Task #95 - libgcrypt-1.10.3-4.fc41/scan-results.err
back to task #95download
Error: SHELLCHECK_WARNING (CWE-563):
/usr/bin/libgcrypt-config:78:6: warning[SC2034]: optarg appears unused. Verify use (or export if used externally).
# 76| ;;
# 77| *)
# 78|-> optarg=""
# 79| ;;
# 80| esac
Error: GCC_ANALYZER_WARNING (CWE-476):
libgcrypt-1.10.3/cipher/bithelp.h:72:25: warning[-Wanalyzer-null-dereference]: dereference of NULL 'src'
libgcrypt-1.10.3/cipher/bufhelp.h:138:10: note: in expansion of macro 'le_bswap32'
libgcrypt-1.10.3/cipher/cipher-ccm.c: scope_hint: In function 'buf_cpy'
libgcrypt-1.10.3/cipher/bufhelp.h:228:7: note: in expansion of macro 'buf_put_he32'
libgcrypt-1.10.3/cipher/bufhelp.h:138:10: note: in expansion of macro 'le_bswap32'
libgcrypt-1.10.3/cipher/bufhelp.h:138:10: note: in expansion of macro 'le_bswap32'
# 70| # define be_bswap64(x) ((u64)(x))
# 71| #else
# 72|-> # define le_bswap32(x) ((u32)(x))
# 73| # define be_bswap32(x) _gcry_bswap32(x)
# 74| # define le_bswap64(x) ((u64)(x))
Error: GCC_ANALYZER_WARNING (CWE-126):
libgcrypt-1.10.3/cipher/bithelp.h:72:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
libgcrypt-1.10.3/cipher/bufhelp.h:138:10: note: in expansion of macro 'le_bswap32'
libgcrypt-1.10.3/cipher/salsa20.c: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/salsa20.c: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/salsa20.c:39: included_from: Included from here.
libgcrypt-1.10.3/cipher/salsa20.c:418:7: note: in expansion of macro 'gcry_assert'
libgcrypt-1.10.3/cipher/salsa20.c: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/salsa20.c: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/salsa20.c:418:7: note: in expansion of macro 'gcry_assert'
libgcrypt-1.10.3/cipher/bufhelp.h:250:25: note: in expansion of macro 'buf_get_he64'
libgcrypt-1.10.3/cipher/bufhelp.h:168:10: note: in expansion of macro 'le_bswap64'
libgcrypt-1.10.3/cipher/bufhelp.h: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/bufhelp.h:259:25: note: in expansion of macro 'buf_get_he32'
libgcrypt-1.10.3/cipher/bufhelp.h:138:10: note: in expansion of macro 'le_bswap32'
libgcrypt-1.10.3/cipher/bufhelp.h:138:10: note: in expansion of macro 'le_bswap32'
libgcrypt-1.10.3/cipher/bithelp.h:72:25: note: read of 3 bytes from after the end of 'scratch'
libgcrypt-1.10.3/cipher/bufhelp.h:138:10: note: in expansion of macro 'le_bswap32'
libgcrypt-1.10.3/cipher/bithelp.h:72:25: note: valid subscripts for 'scratch' are '[0]' to '[8]'
libgcrypt-1.10.3/cipher/bufhelp.h:138:10: note: in expansion of macro 'le_bswap32'
# └──────────────────────────────────────┘
# ^ ^
# 70| # define be_bswap64(x) ((u64)(x))
# 71| #else
# 72|-> # define le_bswap32(x) ((u32)(x))
# 73| # define be_bswap32(x) _gcry_bswap32(x)
# 74| # define le_bswap64(x) ((u64)(x))
Error: GCC_ANALYZER_WARNING (CWE-476):
libgcrypt-1.10.3/cipher/bithelp.h:74:25: warning[-Wanalyzer-null-dereference]: dereference of NULL 'src'
libgcrypt-1.10.3/cipher/bufhelp.h:168:10: note: in expansion of macro 'le_bswap64'
libgcrypt-1.10.3/cipher/cipher-ccm.c: scope_hint: In function 'buf_cpy'
libgcrypt-1.10.3/cipher/bufhelp.h:220:7: note: in expansion of macro 'buf_put_he64'
libgcrypt-1.10.3/cipher/bufhelp.h:168:10: note: in expansion of macro 'le_bswap64'
libgcrypt-1.10.3/cipher/bufhelp.h:168:10: note: in expansion of macro 'le_bswap64'
# 72| # define le_bswap32(x) ((u32)(x))
# 73| # define be_bswap32(x) _gcry_bswap32(x)
# 74|-> # define le_bswap64(x) ((u64)(x))
# 75| # define be_bswap64(x) _gcry_bswap64(x)
# 76| #endif
Error: GCC_ANALYZER_WARNING (CWE-126):
libgcrypt-1.10.3/cipher/bithelp.h:74:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
libgcrypt-1.10.3/cipher/bufhelp.h:168:10: note: in expansion of macro 'le_bswap64'
libgcrypt-1.10.3/cipher/salsa20.c: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/salsa20.c: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/salsa20.c:418:7: note: in expansion of macro 'gcry_assert'
libgcrypt-1.10.3/cipher/salsa20.c: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/salsa20.c: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/salsa20.c:418:7: note: in expansion of macro 'gcry_assert'
libgcrypt-1.10.3/cipher/bufhelp.h:250:25: note: in expansion of macro 'buf_get_he64'
libgcrypt-1.10.3/cipher/bufhelp.h:168:10: note: in expansion of macro 'le_bswap64'
libgcrypt-1.10.3/cipher/bufhelp.h: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/bufhelp.h:250:25: note: in expansion of macro 'buf_get_he64'
libgcrypt-1.10.3/cipher/bufhelp.h:168:10: note: in expansion of macro 'le_bswap64'
libgcrypt-1.10.3/cipher/bufhelp.h:168:10: note: in expansion of macro 'le_bswap64'
libgcrypt-1.10.3/cipher/bithelp.h:74:25: note: read of 7 bytes from after the end of 'scratch'
libgcrypt-1.10.3/cipher/bufhelp.h:168:10: note: in expansion of macro 'le_bswap64'
libgcrypt-1.10.3/cipher/bithelp.h:74:25: note: valid subscripts for 'scratch' are '[0]' to '[8]'
libgcrypt-1.10.3/cipher/bufhelp.h:168:10: note: in expansion of macro 'le_bswap64'
# └────────────────────────────────────────┘
# ^ ^
# 72| # define le_bswap32(x) ((u32)(x))
# 73| # define be_bswap32(x) _gcry_bswap32(x)
# 74|-> # define le_bswap64(x) ((u64)(x))
# 75| # define be_bswap64(x) _gcry_bswap64(x)
# 76| #endif
Error: CLANG_WARNING:
libgcrypt-1.10.3/mpi/mpicoder.c:29: included_from: Included from here.
libgcrypt-1.10.3/cipher/bufhelp.h:133:21: warning[core.NullDereference]: Access to field 'a' results in a dereference of a null pointer (loaded from variable '_buf')
# 131| static inline u32 buf_get_be32(const void *_buf)
# 132| {
# 133|-> return be_bswap32(((const bufhelp_u32_t *)_buf)->a);
# 134| }
# 135|
Error: GCC_ANALYZER_WARNING (CWE-121):
libgcrypt-1.10.3/cipher/bufhelp.h:150:10: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
libgcrypt-1.10.3/cipher/salsa20.c: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/salsa20.c: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/salsa20.c:418:7: note: in expansion of macro 'gcry_assert'
libgcrypt-1.10.3/cipher/salsa20.c: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/salsa20.c: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/salsa20.c:418:7: note: in expansion of macro 'gcry_assert'
libgcrypt-1.10.3/cipher/bufhelp.h:250:25: note: in expansion of macro 'buf_get_he64'
libgcrypt-1.10.3/cipher/bufhelp.h:168:10: note: in expansion of macro 'le_bswap64'
libgcrypt-1.10.3/cipher/bufhelp.h: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/bufhelp.h:259:25: note: in expansion of macro 'buf_get_he32'
libgcrypt-1.10.3/cipher/bufhelp.h:138:10: note: in expansion of macro 'le_bswap32'
libgcrypt-1.10.3/cipher/bufhelp.h: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/bufhelp.h:259:7: note: in expansion of macro 'buf_put_he32'
libgcrypt-1.10.3/cipher/bufhelp.h:150:10: note: write of 3 bytes to beyond the end of 'scratch'
libgcrypt-1.10.3/cipher/bufhelp.h:150:10: note: valid subscripts for 'scratch' are '[0]' to '[8]'
# 148| {
# 149| bufhelp_u32_t *out = _buf;
# 150|-> out->a = le_bswap32(val);
# 151| }
# 152|
Error: CLANG_WARNING:
libgcrypt-1.10.3/mpi/mpicoder.c:29: included_from: Included from here.
libgcrypt-1.10.3/cipher/bufhelp.h:163:21: warning[core.NullDereference]: Access to field 'a' results in a dereference of a null pointer (loaded from variable '_buf')
# 161| static inline u64 buf_get_be64(const void *_buf)
# 162| {
# 163|-> return be_bswap64(((const bufhelp_u64_t *)_buf)->a);
# 164| }
# 165|
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/blake2.c:29: included_from: Included from here.
libgcrypt-1.10.3/cipher/bufhelp.h:168:3: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 166| static inline u64 buf_get_le64(const void *_buf)
# 167| {
# 168|-> return le_bswap64(((const bufhelp_u64_t *)_buf)->a);
# 169| }
# 170|
Error: GCC_ANALYZER_WARNING (CWE-121):
libgcrypt-1.10.3/cipher/bufhelp.h:180:10: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
libgcrypt-1.10.3/cipher/salsa20.c: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/salsa20.c: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/salsa20.c:418:7: note: in expansion of macro 'gcry_assert'
libgcrypt-1.10.3/cipher/salsa20.c: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/salsa20.c: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/salsa20.c:418:7: note: in expansion of macro 'gcry_assert'
libgcrypt-1.10.3/cipher/bufhelp.h:250:25: note: in expansion of macro 'buf_get_he64'
libgcrypt-1.10.3/cipher/bufhelp.h:168:10: note: in expansion of macro 'le_bswap64'
libgcrypt-1.10.3/cipher/bufhelp.h: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/bufhelp.h:250:25: note: in expansion of macro 'buf_get_he64'
libgcrypt-1.10.3/cipher/bufhelp.h:168:10: note: in expansion of macro 'le_bswap64'
libgcrypt-1.10.3/cipher/bufhelp.h: scope_hint: In function 'buf_xor'
libgcrypt-1.10.3/cipher/bufhelp.h:250:7: note: in expansion of macro 'buf_put_he64'
libgcrypt-1.10.3/cipher/bufhelp.h:180:10: note: write of 7 bytes to beyond the end of 'scratch'
libgcrypt-1.10.3/cipher/bufhelp.h:180:10: note: valid subscripts for 'scratch' are '[0]' to '[8]'
# 178| {
# 179| bufhelp_u64_t *out = _buf;
# 180|-> out->a = le_bswap64(val);
# 181| }
# 182|
Error: GCC_ANALYZER_WARNING (CWE-688):
libgcrypt-1.10.3/cipher/bufhelp.h: scope_hint: In function 'buf_cpy'
libgcrypt-1.10.3/cipher/bufhelp.h:213:7: warning[-Wanalyzer-null-argument]: use of NULL '_src' where non-null expected
libgcrypt-1.10.3/cipher/cipher-ccm.c:26: included_from: Included from here.
libgcrypt-1.10.3/cipher/bufhelp.h:211:11: note: in expansion of macro 'UNLIKELY'
<built-in>: note: argument 2 of '__builtin_memcpy' must be non-null
# 211| if (UNLIKELY(len == 0))
# 212| return;
# 213|-> memcpy(_dst, _src, len);
# 214| return;
# 215| }
Error: GCC_ANALYZER_WARNING (CWE-476):
libgcrypt-1.10.3/cipher/bufhelp.h:236:14: warning[-Wanalyzer-null-dereference]: dereference of NULL 'src'
# 234| /* Handle tail. */
# 235| for (; len; len--)
# 236|-> *dst++ = *src++;
# 237| }
# 238|
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/chacha20.c:961:4: warning[deadcode.DeadStores]: Value stored to 'authoffset' is never read
# 959| _gcry_poly1305_update (&c->u_mode.poly1305.ctx, authptr, authoffset);
# 960| authptr += authoffset;
# 961|-> authoffset = 0;
# 962| }
# 963|
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-cbc.c:123:3: warning[deadcode.DeadStores]: Value stored to 'burn' is never read
# 121| return GPG_ERR_INV_LENGTH;
# 122|
# 123|-> burn = 0;
# 124|
# 125| if (inbuflen > blocksize)
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-cbc.c:249:3: warning[deadcode.DeadStores]: Value stored to 'burn' is never read
# 247| return GPG_ERR_INV_LENGTH;
# 248|
# 249|-> burn = 0;
# 250|
# 251| if (inbuflen > blocksize)
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-cfb.c:119:7: warning[deadcode.DeadStores]: Value stored to 'outbuf' is never read
# 117| c->unused -= inbuflen;
# 118| buf_xor_2dst(outbuf, c->u_iv.iv, inbuf, inbuflen);
# 119|-> outbuf += inbuflen;
# 120| inbuf += inbuflen;
# 121| inbuflen = 0;
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-cfb.c:120:7: warning[deadcode.DeadStores]: Value stored to 'inbuf' is never read
# 118| buf_xor_2dst(outbuf, c->u_iv.iv, inbuf, inbuflen);
# 119| outbuf += inbuflen;
# 120|-> inbuf += inbuflen;
# 121| inbuflen = 0;
# 122| }
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-cfb.c:121:7: warning[deadcode.DeadStores]: Value stored to 'inbuflen' is never read
# 119| outbuf += inbuflen;
# 120| inbuf += inbuflen;
# 121|-> inbuflen = 0;
# 122| }
# 123|
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-cfb.c:218:7: warning[deadcode.DeadStores]: Value stored to 'outbuf' is never read
# 216| c->unused -= inbuflen;
# 217| buf_xor_n_copy(outbuf, c->u_iv.iv, inbuf, inbuflen);
# 218|-> outbuf += inbuflen;
# 219| inbuf += inbuflen;
# 220| inbuflen = 0;
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-cfb.c:219:7: warning[deadcode.DeadStores]: Value stored to 'inbuf' is never read
# 217| buf_xor_n_copy(outbuf, c->u_iv.iv, inbuf, inbuflen);
# 218| outbuf += inbuflen;
# 219|-> inbuf += inbuflen;
# 220| inbuflen = 0;
# 221| }
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-cfb.c:220:7: warning[deadcode.DeadStores]: Value stored to 'inbuflen' is never read
# 218| outbuf += inbuflen;
# 219| inbuf += inbuflen;
# 220|-> inbuflen = 0;
# 221| }
# 222|
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-cmac.c:62:7: warning[deadcode.DeadStores]: Value stored to 'inbuf' is never read
# 60| buf_cpy (&ctx->macbuf[ctx->mac_unused], inbuf, inlen);
# 61| ctx->mac_unused += inlen;
# 62|-> inbuf += inlen;
# 63| inlen -= inlen;
# 64|
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-cmac.c:115:3: warning[deadcode.DeadStores]: Value stored to 'inbuf' is never read
# 113| buf_cpy (&ctx->macbuf[ctx->mac_unused], inbuf, n);
# 114| ctx->mac_unused += n;
# 115|-> inbuf += n;
# 116| inlen -= n;
# 117|
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-cmac.c:116:3: warning[deadcode.DeadStores]: Value stored to 'inlen' is never read
# 114| ctx->mac_unused += n;
# 115| inbuf += n;
# 116|-> inlen -= n;
# 117|
# 118| if (burn)
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-ctr.c:104:11: warning[deadcode.DeadStores]: Value stored to 'inbuflen' is never read
# 102| buf_xor(outbuf, inbuf, tmp, inbuflen);
# 103|
# 104|-> inbuflen -= n;
# 105| outbuf += n;
# 106| inbuf += n;
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-ctr.c:105:11: warning[deadcode.DeadStores]: Value stored to 'outbuf' is never read
# 103|
# 104| inbuflen -= n;
# 105|-> outbuf += n;
# 106| inbuf += n;
# 107| }
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-ctr.c:106:11: warning[deadcode.DeadStores]: Value stored to 'inbuf' is never read
# 104| inbuflen -= n;
# 105| outbuf += n;
# 106|-> inbuf += n;
# 107| }
# 108|
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-gcm-siv.c:236:7: warning[deadcode.DeadStores]: Value stored to 'outbuf' is never read
# 234| buf_xor(outbuf, inbuf, tmp, inbuflen);
# 235|
# 236|-> outbuf += inbuflen;
# 237| inbuf += inbuflen;
# 238| inbuflen -= inbuflen;
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-gcm-siv.c:237:7: warning[deadcode.DeadStores]: Value stored to 'inbuf' is never read
# 235|
# 236| outbuf += inbuflen;
# 237|-> inbuf += inbuflen;
# 238| inbuflen -= inbuflen;
# 239| }
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-gcm-siv.c:587:40: warning[core.uninitialized.Assign]: The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage
# 585| cipher_block_xor (expected_tag, c->u_iv.iv, c->u_mode.gcm.u_tag.tag,
# 586| GCRY_SIV_BLOCK_LEN);
# 587|-> expected_tag[GCRY_SIV_BLOCK_LEN - 1] &= 0x7f;
# 588| c->spec->encrypt (&c->context.c, expected_tag, expected_tag);
# 589|
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-ocb.c:397:7: warning[deadcode.DeadStores]: Value stored to 'abuf' is never read
# 395| abuf, n);
# 396| c->u_mode.ocb.aad_nleftover += n;
# 397|-> abuf += n;
# 398| abuflen -= n;
# 399| }
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-ofb.c:99:7: warning[deadcode.DeadStores]: Value stored to 'outbuf' is never read
# 97| c->unused -= inbuflen;
# 98| buf_xor(outbuf, c->u_iv.iv, inbuf, inbuflen);
# 99|-> outbuf += inbuflen;
# 100| inbuf += inbuflen;
# 101| inbuflen = 0;
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-ofb.c:100:7: warning[deadcode.DeadStores]: Value stored to 'inbuf' is never read
# 98| buf_xor(outbuf, c->u_iv.iv, inbuf, inbuflen);
# 99| outbuf += inbuflen;
# 100|-> inbuf += inbuflen;
# 101| inbuflen = 0;
# 102| }
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/cipher-ofb.c:101:7: warning[deadcode.DeadStores]: Value stored to 'inbuflen' is never read
# 99| outbuf += inbuflen;
# 100| inbuf += inbuflen;
# 101|-> inbuflen = 0;
# 102| }
# 103|
Error: CPPCHECK_WARNING (CWE-570):
libgcrypt-1.10.3/cipher/cipher.c:933: error[comparePointers]: Subtracting pointers that point to different objects
# 931| byte *u_mode_head_pos = (void *)&c->u_mode.ocb;
# 932| byte *u_mode_tail_pos = (void *)&c->u_mode.ocb.tag;
# 933|-> size_t u_mode_head_length = u_mode_tail_pos - u_mode_head_pos;
# 934| size_t u_mode_tail_length = sizeof(c->u_mode.ocb) - u_mode_head_length;
# 935|
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/crc-intel-pclmul.c:310:7: warning[deadcode.DeadStores]: Value stored to 'inbuf' is never read
# 308| );
# 309|
# 310|-> inbuf += inlen;
# 311| inlen -= inlen;
# 312| }
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/crc-intel-pclmul.c:672:7: warning[deadcode.DeadStores]: Value stored to 'inbuf' is never read
# 670| );
# 671|
# 672|-> inbuf += inlen;
# 673| inlen -= inlen;
# 674| }
Error: GCC_ANALYZER_WARNING (CWE-457):
libgcrypt-1.10.3/cipher/des.c: scope_hint: In function 'des_ecb_crypt'
libgcrypt-1.10.3/cipher/des.c:654:38: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*&ctx_430(D)->encrypt_subkeys'
libgcrypt-1.10.3/cipher/des.c:1144:9: note: in expansion of macro 'des_ecb_encrypt'
# 652| u32 *keys;
# 653|
# 654|-> keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
# 655|
# 656| READ_64BIT_DATA (from, left, right)
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/des.c:659:3: warning[core.UndefinedBinaryOperatorResult]: The right operand of '^' is a garbage value
# 657| INITIAL_PERMUTATION (left, work, right)
# 658|
# 659|-> DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
# 660| DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
# 661| DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/dsa.c:984:11: warning[deadcode.DeadStores]: Value stored to 'p' is never read
# 982| p = stpcpy (p, ")");
# 983| }
# 984|-> p = stpcpy (p, ")");
# 985|
# 986| /* Allocate space for the list of factors plus one for the
Error: GCC_ANALYZER_WARNING (CWE-476):
libgcrypt-1.10.3/cipher/ecc-eddsa.c: scope_hint: In function 'reverse_buffer'
libgcrypt-1.10.3/cipher/ecc-eddsa.c:42:19: warning[-Wanalyzer-null-dereference]: dereference of NULL 'buffer'
libgcrypt-1.10.3/cipher/ecc-eddsa.c:31: included_from: Included from here.
libgcrypt-1.10.3/cipher/ecc-eddsa.c:718:3: note: in expansion of macro 'point_init'
libgcrypt-1.10.3/src/visibility.h:36: included_from: Included from here.
libgcrypt-1.10.3/src/g10lib.h:39: included_from: Included from here.
libgcrypt-1.10.3/cipher/ecc-eddsa.c:26: included_from: Included from here.
libgcrypt-1.10.3/cipher/ecc-eddsa.c:104:7: note: in expansion of macro 'mpi_test_bit'
libgcrypt-1.10.3/cipher/ecc-eddsa.c:28: included_from: Included from here.
libgcrypt-1.10.3/cipher/ecc-eddsa.c:741:7: note: in expansion of macro 'DBG_CIPHER'
# 40| for (i=0; i < length/2; i++)
# 41| {
# 42|-> tmp = buffer[i];
# 43| buffer[i] = buffer[length-1-i];
# 44| buffer[length-1-i] = tmp;
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/ecc-eddsa.c:1063:12: warning[core.UndefinedBinaryOperatorResult]: The left operand of '!=' is a garbage value
# 1061| if (rc)
# 1062| goto leave;
# 1063|-> if (tlen != rlen || memcmp (tbuf, rbuf, tlen))
# 1064| {
# 1065| rc = GPG_ERR_BAD_SIGNATURE;
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/ecc-misc.c:78:15: warning[deadcode.DeadStores]: Value stored to 'str' during its initialization is never read
# 76| _gcry_ecc_model2str (enum gcry_mpi_ec_models model)
# 77| {
# 78|-> const char *str = "?";
# 79| switch (model)
# 80| {
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/ecc-misc.c:95:15: warning[deadcode.DeadStores]: Value stored to 'str' during its initialization is never read
# 93| _gcry_ecc_dialect2str (enum ecc_dialects dialect)
# 94| {
# 95|-> const char *str = "?";
# 96| switch (dialect)
# 97| {
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/elgamal.c:753:7: warning[deadcode.DeadStores]: Value stored to 'p' is never read
# 751| arg_list[nfac] = factors + nfac;
# 752| }
# 753|-> p = stpcpy (p, "))");
# 754| rc = sexp_build_array (&misc_info, NULL, buffer, arg_list);
# 755| xfree (arg_list);
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/gost28147.c:442:42: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 440|
# 441| for (; buflen; buflen--)
# 442|-> h->u.imit.lastiv[h->u.imit.unused++] = *buf++;
# 443|
# 444| _gcry_burn_stack (burn);
Error: GCC_ANALYZER_WARNING (CWE-457):
libgcrypt-1.10.3/cipher/gostr3411-94.c: scope_hint: In function 'do_p'
libgcrypt-1.10.3/cipher/gostr3411-94.c:86:15: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 't[2]'
# 84| k = 0;
# 85| p[k+0] = ((t[0] >> (8*k)) & 0xff) << 0 |
# 86|-> ((t[2] >> (8*k)) & 0xff) << 8 |
# 87| ((t[4] >> (8*k)) & 0xff) << 16 |
# 88| ((t[6] >> (8*k)) & 0xff) << 24;
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/gostr3411-94.c:143: error[overlappingWriteFunction]: Overlapping read/write in memcpy() is undefined behavior
# 141| int i;
# 142| memcpy (t, u, 16);
# 143|-> memcpy (u, u + 4, 16);
# 144| for (i = 0; i < 2; i++)
# 145| {
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/mac-poly1305.c:69:7: warning[deadcode.DeadStores]: Value stored to 'cipher_algo' is never read
# 67| case GCRY_MAC_POLY1305:
# 68| /* plain Poly1305. */
# 69|-> cipher_algo = -1;
# 70| return 0;
# 71| case GCRY_MAC_POLY1305_AES:
Error: CPPCHECK_WARNING (CWE-457):
libgcrypt-1.10.3/cipher/md.c:541: warning[uninitvar]: Uninitialized variables: hd.ctx, hd.bufpos, hd.bufsize
# 539| rc = md_open (&hd, algo, flags);
# 540|
# 541|-> *h = rc? NULL : hd;
# 542| return rc;
# 543| }
Error: GCC_ANALYZER_WARNING (CWE-775):
libgcrypt-1.10.3/cipher/md.c: scope_hint: In function 'md_start_debug.part.0'
libgcrypt-1.10.3/cipher/md.c:1500:11: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen(&buf, "w")'
# 1498| snprintf (buf, DIM(buf)-1, "dbgmd-%05d.%.10s", idx, suffix );
# 1499| md->ctx->debug = fopen(buf, "w");
# 1500|-> if ( !md->ctx->debug )
# 1501| log_debug("md debug: can't open %s\n", buf );
# 1502| }
Error: GCC_ANALYZER_WARNING (CWE-401):
libgcrypt-1.10.3/cipher/md.c:1500:11: warning[-Wanalyzer-malloc-leak]: leak of 'fopen(&buf, "w")'
# 1498| snprintf (buf, DIM(buf)-1, "dbgmd-%05d.%.10s", idx, suffix );
# 1499| md->ctx->debug = fopen(buf, "w");
# 1500|-> if ( !md->ctx->debug )
# 1501| log_debug("md debug: can't open %s\n", buf );
# 1502| }
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/primegen.c:482:11: warning[deadcode.DeadStores]: Value stored to 'is_locked' is never read
# 480| if (is_locked && (err = gpgrt_lock_unlock (&primepool_lock)))
# 481| goto leave;
# 482|-> is_locked = 0;
# 483| }
# 484| else
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/primegen.c:515:11: warning[deadcode.DeadStores]: Value stored to 'is_locked' is never read
# 513| if (is_locked && (err = gpgrt_lock_unlock (&primepool_lock)))
# 514| goto leave;
# 515|-> is_locked = 0;
# 516|
# 517| if (i == n)
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/primegen.c:691:7: warning[deadcode.DeadStores]: Value stored to 'is_locked' is never read
# 689| if (is_locked)
# 690| err = gpgrt_lock_unlock (&primepool_lock);
# 691|-> is_locked = 0;
# 692| xfree (pool);
# 693| }
Error: GCC_ANALYZER_WARNING (CWE-457):
libgcrypt-1.10.3/cipher/rfc2268.c: scope_hint: In function 'do_encrypt'
libgcrypt-1.10.3/cipher/rfc2268.c:108:59: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*(RFC2268_context *)context.S[j]'
# 106| j = i * 4;
# 107| /* For some reason I cannot combine those steps. */
# 108|-> word0 += (word1 & ~word3) + (word2 & word3) + ctx->S[j];
# 109| word0 = rotl16(word0, 1);
# 110|
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/rsa.c:500:13: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 498| }
# 499| for (idx=0; tbl[idx].name; idx++)
# 500|-> if (!*tbl[idx].value)
# 501| break;
# 502| if (tbl[idx].name)
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/rsa.c:506:13: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 504| /* At least one parameter is missing. */
# 505| for (idx=0; tbl[idx].name; idx++)
# 506|-> _gcry_mpi_release (*tbl[idx].value);
# 507| return GPG_ERR_MISSING_VALUE;
# 508| }
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:350: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 348| x4 = GETU32 (inbuf+12);
# 349|
# 350|-> OP (x1, x2, x3, x4, 0);
# 351| OP (x3, x4, x1, x2, 2);
# 352| OP (x1, x2, x3, x4, 4);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:351: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 349|
# 350| OP (x1, x2, x3, x4, 0);
# 351|-> OP (x3, x4, x1, x2, 2);
# 352| OP (x1, x2, x3, x4, 4);
# 353| OP (x3, x4, x1, x2, 6);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:352: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 350| OP (x1, x2, x3, x4, 0);
# 351| OP (x3, x4, x1, x2, 2);
# 352|-> OP (x1, x2, x3, x4, 4);
# 353| OP (x3, x4, x1, x2, 6);
# 354| OP (x1, x2, x3, x4, 8);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:353: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 351| OP (x3, x4, x1, x2, 2);
# 352| OP (x1, x2, x3, x4, 4);
# 353|-> OP (x3, x4, x1, x2, 6);
# 354| OP (x1, x2, x3, x4, 8);
# 355| OP (x3, x4, x1, x2, 10);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:354: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 352| OP (x1, x2, x3, x4, 4);
# 353| OP (x3, x4, x1, x2, 6);
# 354|-> OP (x1, x2, x3, x4, 8);
# 355| OP (x3, x4, x1, x2, 10);
# 356| OP (x1, x2, x3, x4, 12);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:355: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 353| OP (x3, x4, x1, x2, 6);
# 354| OP (x1, x2, x3, x4, 8);
# 355|-> OP (x3, x4, x1, x2, 10);
# 356| OP (x1, x2, x3, x4, 12);
# 357| OP (x3, x4, x1, x2, 14);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:356: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 354| OP (x1, x2, x3, x4, 8);
# 355| OP (x3, x4, x1, x2, 10);
# 356|-> OP (x1, x2, x3, x4, 12);
# 357| OP (x3, x4, x1, x2, 14);
# 358| OP (x1, x2, x3, x4, 16);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:357: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 355| OP (x3, x4, x1, x2, 10);
# 356| OP (x1, x2, x3, x4, 12);
# 357|-> OP (x3, x4, x1, x2, 14);
# 358| OP (x1, x2, x3, x4, 16);
# 359| OP (x3, x4, x1, x2, 18);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:358: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 356| OP (x1, x2, x3, x4, 12);
# 357| OP (x3, x4, x1, x2, 14);
# 358|-> OP (x1, x2, x3, x4, 16);
# 359| OP (x3, x4, x1, x2, 18);
# 360| OP (x1, x2, x3, x4, 20);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:359: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 357| OP (x3, x4, x1, x2, 14);
# 358| OP (x1, x2, x3, x4, 16);
# 359|-> OP (x3, x4, x1, x2, 18);
# 360| OP (x1, x2, x3, x4, 20);
# 361| OP (x3, x4, x1, x2, 22);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:360: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 358| OP (x1, x2, x3, x4, 16);
# 359| OP (x3, x4, x1, x2, 18);
# 360|-> OP (x1, x2, x3, x4, 20);
# 361| OP (x3, x4, x1, x2, 22);
# 362| OP (x1, x2, x3, x4, 24);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:361: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 359| OP (x3, x4, x1, x2, 18);
# 360| OP (x1, x2, x3, x4, 20);
# 361|-> OP (x3, x4, x1, x2, 22);
# 362| OP (x1, x2, x3, x4, 24);
# 363| OP (x3, x4, x1, x2, 26);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:362: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 360| OP (x1, x2, x3, x4, 20);
# 361| OP (x3, x4, x1, x2, 22);
# 362|-> OP (x1, x2, x3, x4, 24);
# 363| OP (x3, x4, x1, x2, 26);
# 364| OP (x1, x2, x3, x4, 28);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:363: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 361| OP (x3, x4, x1, x2, 22);
# 362| OP (x1, x2, x3, x4, 24);
# 363|-> OP (x3, x4, x1, x2, 26);
# 364| OP (x1, x2, x3, x4, 28);
# 365| OP (x3, x4, x1, x2, 30);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:364: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 362| OP (x1, x2, x3, x4, 24);
# 363| OP (x3, x4, x1, x2, 26);
# 364|-> OP (x1, x2, x3, x4, 28);
# 365| OP (x3, x4, x1, x2, 30);
# 366|
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:365: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 363| OP (x3, x4, x1, x2, 26);
# 364| OP (x1, x2, x3, x4, 28);
# 365|-> OP (x3, x4, x1, x2, 30);
# 366|
# 367| PUTU32 (outbuf, x3);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:396: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 394| x4 = GETU32 (inbuf+12);
# 395|
# 396|-> OP (x1, x2, x3, x4, 30);
# 397| OP (x3, x4, x1, x2, 28);
# 398| OP (x1, x2, x3, x4, 26);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:397: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 395|
# 396| OP (x1, x2, x3, x4, 30);
# 397|-> OP (x3, x4, x1, x2, 28);
# 398| OP (x1, x2, x3, x4, 26);
# 399| OP (x3, x4, x1, x2, 24);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:398: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 396| OP (x1, x2, x3, x4, 30);
# 397| OP (x3, x4, x1, x2, 28);
# 398|-> OP (x1, x2, x3, x4, 26);
# 399| OP (x3, x4, x1, x2, 24);
# 400| OP (x1, x2, x3, x4, 22);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:399: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 397| OP (x3, x4, x1, x2, 28);
# 398| OP (x1, x2, x3, x4, 26);
# 399|-> OP (x3, x4, x1, x2, 24);
# 400| OP (x1, x2, x3, x4, 22);
# 401| OP (x3, x4, x1, x2, 20);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:400: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 398| OP (x1, x2, x3, x4, 26);
# 399| OP (x3, x4, x1, x2, 24);
# 400|-> OP (x1, x2, x3, x4, 22);
# 401| OP (x3, x4, x1, x2, 20);
# 402| OP (x1, x2, x3, x4, 18);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:401: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 399| OP (x3, x4, x1, x2, 24);
# 400| OP (x1, x2, x3, x4, 22);
# 401|-> OP (x3, x4, x1, x2, 20);
# 402| OP (x1, x2, x3, x4, 18);
# 403| OP (x3, x4, x1, x2, 16);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:402: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 400| OP (x1, x2, x3, x4, 22);
# 401| OP (x3, x4, x1, x2, 20);
# 402|-> OP (x1, x2, x3, x4, 18);
# 403| OP (x3, x4, x1, x2, 16);
# 404| OP (x1, x2, x3, x4, 14);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:403: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 401| OP (x3, x4, x1, x2, 20);
# 402| OP (x1, x2, x3, x4, 18);
# 403|-> OP (x3, x4, x1, x2, 16);
# 404| OP (x1, x2, x3, x4, 14);
# 405| OP (x3, x4, x1, x2, 12);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:404: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 402| OP (x1, x2, x3, x4, 18);
# 403| OP (x3, x4, x1, x2, 16);
# 404|-> OP (x1, x2, x3, x4, 14);
# 405| OP (x3, x4, x1, x2, 12);
# 406| OP (x1, x2, x3, x4, 10);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:405: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 403| OP (x3, x4, x1, x2, 16);
# 404| OP (x1, x2, x3, x4, 14);
# 405|-> OP (x3, x4, x1, x2, 12);
# 406| OP (x1, x2, x3, x4, 10);
# 407| OP (x3, x4, x1, x2, 8);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:406: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 404| OP (x1, x2, x3, x4, 14);
# 405| OP (x3, x4, x1, x2, 12);
# 406|-> OP (x1, x2, x3, x4, 10);
# 407| OP (x3, x4, x1, x2, 8);
# 408| OP (x1, x2, x3, x4, 6);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:407: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 405| OP (x3, x4, x1, x2, 12);
# 406| OP (x1, x2, x3, x4, 10);
# 407|-> OP (x3, x4, x1, x2, 8);
# 408| OP (x1, x2, x3, x4, 6);
# 409| OP (x3, x4, x1, x2, 4);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:408: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 406| OP (x1, x2, x3, x4, 10);
# 407| OP (x3, x4, x1, x2, 8);
# 408|-> OP (x1, x2, x3, x4, 6);
# 409| OP (x3, x4, x1, x2, 4);
# 410| OP (x1, x2, x3, x4, 2);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:409: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 407| OP (x3, x4, x1, x2, 8);
# 408| OP (x1, x2, x3, x4, 6);
# 409|-> OP (x3, x4, x1, x2, 4);
# 410| OP (x1, x2, x3, x4, 2);
# 411| OP (x3, x4, x1, x2, 0);
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:410: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 408| OP (x1, x2, x3, x4, 6);
# 409| OP (x3, x4, x1, x2, 4);
# 410|-> OP (x1, x2, x3, x4, 2);
# 411| OP (x3, x4, x1, x2, 0);
# 412|
Error: CPPCHECK_WARNING (CWE-758):
libgcrypt-1.10.3/cipher/seed.c:411: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior
# 409| OP (x3, x4, x1, x2, 4);
# 410| OP (x1, x2, x3, x4, 2);
# 411|-> OP (x3, x4, x1, x2, 0);
# 412|
# 413| PUTU32 (outbuf, x3);
Error: CLANG_WARNING:
libgcrypt-1.10.3/cipher/stribog.c:1298:3: warning[deadcode.DeadStores]: Value stored to 'i' is never read
# 1296| if (i < 64)
# 1297| memset (&hd->bctx.buf[i], 0, 64 - i);
# 1298|-> i = 64;
# 1299| transform_bits (hd, hd->bctx.buf, hd->bctx.count * 8);
# 1300|
Error: CLANG_WARNING:
libgcrypt-1.10.3/mpi/ec.c:531:3: warning[deadcode.DeadStores]: Value stored to 'cy' is never read
# 529|
# 530| cy = _gcry_mpih_add_n (b0, b0, a2, LIMB_SIZE_HALF_448);
# 531|-> cy += _gcry_mpih_add_n (wp, b0, a3, LIMB_SIZE_HALF_448);
# 532| #if (LIMB_SIZE_HALF_448 > LIMB_SIZE_448/2)
# 533| cy = wp[LIMB_SIZE_HALF_448-1] >> 32;
Error: CLANG_WARNING:
libgcrypt-1.10.3/mpi/ec.c:542:3: warning[deadcode.DeadStores]: Value stored to 'cy' is never read
# 540| cy += _gcry_mpih_lshift (a3, a3, LIMB_SIZE_HALF_448, 1);
# 541| cy += _gcry_mpih_add_n (b1, b1, a2, LIMB_SIZE_HALF_448);
# 542|-> cy += _gcry_mpih_add_n (b1, b1, a3, LIMB_SIZE_HALF_448);
# 543| #if (LIMB_SIZE_HALF_448 > LIMB_SIZE_448/2)
# 544| cy = _gcry_mpih_rshift (b1, b1, LIMB_SIZE_HALF_448, 32);
Error: CLANG_WARNING:
libgcrypt-1.10.3/mpi/ec.c:609:3: warning[deadcode.DeadStores]: Value stored to 'cy' is never read
# 607| #endif
# 608| wp[wsize] = _gcry_mpih_addmul_1 (wp, n, wsize, 977);
# 609|-> cy = _gcry_mpih_add_n (wp, wp, s, wsize + 1);
# 610|
# 611| /* second pass of reduction */
Error: GCC_ANALYZER_WARNING (CWE-476):
libgcrypt-1.10.3/mpi/mpiutil.c: scope_hint: In function '_gcry_mpi_set'
libgcrypt-1.10.3/mpi/mpi-internal.h:94:21: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
libgcrypt-1.10.3/mpi/mpiutil.c:502:3: note: in expansion of macro 'MPN_COPY'
libgcrypt-1.10.3/mpi/mpiutil.c:499:3: note: in expansion of macro 'RESIZE_IF_NEEDED'
libgcrypt-1.10.3/mpi/mpiutil.c:499:3: note: in expansion of macro 'RESIZE_IF_NEEDED'
libgcrypt-1.10.3/mpi/mpiutil.c:502:3: note: in expansion of macro 'MPN_COPY'
libgcrypt-1.10.3/mpi/mpiutil.c:502:3: note: in expansion of macro 'MPN_COPY'
libgcrypt-1.10.3/mpi/mpiutil.c:502:3: note: in expansion of macro 'MPN_COPY'
libgcrypt-1.10.3/mpi/mpiutil.c:502:3: note: in expansion of macro 'MPN_COPY'
# 92| mpi_size_t _i; \
# 93| for( _i = 0; _i < (n); _i++ ) \
# 94|-> (d)[_i] = (s)[_i]; \
# 95| } while(0)
# 96|
Error: GCC_ANALYZER_WARNING (CWE-465):
libgcrypt-1.10.3/mpi/mpi-mul.c:145:8: warning[-Wanalyzer-deref-before-check]: check of 'w' for NULL after already dereferencing it
libgcrypt-1.10.3/mpi/mpi-mul.c:123:19: note: in expansion of macro 'mpi_is_secure'
libgcrypt-1.10.3/mpi/mpi-mul.c:123:19: note: in expansion of macro 'mpi_is_secure'
libgcrypt-1.10.3/mpi/mpi-mul.c:127:19: note: in expansion of macro 'mpi_is_secure'
libgcrypt-1.10.3/mpi/mpi-mul.c:127:19: note: in expansion of macro 'mpi_is_secure'
# 143| /* Ensure W has space enough to store the result. */
# 144| wsize = usize + vsize;
# 145|-> if ( !mpi_is_secure (w) && (mpi_is_secure (u) || mpi_is_secure (v)) ) {
# 146| /* w is not allocated in secure space but u or v is. To make sure
# 147| * that no temporray results are stored in w, we temporary use
Error: CLANG_WARNING:
libgcrypt-1.10.3/mpi/mpicoder.c:59:11: warning[core.NullDereference]: Array access (from variable 'buffer') results in a null pointer dereference
# 57| if ( max_nread < 2 )
# 58| goto leave;
# 59|-> nbits = buffer[0] << 8 | buffer[1];
# 60| if ( nbits > MAX_EXTERN_MPI_BITS )
# 61| {
Error: CLANG_WARNING:
libgcrypt-1.10.3/mpi/mpicoder.c:457:7: warning[deadcode.DeadStores]: Value stored to 'p' is never read
# 455| n = n > BYTES_PER_MPI_LIMB ? BYTES_PER_MPI_LIMB : n;
# 456| memcpy (last + BYTES_PER_MPI_LIMB - n, p - n + 1, n);
# 457|-> p -= n;
# 458|
# 459| #if BYTES_PER_MPI_LIMB == 4
Error: CLANG_WARNING:
libgcrypt-1.10.3/mpi/mpicoder.c:515:29: warning[core.BitwiseShift]: Left shift by '32' overflows the capacity of 'int'
# 513| unsigned int ntz = _gcry_ctz (pi);
# 514|
# 515|-> p[i] = ((p[i] ^ (0xfe << ntz)) | (0x01 << ntz)) & (0xff << ntz);
# 516|
# 517| for (i--; i >= 7; i -= 8)
Error: CLANG_WARNING:
libgcrypt-1.10.3/mpi/mpicoder.c:569:24: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 's')
# 567| {
# 568| _gcry_mpi_set_buffer (a, s, len, 0);
# 569|-> a->sign = !!(*s & 0x80);
# 570| if (a->sign)
# 571| {
Error: CLANG_WARNING:
libgcrypt-1.10.3/mpi/mpicoder.c:675:14: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 673| return GPG_ERR_INV_ARG;
# 674|
# 675|-> slen = strlen ((const char *)buffer);
# 676| if (slen > MAX_EXTERN_SCAN_BYTES)
# 677| return GPG_ERR_INV_OBJ;
Error: GCC_ANALYZER_WARNING (CWE-476):
libgcrypt-1.10.3/mpi/mpiutil.c: scope_hint: In function '_gcry_mpi_neg'
libgcrypt-1.10.3/mpi/mpiutil.c:414:11: warning[-Wanalyzer-null-dereference]: dereference of NULL 'w'
libgcrypt-1.10.3/src/visibility.h:36: included_from: Included from here.
libgcrypt-1.10.3/src/g10lib.h:39: included_from: Included from here.
libgcrypt-1.10.3/mpi/mpiutil.c:27: included_from: Included from here.
libgcrypt-1.10.3/mpi/mpiutil.c:407:5: note: in expansion of macro 'mpi_set'
libgcrypt-1.10.3/mpi/mpiutil.c:407:5: note: in expansion of macro 'mpi_set'
libgcrypt-1.10.3/mpi/mpiutil.c:28: included_from: Included from here.
libgcrypt-1.10.3/mpi/mpiutil.c:499:3: note: in expansion of macro 'RESIZE_IF_NEEDED'
libgcrypt-1.10.3/mpi/mpiutil.c:499:3: note: in expansion of macro 'RESIZE_IF_NEEDED'
libgcrypt-1.10.3/mpi/mpiutil.c:502:3: note: in expansion of macro 'MPN_COPY'
libgcrypt-1.10.3/mpi/mpiutil.c:407:5: note: in expansion of macro 'mpi_set'
# 412| }
# 413|
# 414|-> w->sign = !u->sign;
# 415| }
# 416|
Error: GCC_ANALYZER_WARNING (CWE-465):
libgcrypt-1.10.3/mpi/mpiutil.c: scope_hint: In function '_gcry_mpi_randomize'
libgcrypt-1.10.3/mpi/mpiutil.c:709:9: warning[-Wanalyzer-deref-before-check]: check of 'w' for NULL after already dereferencing it
libgcrypt-1.10.3/mpi/mpi-internal.h:52: included_from: Included from here.
libgcrypt-1.10.3/mpi/mpiutil.c:702:7: note: in expansion of macro 'mpi_is_immutable'
# 707| if (level == GCRY_WEAK_RANDOM)
# 708| {
# 709|-> p = mpi_is_secure(w) ? xmalloc_secure (nbytes)
# 710| : xmalloc (nbytes);
# 711| _gcry_create_nonce (p, nbytes);
Error: GCC_ANALYZER_WARNING (CWE-465):
libgcrypt-1.10.3/mpi/mpiutil.c:715:9: warning[-Wanalyzer-deref-before-check]: check of 'w' for NULL after already dereferencing it
libgcrypt-1.10.3/mpi/mpiutil.c:702:7: note: in expansion of macro 'mpi_is_immutable'
# 713| else
# 714| {
# 715|-> p = mpi_is_secure(w) ? _gcry_random_bytes_secure (nbytes, level)
# 716| : _gcry_random_bytes (nbytes, level);
# 717| }
Error: CLANG_WARNING:
libgcrypt-1.10.3/random/random-drbg.c:669:13: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 667| for (cnt = 0; cnt < drbg_blocklen (drbg); cnt++)
# 668| {
# 669|-> out[cnt] ^= *pos;
# 670| pos++;
# 671| inpos--;
Error: CLANG_WARNING:
libgcrypt-1.10.3/random/random-drbg.c:787:42: warning[core.DivideZero]: Division by zero
# 785|
# 786| /* 10.4.2 step 5: length is size of L_N, input_string, one byte, padding */
# 787|-> padlen = (inputlen + sizeof (L_N) + 1) % (drbg_blocklen (drbg));
# 788| /* wrap the padlen appropriately */
# 789| if (padlen)
Error: CLANG_WARNING:
libgcrypt-1.10.3/random/random-drbg.c:2386:3: warning[deadcode.DeadStores]: Value stored to 'ret' is never read
# 2384| return GPG_ERR_ENOMEM;
# 2385|
# 2386|-> ret = _gcry_rngdrbg_cavs_test (test, buf);
# 2387| /* FIXME: The next line is wrong. */
# 2388| ret = memcmp (test->expected, buf, test->expectedlen);
Error: GCC_ANALYZER_WARNING (CWE-476):
libgcrypt-1.10.3/src/secmem.c:40: included_from: Included from here.
libgcrypt-1.10.3/src/secmem.c: scope_hint: In function 'secmem_dump_stats_internal'
libgcrypt-1.10.3/src/g10lib.h:205:21: warning[-Wanalyzer-null-dereference]: dereference of NULL 'mb'
libgcrypt-1.10.3/src/secmem.c:945:13: note: in expansion of macro 'log_info'
libgcrypt-1.10.3/src/secmem.c: scope_hint: In function 'secmem_dump_stats_internal'
libgcrypt-1.10.3/src/secmem.c:945:13: note: in expansion of macro 'log_info'
libgcrypt-1.10.3/src/secmem.c:945:13: note: in expansion of macro 'log_info'
# 203| #define log_fatal _gcry_log_fatal
# 204| #define log_error _gcry_log_error
# 205|-> #define log_info _gcry_log_info
# 206| #define log_debug _gcry_log_debug
# 207| #define log_printf _gcry_log_printf
Error: GCC_ANALYZER_WARNING (CWE-457):
libgcrypt-1.10.3/src/hmac256.c: scope_hint: In function ‘transform’
libgcrypt-1.10.3/src/hmac256.c:143:16: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘w[<unknown>]’
libgcrypt-1.10.3/src/hmac256.c:211:12: note: in expansion of macro ‘S1’
libgcrypt-1.10.3/src/hmac256.c:143:22: note: in definition of macro ‘S1’
libgcrypt-1.10.3/src/hmac256.c:211:12: note: in expansion of macro ‘S1’
# 141| #define Sum1(x) (ror ((x), 6) ^ ror ((x), 11) ^ ror ((x), 25)) /* (4.5) */
# 142| #define S0(x) (ror ((x), 7) ^ ror ((x), 18) ^ ((x) >> 3)) /* (4.6) */
# 143|-> #define S1(x) (ror ((x), 17) ^ ror ((x), 19) ^ ((x) >> 10)) /* (4.7) */
# 144| #define R(a,b,c,d,e,f,g,h,k,w) do \
# 145| { \
Error: GCC_ANALYZER_WARNING (CWE-465):
libgcrypt-1.10.3/src/mpi.h:115:36: warning[-Wanalyzer-deref-before-check]: check of 'u' for NULL after already dereferencing it
libgcrypt-1.10.3/mpi/mpi-mul.c:127:19: note: in expansion of macro 'mpi_is_secure'
libgcrypt-1.10.3/mpi/mpi-mul.c:123:19: note: in expansion of macro 'mpi_is_secure'
libgcrypt-1.10.3/mpi/mpi-mul.c:123:19: note: in expansion of macro 'mpi_is_secure'
libgcrypt-1.10.3/mpi/mpi-mul.c:127:19: note: in expansion of macro 'mpi_is_secure'
# 113| #define mpi_is_immutable(a) ((a)->flags&16)
# 114| #define mpi_is_opaque(a) ((a) && ((a)->flags&4))
# 115|-> #define mpi_is_secure(a) ((a) && ((a)->flags&1))
# 116| #define mpi_clear(a) _gcry_mpi_clear ((a))
# 117| #define mpi_alloc_like(a) _gcry_mpi_alloc_like((a))
Error: GCC_ANALYZER_WARNING (CWE-465):
libgcrypt-1.10.3/mpi/mpi-internal.h:52: included_from: Included from here.
libgcrypt-1.10.3/mpi/mpi-mul.c:30: included_from: Included from here.
libgcrypt-1.10.3/mpi/mpi-mul.c: scope_hint: In function '_gcry_mpi_mul'
libgcrypt-1.10.3/src/mpi.h:115:36: warning[-Wanalyzer-deref-before-check]: check of 'v' for NULL after already dereferencing it
libgcrypt-1.10.3/mpi/mpi-mul.c:123:19: note: in expansion of macro 'mpi_is_secure'
libgcrypt-1.10.3/mpi/mpi-mul.c:123:19: note: in expansion of macro 'mpi_is_secure'
# 113| #define mpi_is_immutable(a) ((a)->flags&16)
# 114| #define mpi_is_opaque(a) ((a) && ((a)->flags&4))
# 115|-> #define mpi_is_secure(a) ((a) && ((a)->flags&1))
# 116| #define mpi_clear(a) _gcry_mpi_clear ((a))
# 117| #define mpi_alloc_like(a) _gcry_mpi_alloc_like((a))
Error: CPPCHECK_WARNING (CWE-457):
libgcrypt-1.10.3/src/mpicalc.c:80: error[uninitvar]: Uninitialized variable: buf
# 78| else
# 79| {
# 80|-> fputs (buf, stdout);
# 81| gcry_free (buf);
# 82| }
Error: GCC_ANALYZER_WARNING (CWE-476):
libgcrypt-1.10.3/src/secmem.c:187:72: warning[-Wanalyzer-null-dereference]: dereference of NULL 'mb_prev'
libgcrypt-1.10.3/src/secmem.c: scope_hint: In function 'mb_get_prev'
libgcrypt-1.10.3/src/secmem.c: scope_hint: In function 'mb_get_prev'
# 185| memblock_t *mb_next;
# 186|
# 187|-> mb_next = (memblock_t *) (void *) ((char *) mb + BLOCK_HEAD_SIZE + mb->size);
# 188|
# 189| if (! ptr_into_pool_p (pool, mb_next))
Error: GCC_ANALYZER_WARNING (CWE-476):
libgcrypt-1.10.3/src/secmem.c: scope_hint: In function 'mb_get_new'
libgcrypt-1.10.3/src/secmem.c:246:14: warning[-Wanalyzer-null-dereference]: dereference of NULL 'mb'
libgcrypt-1.10.3/src/secmem.c: scope_hint: In function 'mb_get_new'
# 244|
# 245| for (mb = block; ptr_into_pool_p (pool, mb); mb = mb_get_next (pool, mb))
# 246|-> if (! (mb->flags & MB_FLAG_ACTIVE) && mb->size >= size)
# 247| {
# 248| /* Found a free block. */
Error: CLANG_WARNING:
libgcrypt-1.10.3/src/secmem.c:246:22: warning[core.UndefinedBinaryOperatorResult]: The left operand of '&' is a garbage value
# 244|
# 245| for (mb = block; ptr_into_pool_p (pool, mb); mb = mb_get_next (pool, mb))
# 246|-> if (! (mb->flags & MB_FLAG_ACTIVE) && mb->size >= size)
# 247| {
# 248| /* Found a free block. */
Error: CLANG_WARNING:
libgcrypt-1.10.3/src/secmem.c:727:11: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
# 725| if (mb)
# 726| {
# 727|-> stats_update (pool, mb->size, 0);
# 728| return &mb->aligned.c;
# 729| }
Error: CLANG_WARNING:
libgcrypt-1.10.3/src/sexp.c:2465:19: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 2463| if (mode == '&')
# 2464| {
# 2465|-> gcry_buffer_t *spec = (gcry_buffer_t*)array[idx];
# 2466| if (!spec->data)
# 2467| {
Error: CLANG_WARNING:
libgcrypt-1.10.3/src/sexp.c:2475:31: warning[core.NullDereference]: Dereference of undefined pointer value
# 2473| else if (mode == 's')
# 2474| {
# 2475|-> *array[idx] = NULL;
# 2476| arrayisdesc[idx] = 's';
# 2477| }
Error: CLANG_WARNING:
libgcrypt-1.10.3/src/sexp.c:2481:41: warning[core.NullDereference]: Dereference of undefined pointer value
# 2479| {
# 2480| if (submode == 'l')
# 2481|-> *(long *)array[idx] = 0;
# 2482| else
# 2483| *(int *)array[idx] = 0;
Error: CLANG_WARNING:
libgcrypt-1.10.3/src/sexp.c:2489:50: warning[core.NullDereference]: Dereference of undefined pointer value
# 2487| {
# 2488| if (submode == 'l')
# 2489|-> *(unsigned long *)array[idx] = 0;
# 2490| else if (submode == 'z')
# 2491| *(size_t *)array[idx] = 0;
Error: CLANG_WARNING:
libgcrypt-1.10.3/src/sexp.c:2491:43: warning[core.NullDereference]: Dereference of undefined pointer value
# 2489| *(unsigned long *)array[idx] = 0;
# 2490| else if (submode == 'z')
# 2491|-> *(size_t *)array[idx] = 0;
# 2492| else
# 2493| *(unsigned int *)array[idx] = 0;
Error: CLANG_WARNING:
libgcrypt-1.10.3/src/sexp.c:2497:29: warning[core.NullDereference]: Dereference of undefined pointer value
# 2495| }
# 2496| else
# 2497|-> *array[idx] = NULL;
# 2498| }
# 2499| else if (!l1)
Error: CLANG_WARNING:
libgcrypt-1.10.3/src/sexp.c:2508:19: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 2506| if (mode == '&')
# 2507| {
# 2508|-> gcry_buffer_t *spec = (gcry_buffer_t*)array[idx];
# 2509|
# 2510| if (spec->data)
Error: CLANG_WARNING:
libgcrypt-1.10.3/src/sexp.c:2562:39: warning[core.NullDereference]: Dereference of undefined pointer value
# 2560| if (!needed)
# 2561| {
# 2562|-> *array[idx] = p = xtrymalloc (1);
# 2563| if (p)
# 2564| *p = 0;
Error: CLANG_WARNING:
libgcrypt-1.10.3/src/sexp.c:2566:45: warning[core.NullDereference]: Dereference of undefined pointer value
# 2564| *p = 0;
# 2565| }
# 2566|-> else if ((*array[idx] = p = xtrymalloc (needed)))
# 2567| {
# 2568| for (i = 1; i < l1len; i++)
Error: CLANG_WARNING:
libgcrypt-1.10.3/src/sexp.c:2604:41: warning[core.NullDereference]: Dereference of undefined pointer value
# 2602| along = strtol (tmpstr, NULL, 10);
# 2603| if (submode == 'l')
# 2604|-> *(long *)array[idx] = along;
# 2605| else
# 2606| *(int *)array[idx] = along;
Error: CLANG_WARNING:
libgcrypt-1.10.3/src/sexp.c:2622:50: warning[core.NullDereference]: Dereference of undefined pointer value
# 2620| aulong = strtoul (tmpstr, NULL, 10);
# 2621| if (submode == 'l')
# 2622|-> *(unsigned long *)array[idx] = aulong;
# 2623| else if (submode == 'z')
# 2624| *(size_t *)array[idx] = aulong;
Error: CLANG_WARNING:
libgcrypt-1.10.3/src/sexp.c:2624:43: warning[core.NullDereference]: Dereference of undefined pointer value
# 2622| *(unsigned long *)array[idx] = aulong;
# 2623| else if (submode == 'z')
# 2624|-> *(size_t *)array[idx] = aulong;
# 2625| else
# 2626| *(unsigned int *)array[idx] = aulong;
Error: CLANG_WARNING:
libgcrypt-1.10.3/src/sexp.c:2632:33: warning[core.NullDereference]: Dereference of undefined pointer value
# 2630| {
# 2631| if (mode == '/')
# 2632|-> *array[idx] = _gcry_sexp_nth_mpi (l1,1,GCRYMPI_FMT_OPAQUE);
# 2633| else if (mode == '-')
# 2634| *array[idx] = _gcry_sexp_nth_mpi (l1,1,GCRYMPI_FMT_STD);
Error: CLANG_WARNING:
libgcrypt-1.10.3/src/sexp.c:2634:33: warning[core.NullDereference]: Dereference of undefined pointer value
# 2632| *array[idx] = _gcry_sexp_nth_mpi (l1,1,GCRYMPI_FMT_OPAQUE);
# 2633| else if (mode == '-')
# 2634|-> *array[idx] = _gcry_sexp_nth_mpi (l1,1,GCRYMPI_FMT_STD);
# 2635| else
# 2636| *array[idx] = _gcry_sexp_nth_mpi (l1,1,GCRYMPI_FMT_USG);
Error: CLANG_WARNING:
libgcrypt-1.10.3/src/sexp.c:2636:33: warning[core.NullDereference]: Dereference of undefined pointer value
# 2634| *array[idx] = _gcry_sexp_nth_mpi (l1,1,GCRYMPI_FMT_STD);
# 2635| else
# 2636|-> *array[idx] = _gcry_sexp_nth_mpi (l1,1,GCRYMPI_FMT_USG);
# 2637| if (!*array[idx])
# 2638| {
Error: CPPCHECK_WARNING (CWE-457):
libgcrypt-1.10.3/tests/basic.c:15889: warning[uninitvar]: Uninitialized variable: pkey
#15887| die ("converting sample key failed: %s\n", gpg_strerror (err));
#15888|
#15889|-> do_check_one_pubkey (n, skey, pkey,
#15890| (const unsigned char*)spec.key.grip,
#15891| spec.id, spec.flags);
Error: CLANG_WARNING:
libgcrypt-1.10.3/tests/bench-slope.c:288:25: warning[deadcode.DeadStores]: Although the value stored to 'sumy2' is used in the enclosing expression, the value is never actually read from 'sumy2'
# 286| double b, a;
# 287|
# 288|-> sumx = sumy = sumx2 = sumy2 = sumxy = 0;
# 289|
# 290| if (npoints <= 1)
Error: CLANG_WARNING:
libgcrypt-1.10.3/tests/benchmark.c:878:3: warning[deadcode.DeadStores]: Value stored to 'outbuf' is never read
# 876| buf = (raw_buf
# 877| + ((16 - ((size_t)raw_buf & 0x0f)) % buffer_alignment));
# 878|-> outbuf = raw_outbuf = gcry_xmalloc (allocated_buflen+15);
# 879| outbuf = (raw_outbuf
# 880| + ((16 - ((size_t)raw_outbuf & 0x0f)) % buffer_alignment));
Error: GCC_ANALYZER_WARNING (CWE-775):
libgcrypt-1.10.3/tests/fipsdrv.c: scope_hint: In function ‘read_public_key_file’
libgcrypt-1.10.3/tests/fipsdrv.c:304:29: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname, <unknown>)’
# 302| buffer = gcry_xrealloc (buffer, bufsize);
# 303|
# 304|-> nread = fread (buffer + buflen, 1, NCHUNK, fp);
# 305| if (nread < NCHUNK && ferror (fp))
# 306| {
Error: GCC_ANALYZER_WARNING (CWE-775):
libgcrypt-1.10.3/tests/fipsdrv.c: scope_hint: In function ‘read_sexp_from_file’
libgcrypt-1.10.3/tests/fipsdrv.c:304:29: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname, "rb")’
# 302| buffer = gcry_xrealloc (buffer, bufsize);
# 303|
# 304|-> nread = fread (buffer + buflen, 1, NCHUNK, fp);
# 305| if (nread < NCHUNK && ferror (fp))
# 306| {
Error: GCC_ANALYZER_WARNING (CWE-401):
libgcrypt-1.10.3/tests/fipsdrv.c:304:29: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname, <unknown>)’
# 302| buffer = gcry_xrealloc (buffer, bufsize);
# 303|
# 304|-> nread = fread (buffer + buflen, 1, NCHUNK, fp);
# 305| if (nread < NCHUNK && ferror (fp))
# 306| {
Error: GCC_ANALYZER_WARNING (CWE-401):
libgcrypt-1.10.3/tests/fipsdrv.c:304:29: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname, "rb")’
# 302| buffer = gcry_xrealloc (buffer, bufsize);
# 303|
# 304|-> nread = fread (buffer + buflen, 1, NCHUNK, fp);
# 305| if (nread < NCHUNK && ferror (fp))
# 306| {
Error: GCC_ANALYZER_WARNING (CWE-617):
libgcrypt-1.10.3/tests/fipsdrv.c:531:5: warning[-Wanalyzer-tainted-assertion]: use of attacked-controlled value in condition for assertion
# 529| buffer = read_file (fp, 0, &buflen);
# 530| if (!buffer)
# 531|-> die ("error reading `%s'\n", fname);
# 532| fclose (fp);
# 533|
Error: GCC_ANALYZER_WARNING (CWE-617):
libgcrypt-1.10.3/tests/fipsdrv.c: scope_hint: In function ‘read_public_key_file’
libgcrypt-1.10.3/tests/fipsdrv.c:623:5: warning[-Wanalyzer-tainted-assertion]: use of attacked-controlled value in condition for assertion
# 621| buffer = read_file (fp, 0, &buflen);
# 622| if (!buffer)
# 623|-> die ("error reading `%s'\n", fname);
# 624| fclose (fp);
# 625|
Error: CPPCHECK_WARNING (CWE-457):
libgcrypt-1.10.3/tests/fipsdrv.c:723: warning[uninitvar]: Uninitialized variable: s_sig
# 721| gcry_free (buffer);
# 722|
# 723|-> return s_sig;
# 724| }
# 725|
Error: GCC_ANALYZER_WARNING (CWE-617):
libgcrypt-1.10.3/tests/fipsdrv.c: scope_hint: In function ‘read_sexp_from_file’
libgcrypt-1.10.3/tests/fipsdrv.c:742:5: warning[-Wanalyzer-tainted-assertion]: use of attacked-controlled value in condition for assertion
# 740| buffer = read_file (fp, 0, &buflen);
# 741| if (!buffer)
# 742|-> die ("error reading `%s'\n", fname);
# 743| fclose (fp);
# 744| if (!buflen)
Error: CLANG_WARNING:
libgcrypt-1.10.3/tests/fipsdrv.c:837:24: warning[unix.Errno]: An undefined value may be read from 'errno'
# 835| {
# 836| #ifndef HAVE_W32_SYSTEM
# 837|-> if (loop_mode && errno == EPIPE)
# 838| loop_mode = 0;
# 839| else
Error: CPPCHECK_WARNING (CWE-457):
libgcrypt-1.10.3/tests/fipsdrv.c:1147: error[legacyUninitvar]: Uninitialized variable: last_output
# 1145| for (count=0; count < iterations; count++)
# 1146| {
# 1147|-> memcpy (last_last_output, last_output, sizeof last_output);
# 1148| memcpy (last_output, output, sizeof output);
# 1149|
Error: CPPCHECK_WARNING (CWE-457):
libgcrypt-1.10.3/tests/fipsdrv.c:1270: warning[uninitvar]: Uninitialized variable: s_keyspec
# 1268| gpg_strerror (err));
# 1269|
# 1270|-> err = gcry_pk_genkey (&s_key, s_keyspec);
# 1271| if (err)
# 1272| die ("gcry_pk_genkey failed for RSA: %s\n", gpg_strerror (err));
Error: CPPCHECK_WARNING (CWE-457):
libgcrypt-1.10.3/tests/fipsdrv.c:1333: warning[uninitvar]: Uninitialized variable: s_keyspec
# 1331| gpg_strerror (err));
# 1332|
# 1333|-> err = gcry_pk_genkey (&s_key, s_keyspec);
# 1334|
# 1335| gcry_sexp_release (s_keyspec);
Error: CPPCHECK_WARNING (CWE-457):
libgcrypt-1.10.3/tests/fipsdrv.c:2013: warning[uninitvar]: Uninitialized variable: s_data
# 2011| s_key = read_sexp_from_file (keyfile);
# 2012|
# 2013|-> err = gcry_pk_sign (&s_sig, s_data, s_key);
# 2014| if (err)
# 2015| {
Error: CPPCHECK_WARNING (CWE-457):
libgcrypt-1.10.3/tests/fipsdrv.c:2108: warning[uninitvar]: Uninitialized variable: s_data
# 2106| s_sig = read_sexp_from_file (sigfile);
# 2107|
# 2108|-> err = gcry_pk_verify (s_sig, s_data, s_key);
# 2109| if (!err)
# 2110| puts ("GOOD signature");
Error: CPPCHECK_WARNING (CWE-457):
libgcrypt-1.10.3/tests/fipsdrv.c:2151: warning[uninitvar]: Uninitialized variable: s_data
# 2149| gpg_strerror (err));
# 2150|
# 2151|-> err = gcry_pk_sign (&s_sig, s_data, s_key);
# 2152| if (err)
# 2153| {
Error: CPPCHECK_WARNING (CWE-457):
libgcrypt-1.10.3/tests/fipsdrv.c:2227: warning[uninitvar]: Uninitialized variable: s_data
# 2225| s_sig = read_sexp_from_file (sigfile);
# 2226|
# 2227|-> err = gcry_pk_verify (s_sig, s_data, s_key);
# 2228| if (!err)
# 2229| puts ("GOOD signature");
Error: GCC_ANALYZER_WARNING (CWE-775):
libgcrypt-1.10.3/tests/gchash.c: scope_hint: In function ‘main’
libgcrypt-1.10.3/tests/gchash.c:96:12: warning[-Wanalyzer-file-leak]: leak of FILE ‘fp’
libgcrypt-1.10.3/tests/gchash.c:35: included_from: Included from here.
libgcrypt-1.10.3/tests/gchash.c:46:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/gchash.c:46:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/gchash.c:50:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/gchash.c:50:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/gchash.c:52:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/gchash.c:52:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/gchash.c:54:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/gchash.c:54:3: note: in expansion of macro ‘xgcry_control’
# 94| unsigned char *h;
# 95| if (!strcmp (*argv, "-"))
# 96|-> fp = stdin;
# 97| else
# 98| fp = fopen (*argv, "r");
Error: GCC_ANALYZER_WARNING (CWE-401):
libgcrypt-1.10.3/tests/gchash.c:96:12: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
libgcrypt-1.10.3/tests/gchash.c:46:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/gchash.c:46:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/gchash.c:50:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/gchash.c:50:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/gchash.c:52:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/gchash.c:52:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/gchash.c:54:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/gchash.c:54:3: note: in expansion of macro ‘xgcry_control’
# 94| unsigned char *h;
# 95| if (!strcmp (*argv, "-"))
# 96|-> fp = stdin;
# 97| else
# 98| fp = fopen (*argv, "r");
Error: GCC_ANALYZER_WARNING (CWE-688):
libgcrypt-1.10.3/tests/hashtest.c: scope_hint: In function ‘cmp_digest’
libgcrypt-1.10.3/tests/hashtest.c:231:7: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
libgcrypt-1.10.3/tests/hashtest.c:35: included_from: Included from here.
libgcrypt-1.10.3/tests/hashtest.c:397:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/hashtest.c:397:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/hashtest.c:402:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/hashtest.c:403:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/hashtest.c:403:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/src/gcrypt-int.h:27: included_from: Included from here.
libgcrypt-1.10.3/tests/hashtest.c:30: included_from: Included from here.
libgcrypt-1.10.3/tests/hashtest.c:420:14: note: in expansion of macro ‘gcry_md_test_algo’
libgcrypt-1.10.3/tests/hashtest.c:169:12: note: in expansion of macro ‘hexdigitp’
libgcrypt-1.10.3/tests/hashtest.c:27: included_from: Included from here.
/usr/include/string.h:64:12: note: argument 1 of ‘memcmp’ must be non-null
# 229| return 1;
# 230| }
# 231|-> if (memcmp (tv_digest, digest, tv_digestlen))
# 232| {
# 233| fail ("%d GiB %+3d %-10s error: %s",
Error: CPPCHECK_WARNING (CWE-457):
libgcrypt-1.10.3/tests/keygen.c:87: error[uninitvar]: Uninitialized variable: buf
# 85| else
# 86| {
# 87|-> fprintf (stderr, "%s\n", buf);
# 88| gcry_free (buf);
# 89| }
Error: GCC_ANALYZER_WARNING (CWE-775):
libgcrypt-1.10.3/tests/random.c: scope_hint: In function ‘check_forking’
libgcrypt-1.10.3/tests/random.c:201:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘rp[in_recursion]’
libgcrypt-1.10.3/tests/random.c:38: included_from: Included from here.
libgcrypt-1.10.3/tests/random.c:764:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/random.c:764:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/random.c:781:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/random.c:781:3: note: in expansion of macro ‘xgcry_control’
# 199| die ("parent and child got the same random number\n");
# 200| #endif /*!HAVE_W32_SYSTEM*/
# 201|-> }
# 202|
# 203|
Error: GCC_ANALYZER_WARNING (CWE-775):
libgcrypt-1.10.3/tests/random.c: scope_hint: In function ‘check_nonce_forking’
libgcrypt-1.10.3/tests/random.c:268:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘rp[in_recursion]’
libgcrypt-1.10.3/tests/random.c:764:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/random.c:764:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/random.c:781:3: note: in expansion of macro ‘xgcry_control’
libgcrypt-1.10.3/tests/random.c:781:3: note: in expansion of macro ‘xgcry_control’
# 266| die ("parent and child got the same nonce\n");
# 267| #endif /*!HAVE_W32_SYSTEM*/
# 268|-> }
# 269|
# 270|
Error: CPPCHECK_WARNING (CWE-457):
libgcrypt-1.10.3/tests/t-convert.c:118: error[uninitvar]: Uninitialized variable: buf
# 116| fmts[i].name,gpg_strerror (err) );
# 117| else
# 118|-> gcry_free (buf);
# 119| }
# 120|
Error: CPPCHECK_WARNING (CWE-457):
libgcrypt-1.10.3/tests/t-convert.c:475: error[uninitvar]: Uninitialized variable: buf
# 473| else
# 474| {
# 475|-> if (strcmp (buf, data[idx].a.hex))
# 476| {
# 477| fail ("error printing value %s as %s: %s\n",
Error: CPPCHECK_WARNING (CWE-457):
libgcrypt-1.10.3/tests/t-cv25519.c:51: error[uninitvar]: Uninitialized variable: buf
# 49| else
# 50| {
# 51|-> fprintf (stderr, "%s: %s\n", text, buf);
# 52| gcry_free (buf);
# 53| }
Error: CLANG_WARNING:
libgcrypt-1.10.3/tests/t-dsa.c:370:19: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 368| if (!out_r)
# 369| {
# 370|-> err = gpg_error_from_syserror ();
# 371| gcry_sexp_release (s_tmp);
# 372| gcry_sexp_release (s_tmp2);
Error: CLANG_WARNING:
libgcrypt-1.10.3/tests/t-dsa.c:396:19: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 394| if (!out_s)
# 395| {
# 396|-> err = gpg_error_from_syserror ();
# 397| gcry_sexp_release (s_tmp);
# 398| gcry_sexp_release (s_tmp2);
Error: CLANG_WARNING:
libgcrypt-1.10.3/tests/t-ecdsa.c:414:19: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 412| if (!out_r)
# 413| {
# 414|-> err = gpg_error_from_syserror ();
# 415| gcry_sexp_release (s_tmp);
# 416| gcry_sexp_release (s_tmp2);
Error: CLANG_WARNING:
libgcrypt-1.10.3/tests/t-ecdsa.c:440:19: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 438| if (!out_s)
# 439| {
# 440|-> err = gpg_error_from_syserror ();
# 441| gcry_sexp_release (s_tmp);
# 442| gcry_sexp_release (s_tmp2);
Error: CPPCHECK_WARNING (CWE-457):
libgcrypt-1.10.3/tests/t-mpi-point.c:161: error[uninitvar]: Uninitialized variable: buf
# 159| else
# 160| {
# 161|-> fprintf (stderr, "%s%s: %s\n", text, text2? text2:"", buf);
# 162| gcry_free (buf);
# 163| }
Error: CPPCHECK_WARNING (CWE-457):
libgcrypt-1.10.3/tests/t-x448.c:52: error[uninitvar]: Uninitialized variable: buf
# 50| else
# 51| {
# 52|-> fprintf (stderr, "%s: %s\n", text, buf);
# 53| gcry_free (buf);
# 54| }
Error: GCC_ANALYZER_WARNING (CWE-401):
libgcrypt-1.10.3/tests/testdrv.c: scope_hint: In function ‘my_spawn’
libgcrypt-1.10.3/tests/testdrv.c:100:23: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
libgcrypt-1.10.3/tests/testdrv.c:535:7: note: in expansion of macro ‘xfree’
libgcrypt-1.10.3/tests/testdrv.c:535:7: note: in expansion of macro ‘xfree’
libgcrypt-1.10.3/tests/testdrv.c:535:7: note: in expansion of macro ‘xfree’
# 98| #endif
# 99| #define DIMof(type,member) DIM(((type *)0)->member)
# 100|-> #define xfree(a) free ((a))
# 101| #define spacep(p) (*(p) == ' ' || *(p) == '\t')
# 102|
Error: GCC_ANALYZER_WARNING (CWE-401):
libgcrypt-1.10.3/tests/testdrv.c: scope_hint: In function ‘strtokenize’
libgcrypt-1.10.3/tests/testdrv.c:101:22: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc(bytes)’
libgcrypt-1.10.3/tests/testdrv.c:315:10: note: in expansion of macro ‘spacep’
libgcrypt-1.10.3/tests/testdrv.c:315:10: note: in expansion of macro ‘spacep’
# 99| #define DIMof(type,member) DIM(((type *)0)->member)
# 100| #define xfree(a) free ((a))
# 101|-> #define spacep(p) (*(p) == ' ' || *(p) == '\t')
# 102|
# 103| /* If we have a decent libgpg-error we can use some gcc attributes. */
Error: GCC_ANALYZER_WARNING (CWE-775):
libgcrypt-1.10.3/tests/testdrv.c:554:10: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 0)’
# 552| die ("failed to open '%s': %s\n", "/dev/null", strerror (errno));
# 553| }
# 554|-> if (fd != 0 && dup2 (fd, 0) == -1)
# 555| {
# 556| xfree (arg_list);
Error: GCC_ANALYZER_WARNING (CWE-775):
libgcrypt-1.10.3/tests/testdrv.c:554:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 0), 0)’
# 552| die ("failed to open '%s': %s\n", "/dev/null", strerror (errno));
# 553| }
# 554|-> if (fd != 0 && dup2 (fd, 0) == -1)
# 555| {
# 556| xfree (arg_list);
Error: GCC_ANALYZER_WARNING (CWE-775):
libgcrypt-1.10.3/tests/testdrv.c:554:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 0)’
# 552| die ("failed to open '%s': %s\n", "/dev/null", strerror (errno));
# 553| }
# 554|-> if (fd != 0 && dup2 (fd, 0) == -1)
# 555| {
# 556| xfree (arg_list);
Error: GCC_ANALYZER_WARNING (CWE-775):
libgcrypt-1.10.3/tests/testdrv.c:568:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 0)’
# 566| die ("failed to open '%s': %s\n", "/dev/null", strerror (errno));
# 567| }
# 568|-> if (fd != 1 && dup2 (fd, 1) == -1)
# 569| {
# 570| xfree (arg_list);
Error: GCC_ANALYZER_WARNING (CWE-775):
libgcrypt-1.10.3/tests/testdrv.c:568:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 0), 1)’
# 566| die ("failed to open '%s': %s\n", "/dev/null", strerror (errno));
# 567| }
# 568|-> if (fd != 1 && dup2 (fd, 1) == -1)
# 569| {
# 570| xfree (arg_list);
Error: GCC_ANALYZER_WARNING (CWE-775):
libgcrypt-1.10.3/tests/testdrv.c:568:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 0)’
# 566| die ("failed to open '%s': %s\n", "/dev/null", strerror (errno));
# 567| }
# 568|-> if (fd != 1 && dup2 (fd, 1) == -1)
# 569| {
# 570| xfree (arg_list);