone_func) xccdf_fix_clone); # 1304| clone->checks = oscap_list_clone(result->checks, (oscap_clone_func) xccdf_check_clone); # 1305| return clone; Error: GCC_ANALYZER_WARNING (CWE-401): [#def182] openscap-1.4.4/src/XCCDF/item.c:1304:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ # 1302| clone->instances = oscap_list_clone(result->instances, (oscap_clone_func) xccdf_instance_clone); # 1303| clone->fixes = oscap_list_clone(result->fixes, (oscap_clone_func) xccdf_fix_clone); # 1304|-> clone->checks = oscap_list_clone(result->checks, (oscap_clone_func) xccdf_check_clone); # 1305| return clone; # 1306| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def183] openscap-1.4.4/src/XCCDF/item.c:1304:25: warning[-Wanalyzer-malloc-leak]: leak of ‘clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_rule_result_clone’ # 1302| clone->instances = oscap_list_clone(result->instances, (oscap_clone_func) xccdf_instance_clone); # 1303| clone->fixes = oscap_list_clone(result->fixes, (oscap_clone_func) xccdf_fix_clone); # 1304|-> clone->checks = oscap_list_clone(result->checks, (oscap_clone_func) xccdf_check_clone); # 1305| return clone; # 1306| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def184] openscap-1.4.4/src/XCCDF/item.c: scope_hint: In function ‘xccdf_score_clone’ openscap-1.4.4/src/XCCDF/item.c:1311:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘clone’ # 1309| { # 1310| struct xccdf_score * clone = calloc(1, sizeof(struct xccdf_score)); # 1311|-> clone->maximum = score->maximum; # 1312| clone->score = score->score; # 1313| clone->system = oscap_strdup(score->system); Error: GCC_ANALYZER_WARNING (CWE-401): [#def185] openscap-1.4.4/src/XCCDF/tailoring.c:191:51: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/tailoring.c:126:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’ openscap-1.4.4/src/XCCDF/tailoring.c: scope_hint: In function ‘xccdf_tailoring_parse’ # 189| dI("Parsing Tailoring Profiles without reference to Benchmark"); # 190| } # 191|-> struct xccdf_item *item = xccdf_profile_parse(reader, benchmark); # 192| if (!xccdf_tailoring_add_profile(tailoring, XPROFILE(item))) { # 193| dW("Failed to add profile to tailoring while parsing!"); Error: GCC_ANALYZER_WARNING (CWE-401): [#def186] openscap-1.4.4/src/XCCDF/tailoring.c:201:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ openscap-1.4.4/src/XCCDF/tailoring.c:126:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’ openscap-1.4.4/src/XCCDF/tailoring.c: scope_hint: In function ‘xccdf_tailoring_parse’ # 199| xmlTextReaderConstLocalName(reader)); # 200| } # 201|-> xmlTextReaderRead(reader); # 202| } # 203| Error: GCC_ANALYZER_WARNING (CWE-401): [#def187] openscap-1.4.4/src/XCCDF/tailoring.c:399:22: warning[-Wanalyzer-malloc-leak]: leak of ‘xccdf_tailoring_new()’ openscap-1.4.4/src/XCCDF/tailoring.c:126:9: note: in expansion of macro ‘XCCDF_ASSERT_ELEMENT’ openscap-1.4.4/src/XCCDF/tailoring.c: scope_hint: In function ‘xccdf_tailoring_parse’ # 397| bool xccdf_tailoring_set_id(struct xccdf_tailoring *tailoring, const char* newval) # 398| { # 399|-> if (tailoring->id) # 400| free(tailoring->id); # 401| Error: GCC_ANALYZER_WARNING (CWE-401): [#def188] openscap-1.4.4/src/common/debug_priv.h:47:37: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’ openscap-1.4.4/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’ openscap-1.4.4/src/common/debug_priv.h:63:17: note: in expansion of macro ‘oscap_dlprintf’ openscap-1.4.4/src/OVAL/probes/independent/textfilecontent54_probe.c:185:25: note: in expansion of macro ‘dE’ openscap-1.4.4/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’ openscap-1.4.4/src/common/debug_priv.h:63:17: note: in expansion of macro ‘oscap_dlprintf’ openscap-1.4.4/src/OVAL/probes/independent/textfilecontent54_probe.c:185:25: note: in expansion of macro ‘dE’ openscap-1.4.4/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’ openscap-1.4.4/src/common/debug_priv.h:63:17: note: in expansion of macro ‘oscap_dlprintf’ openscap-1.4.4/src/OVAL/probes/independent/textfilecontent54_probe.c:185:25: note: in expansion of macro ‘dE’ openscap-1.4.4/src/common/debug_priv.h:54:33: note: in expansion of macro ‘__dlprintf_wrapper’ openscap-1.4.4/src/common/debug_priv.h:63:17: note: in expansion of macro ‘oscap_dlprintf’ openscap-1.4.4/src/OVAL/probes/independent/textfilecontent54_probe.c:185:25: note: in expansion of macro ‘dE’ # 45| # 46| # 47|-> # define __dlprintf_wrapper(l, ...) __oscap_dlprintf (l, __FILE__, __PRETTY_FUNCTION__, __LINE__, 0, __VA_ARGS__) # 48| # 49| /**
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.92.0 |
| diffbase-analyzer-version-cppcheck | 2.19.1 |
| diffbase-analyzer-version-gcc | 16.0.0 |
| diffbase-analyzer-version-gcc-analyzer | 16.0.0 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-58.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | openscap-1.4.4-0.20260112115410058871.main.21.g7a61a088a |
| diffbase-store-results-to | /tmp/tmpruhofjay/openscap-1.4.4-0.20260112115410058871.main.21.g7a61a088a.tar.xz |
| diffbase-time-created | 2026-01-12 22:39:23 |
| diffbase-time-finished | 2026-01-12 22:52:36 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpruhofjay/openscap-1.4.4-0.20260112115410058871.main.21.g7a61a088a.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmpruhofjay/openscap-1.4.4-0.20260112115410058871.main.21.g7a61a088a.src.rpm' |
| diffbase-tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-58.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | openscap-1.4.4-0.20260112223423265091.pr2299.25.gdd55e30e3 |
| store-results-to | /tmp/tmp19jqabz3/openscap-1.4.4-0.20260112223423265091.pr2299.25.gdd55e30e3.tar.xz |
| time-created | 2026-01-12 22:53:09 |
| time-finished | 2026-01-12 23:07:33 |
| title | Newly introduced findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmp19jqabz3/openscap-1.4.4-0.20260112223423265091.pr2299.25.gdd55e30e3.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmp19jqabz3/openscap-1.4.4-0.20260112223423265091.pr2299.25.gdd55e30e3.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |