Error: GCC_ANALYZER_WARNING (CWE-688): [#def1] subscription-manager-1.30.12/src/certificate.c: scope_hint: In function ‘get_extension_by_object’ subscription-manager-1.30.12/src/certificate.c:273:33: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*output’ where non-null expected /usr/include/python3.14/Python.h:40: included_from: Included from here. subscription-manager-1.30.12/src/certificate.c:44: included_from: Included from here. /usr/include/string.h:47:14: note: argument 1 of ‘memcpy’ must be non-null # 271| (ASN1_OCTET_STRING)); # 272| *output = malloc (octstr->length); # 273|-> memcpy (*output, octstr->data, octstr->length); # 274| size = octstr->length; # 275| ASN1_OCTET_STRING_free (octstr); Error: GCC_ANALYZER_WARNING (CWE-688): [#def2] subscription-manager-1.30.12/src/certificate.c:273:33: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘value’ where non-null expected /usr/include/string.h:47:14: note: argument 1 of ‘memcpy’ must be non-null # 271| (ASN1_OCTET_STRING)); # 272| *output = malloc (octstr->length); # 273|-> memcpy (*output, octstr->data, octstr->length); # 274| size = octstr->length; # 275| ASN1_OCTET_STRING_free (octstr); Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] subscription-manager-1.30.12/src/certificate.c:285:33: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’ # 283| size_t size = BIO_ctrl_pending (bio); # 284| char *buf = malloc (sizeof (char) * size); # 285|-> BIO_read (bio, buf, size); # 286| *output = buf; # 287| BIO_free (bio); Error: GCC_ANALYZER_WARNING (CWE-401): [#def4] subscription-manager-1.30.12/src/certificate.c: scope_hint: In function ‘as_pem’ subscription-manager-1.30.12/src/certificate.c:460:9: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’ # 458| size_t size = BIO_ctrl_pending (bio); # 459| char *buf = malloc (sizeof (char) * size); # 460|-> BIO_read (bio, buf, size); # 461| BIO_free (bio); # 462| Error: GCC_ANALYZER_WARNING (CWE-401): [#def5] subscription-manager-1.30.12/src/certificate.c: scope_hint: In function ‘as_text’ subscription-manager-1.30.12/src/certificate.c:480:9: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’ # 478| size_t size = BIO_ctrl_pending (bio); # 479| char *buf = malloc (sizeof (char) * size); # 480|-> BIO_read (bio, buf, size); # 481| BIO_free (bio); # 482| Error: GCC_ANALYZER_WARNING (CWE-401): [#def6] subscription-manager-1.30.12/src/certificate.c: scope_hint: In function ‘time_to_string’ subscription-manager-1.30.12/src/certificate.c:576:9: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’ # 574| size_t size = BIO_ctrl_pending (bio); # 575| char *buf = malloc (sizeof (char) * size); # 576|-> BIO_read (bio, buf, size); # 577| BIO_free (bio); # 578| Error: GCC_ANALYZER_WARNING (CWE-401): [#def7] subscription-manager-1.30.12/src/daemons/rhsmcertd.c: scope_hint: In function ‘get_int_from_config_file’ subscription-manager-1.30.12/src/daemons/rhsmcertd.c:496:17: warning[-Wanalyzer-malloc-leak]: leak of ‘config’ # 494| { # 495| GError *error = NULL; # 496|-> int value = g_key_file_get_integer (key_file, group, key, &error); # 497| // If key does not exist in config file, return CONFIG_KEY_NOT_FOUND, aka 0 # 498| if (error != NULL && error->code == G_KEY_FILE_ERROR_KEY_NOT_FOUND) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] subscription-manager-1.30.12/src/daemons/rhsmcertd.c:509:27: warning[-Wanalyzer-malloc-leak]: leak of ‘config’ # 507| // we are on a lesser version, we have to deal with it ourselves # 508| // since by default it returns 0. # 509|-> char *str_value = g_key_file_get_string (key_file, group, key, NULL); # 510| if(str_value != NULL) { # 511| g_strchomp(str_value); Error: GCC_ANALYZER_WARNING (CWE-401): [#def9] subscription-manager-1.30.12/src/daemons/rhsmcertd.c:511:13: warning[-Wanalyzer-malloc-leak]: leak of ‘config’ # 509| char *str_value = g_key_file_get_string (key_file, group, key, NULL); # 510| if(str_value != NULL) { # 511|-> g_strchomp(str_value); # 512| value = atoi(str_value); # 513| free(str_value); Error: GCC_ANALYZER_WARNING (CWE-401): [#def10] subscription-manager-1.30.12/src/daemons/rhsmcertd.c: scope_hint: In function ‘get_bool_from_config_file’ subscription-manager-1.30.12/src/daemons/rhsmcertd.c:524:18: warning[-Wanalyzer-malloc-leak]: leak of ‘config’ # 522| { # 523| GError *error = NULL; # 524|-> bool value = g_key_file_get_boolean (key_file, group, key, &error); # 525| // If key does not exist in config file, return the default_value given # 526| if (error != NULL && (error->code == G_KEY_FILE_ERROR_KEY_NOT_FOUND || error->code == G_KEY_FILE_ERROR_INVALID_VALUE)) { Error: CPPCHECK_WARNING (CWE-476): [#def11] subscription-manager-1.30.12/src/daemons/rhsmcertd.c:715: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: config # 713| # 714| // Set the default values # 715|-> config->auto_reg_interval_seconds = DEFAULT_AUTO_REG_INTERVAL_SECONDS; # 716| config->cert_interval_seconds = DEFAULT_CERT_INTERVAL_SECONDS; # 717| config->splay = DEFAULT_SPLAY_ENABLED; Error: GCC_ANALYZER_WARNING (CWE-476): [#def12] subscription-manager-1.30.12/src/daemons/rhsmcertd.c: scope_hint: In function ‘get_config’ subscription-manager-1.30.12/src/daemons/rhsmcertd.c:715:39: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘config’ # 713| # 714| // Set the default values # 715|-> config->auto_reg_interval_seconds = DEFAULT_AUTO_REG_INTERVAL_SECONDS; # 716| config->cert_interval_seconds = DEFAULT_CERT_INTERVAL_SECONDS; # 717| config->splay = DEFAULT_SPLAY_ENABLED; Error: CPPCHECK_WARNING (CWE-476): [#def13] subscription-manager-1.30.12/src/daemons/rhsmcertd.c:716: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: config # 714| // Set the default values # 715| config->auto_reg_interval_seconds = DEFAULT_AUTO_REG_INTERVAL_SECONDS; # 716|-> config->cert_interval_seconds = DEFAULT_CERT_INTERVAL_SECONDS; # 717| config->splay = DEFAULT_SPLAY_ENABLED; # 718| config->auto_registration = DEFAULT_AUTO_REGISTRATION; Error: CPPCHECK_WARNING (CWE-476): [#def14] subscription-manager-1.30.12/src/daemons/rhsmcertd.c:717: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: config # 715| config->auto_reg_interval_seconds = DEFAULT_AUTO_REG_INTERVAL_SECONDS; # 716| config->cert_interval_seconds = DEFAULT_CERT_INTERVAL_SECONDS; # 717|-> config->splay = DEFAULT_SPLAY_ENABLED; # 718| config->auto_registration = DEFAULT_AUTO_REGISTRATION; # 719| Error: CPPCHECK_WARNING (CWE-476): [#def15] subscription-manager-1.30.12/src/daemons/rhsmcertd.c:718: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: config # 716| config->cert_interval_seconds = DEFAULT_CERT_INTERVAL_SECONDS; # 717| config->splay = DEFAULT_SPLAY_ENABLED; # 718|-> config->auto_registration = DEFAULT_AUTO_REGISTRATION; # 719| # 720| // Load configuration values from the configuration file Error: GCC_ANALYZER_WARNING (CWE-401): [#def16] subscription-manager-1.30.12/src/daemons/rhsmcertd.c:723:26: warning[-Wanalyzer-malloc-leak]: leak of ‘config’ # 721| // which, if defined, will overwrite the current defaults. # 722| debug ("Loading configuration from: %s", RHSM_CONFIG_FILE); # 723|-> GKeyFile *key_file = g_key_file_new (); # 724| if (!g_key_file_load_from_file # 725| (key_file, RHSM_CONFIG_FILE, G_KEY_FILE_NONE, NULL)) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def17] subscription-manager-1.30.12/src/daemons/rhsmcertd.c:724:10: warning[-Wanalyzer-malloc-leak]: leak of ‘config’ # 722| debug ("Loading configuration from: %s", RHSM_CONFIG_FILE); # 723| GKeyFile *key_file = g_key_file_new (); # 724|-> if (!g_key_file_load_from_file # 725| (key_file, RHSM_CONFIG_FILE, G_KEY_FILE_NONE, NULL)) { # 726| warn ("Unable to read configuration file values, ignoring."); Error: GCC_ANALYZER_WARNING (CWE-401): [#def18] subscription-manager-1.30.12/src/plugins/libdnf/product-id.c: scope_hint: In function ‘pluginInitHandle’ subscription-manager-1.30.12/src/plugins/libdnf/product-id.c:65:27: warning[-Wanalyzer-malloc-leak]: leak of ‘handle’ # 63| handle->version = version; # 64| handle->mode = mode; # 65|-> handle->context = pluginGetContext(initData); # 66| } else { # 67| error("Unable to allocate memory for plugin handle"); Error: CPPCHECK_WARNING (CWE-476): [#def19] subscription-manager-1.30.12/src/plugins/libdnf/product-id.c:165: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: repoProductId # 163| RepoProductId *initRepoProductId(void) { # 164| RepoProductId *repoProductId = (RepoProductId*) malloc(sizeof(RepoProductId)); # 165|-> repoProductId->repo = NULL; # 166| repoProductId->productIdPath = NULL; # 167| repoProductId->isInstalled = FALSE; Error: GCC_ANALYZER_WARNING (CWE-476): [#def20] subscription-manager-1.30.12/src/plugins/libdnf/product-id.c: scope_hint: In function ‘initRepoProductId’ subscription-manager-1.30.12/src/plugins/libdnf/product-id.c:165:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘repoProductId’ # 163| RepoProductId *initRepoProductId(void) { # 164| RepoProductId *repoProductId = (RepoProductId*) malloc(sizeof(RepoProductId)); # 165|-> repoProductId->repo = NULL; # 166| repoProductId->productIdPath = NULL; # 167| repoProductId->isInstalled = FALSE; Error: CPPCHECK_WARNING (CWE-476): [#def21] subscription-manager-1.30.12/src/plugins/libdnf/product-id.c:166: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: repoProductId # 164| RepoProductId *repoProductId = (RepoProductId*) malloc(sizeof(RepoProductId)); # 165| repoProductId->repo = NULL; # 166|-> repoProductId->productIdPath = NULL; # 167| repoProductId->isInstalled = FALSE; # 168| return repoProductId; Error: CPPCHECK_WARNING (CWE-476): [#def22] subscription-manager-1.30.12/src/plugins/libdnf/product-id.c:167: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: repoProductId # 165| repoProductId->repo = NULL; # 166| repoProductId->productIdPath = NULL; # 167|-> repoProductId->isInstalled = FALSE; # 168| return repoProductId; # 169| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def23] subscription-manager-1.30.12/src/plugins/libdnf/product-id.c: scope_hint: In function ‘pluginHook’ subscription-manager-1.30.12/src/plugins/libdnf/product-id.c:412:43: warning[-Wanalyzer-malloc-leak]: leak of ‘initRepoProductId()’ /usr/include/glib-2.0/glib.h:33: included_from: Included from here. # 410| // TODO: do not fetch productid certificate, when dnf context is set to cache-only mode # 411| // Microdnf nor PackageKit do not support this feature ATM # 412|-> gboolean cache_only = dnf_context_get_cache_only(dnfContext); # 413| if (cache_only == TRUE) { # 414| debug("DNF context is set to: cache-only"); Error: GCC_ANALYZER_WARNING (CWE-401): [#def24] subscription-manager-1.30.12/src/plugins/libdnf/product-id.c: scope_hint: In function ‘fetchProductId’ subscription-manager-1.30.12/src/plugins/libdnf/product-id.c:694:26: warning[-Wanalyzer-malloc-leak]: leak of ‘initRepoProductId()’ # 692| GError *tmp_err = NULL; # 693| # 694|-> LrHandle *lrHandle = dnf_repo_get_lr_handle(repo); # 695| if (lrHandle == NULL) { # 696| return ret; Error: GCC_ANALYZER_WARNING (CWE-401): [#def25] subscription-manager-1.30.12/src/plugins/libdnf/product-id.c:699:26: warning[-Wanalyzer-malloc-leak]: leak of ‘initRepoProductId()’ # 697| } # 698| # 699|-> LrResult *lrResult = dnf_repo_get_lr_result(repo); # 700| if (lrResult == NULL) { # 701| return ret; Error: GCC_ANALYZER_WARNING (CWE-401): [#def26] subscription-manager-1.30.12/src/plugins/libdnf/product-id.c:706:5: warning[-Wanalyzer-malloc-leak]: leak of ‘initRepoProductId()’ # 704| // getinfo uses the LRI* constants while setopt uses LRO* # 705| char *destdir; # 706|-> lr_handle_getinfo(lrHandle, &tmp_err, LRI_DESTDIR, &destdir); # 707| if (tmp_err) { # 708| printError("Unable to get information about destination folder", tmp_err); Error: GCC_ANALYZER_WARNING (CWE-401): [#def27] subscription-manager-1.30.12/src/plugins/libdnf/product-id.c:707:9: warning[-Wanalyzer-malloc-leak]: leak of ‘initRepoProductId()’ # 705| char *destdir; # 706| lr_handle_getinfo(lrHandle, &tmp_err, LRI_DESTDIR, &destdir); # 707|-> if (tmp_err) { # 708| printError("Unable to get information about destination folder", tmp_err); # 709| tmp_err = NULL; Error: CPPCHECK_WARNING (CWE-476): [#def28] subscription-manager-1.30.12/src/plugins/libdnf/productdb.c:34: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: productDb # 32| ProductDb *initProductDb() { # 33| ProductDb *productDb = malloc(sizeof(ProductDb)); # 34|-> productDb->path = NULL; # 35| // We do not provide method for freeing value, because it would be ineficient to # 36| // free and recreate GSList everytime we add/remove item in the list Error: GCC_ANALYZER_WARNING (CWE-476): [#def29] subscription-manager-1.30.12/src/plugins/libdnf/productdb.c: scope_hint: In function ‘initProductDb’ subscription-manager-1.30.12/src/plugins/libdnf/productdb.c:34:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘productDb’ # 32| ProductDb *initProductDb() { # 33| ProductDb *productDb = malloc(sizeof(ProductDb)); # 34|-> productDb->path = NULL; # 35| // We do not provide method for freeing value, because it would be ineficient to # 36| // free and recreate GSList everytime we add/remove item in the list Error: CPPCHECK_WARNING (CWE-476): [#def30] subscription-manager-1.30.12/src/plugins/libdnf/productdb.c:37: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: productDb # 35| // We do not provide method for freeing value, because it would be ineficient to # 36| // free and recreate GSList everytime we add/remove item in the list # 37|-> productDb->repoMap = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, NULL); # 38| return productDb; # 39| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def31] subscription-manager-1.30.12/src/plugins/libdnf/productdb.c:37:26: warning[-Wanalyzer-malloc-leak]: leak of ‘productDb’ # 35| // We do not provide method for freeing value, because it would be ineficient to # 36| // free and recreate GSList everytime we add/remove item in the list # 37|-> productDb->repoMap = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, NULL); # 38| return productDb; # 39| }
| analyzer-version-clippy | 1.93.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.1 |
| analyzer-version-gcc-analyzer | 16.0.1 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-210.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20260119.105402.g7a5be1b.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | subscription-manager-1.30.12-1.20260123143056037844.main.0.gcc18d7c21 |
| store-results-to | /tmp/tmpttnw1i9f/subscription-manager-1.30.12-1.20260123143056037844.main.0.gcc18d7c21.tar.xz |
| time-created | 2026-02-04 16:29:36 |
| time-finished | 2026-02-04 16:31:36 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'cppcheck,unicontrol,shellcheck,gcc,clippy' '-o' '/tmp/tmpttnw1i9f/subscription-manager-1.30.12-1.20260123143056037844.main.0.gcc18d7c21.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmpttnw1i9f/subscription-manager-1.30.12-1.20260123143056037844.main.0.gcc18d7c21.src.rpm' |
| tool-version | csmock-3.8.3.20260128.181932.g41af877-1.el9 |