Error: GCC_ANALYZER_WARNING (CWE-775): [#def1] osbuild-composer-161/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘parse_proc_stringlist’ osbuild-composer-161/vendor/github.com/containers/storage/pkg/unshare/unshare.c:156:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’ # 154| ret[i] = NULL; # 155| return ret; # 156|-> } # 157| # 158| /* Error: GCC_ANALYZER_WARNING (CWE-401): [#def2] osbuild-composer-161/vendor/github.com/containers/storage/pkg/unshare/unshare.c:156:1: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’ # 154| ret[i] = NULL; # 155| return ret; # 156|-> } # 157| # 158| /* Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] osbuild-composer-161/vendor/github.com/containers/storage/pkg/unshare/unshare.c:156:1: warning[-Wanalyzer-malloc-leak]: leak of ‘new_buf’ # 154| ret[i] = NULL; # 155| return ret; # 156|-> } # 157| # 158| /* Error: COMPILER_WARNING (CWE-704): [#def4] osbuild-composer-161/vendor/github.com/mattn/go-sqlite3/sqlite3-binding.c: scope_hint: In function ‘sqlite3ShadowTableName’ osbuild-composer-161/vendor/github.com/mattn/go-sqlite3/sqlite3-binding.c:124684:9: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type #124682| char *zTail; /* Pointer to the last "_" in zName */ #124683| Table *pTab; /* Table that zName is a shadow of */ #124684|-> zTail = strrchr(zName, '_'); #124685| if( zTail==0 ) return 0; #124686| *zTail = 0; Error: CPPCHECK_WARNING (CWE-476): [#def5] osbuild-composer-161/vendor/github.com/miekg/pkcs11/pkcs11.go:77: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: c # 75| CK_C_GetFunctionList list; # 76| struct ctx *c = calloc(1, sizeof(struct ctx)); # 77|-> c->handle = dlopen(module, RTLD_LAZY); # 78| if (c->handle == NULL) { # 79| free(c); Error: GCC_ANALYZER_WARNING (CWE-476): [#def6] osbuild-composer-161/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function 'New' osbuild-composer-161/vendor/github.com/miekg/pkcs11/pkcs11.go:77:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'c' # 75| CK_C_GetFunctionList list; # 76| struct ctx *c = calloc(1, sizeof(struct ctx)); # 77|-> c->handle = dlopen(module, RTLD_LAZY); # 78| if (c->handle == NULL) { # 79| free(c); Error: GCC_ANALYZER_WARNING (CWE-476): [#def7] osbuild-composer-161/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function ‘New’ osbuild-composer-161/vendor/github.com/miekg/pkcs11/pkcs11.go:77:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘c’ # 75| CK_C_GetFunctionList list; # 76| struct ctx *c = calloc(1, sizeof(struct ctx)); # 77|-> c->handle = dlopen(module, RTLD_LAZY); # 78| if (c->handle == NULL) { # 79| free(c); Error: CPPCHECK_WARNING (CWE-476): [#def8] osbuild-composer-161/vendor/github.com/miekg/pkcs11/pkcs11.go:78: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: c # 76| struct ctx *c = calloc(1, sizeof(struct ctx)); # 77| c->handle = dlopen(module, RTLD_LAZY); # 78|-> if (c->handle == NULL) { # 79| free(c); # 80| return NULL; Error: CPPCHECK_WARNING (CWE-476): [#def9] osbuild-composer-161/vendor/github.com/miekg/pkcs11/pkcs11.go:82: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: c # 80| return NULL; # 81| } # 82|-> list = (CK_C_GetFunctionList) dlsym(c->handle, "C_GetFunctionList"); # 83| if (list == NULL) { # 84| free(c); Error: CPPCHECK_WARNING (CWE-476): [#def10] osbuild-composer-161/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go:60: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ret # 58| # 59| ret = (char *)malloc((strlen(enc)+1) * sizeof(char)); // for trailing null # 60|-> strcpy(ret, enc); # 61| ret[strlen(enc)]= '\0'; # 62| Error: GCC_ANALYZER_WARNING (CWE-688): [#def11] osbuild-composer-161/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go: scope_hint: In function 'gnu_ext_crypt' osbuild-composer-161/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go:60:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'ret' where non-null expected osbuild-composer-161/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go:45: included_from: Included from here. /usr/include/string.h:156:14: note: argument 1 of 'strcpy' must be non-null # 58| # 59| ret = (char *)malloc((strlen(enc)+1) * sizeof(char)); // for trailing null # 60|-> strcpy(ret, enc); # 61| ret[strlen(enc)]= '\0'; # 62| Error: GCC_ANALYZER_WARNING (CWE-688): [#def12] osbuild-composer-161/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go: scope_hint: In function ‘gnu_ext_crypt’ osbuild-composer-161/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go:60:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘ret’ where non-null expected osbuild-composer-161/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go:45: included_from: Included from here. /usr/include/string.h:156:14: note: argument 1 of ‘strcpy’ must be non-null # 58| # 59| ret = (char *)malloc((strlen(enc)+1) * sizeof(char)); // for trailing null # 60|-> strcpy(ret, enc); # 61| ret[strlen(enc)]= '\0'; # 62| Error: CPPCHECK_WARNING (CWE-476): [#def13] osbuild-composer-161/vendor/github.com/osbuild/images/pkg/crypt/crypt_impl.go:61: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ret # 59| ret = (char *)malloc((strlen(enc)+1) * sizeof(char)); // for trailing null # 60| strcpy(ret, enc); # 61|-> ret[strlen(enc)]= '\0'; # 62| # 63| return ret; Error: CPPCHECK_WARNING (CWE-682): [#def14] osbuild-composer-161/vendor/github.com/ubccr/kerby/base64.c:49: error[nullPointerArithmeticOutOfMemory]: If memory allocation fails: pointer addition with NULL pointer. # 47| while (vlen >= 3) # 48| { # 49|-> *out++ = basis_64[value[0] >> 2]; # 50| *out++ = basis_64[((value[0] << 4) & 0x30) | (value[1] >> 4)]; # 51| *out++ = basis_64[((value[1] << 2) & 0x3C) | (value[2] >> 6)]; Error: CPPCHECK_WARNING (CWE-476): [#def15] osbuild-composer-161/vendor/github.com/ubccr/kerby/base64.c:49: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: out++ # 47| while (vlen >= 3) # 48| { # 49|-> *out++ = basis_64[value[0] >> 2]; # 50| *out++ = basis_64[((value[0] << 4) & 0x30) | (value[1] >> 4)]; # 51| *out++ = basis_64[((value[1] << 2) & 0x3C) | (value[2] >> 6)]; Error: GCC_ANALYZER_WARNING (CWE-476): [#def16] osbuild-composer-161/vendor/github.com/ubccr/kerby/base64.c: scope_hint: In function ‘base64_encode’ osbuild-composer-161/vendor/github.com/ubccr/kerby/base64.c:49:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’ # 47| while (vlen >= 3) # 48| { # 49|-> *out++ = basis_64[value[0] >> 2]; # 50| *out++ = basis_64[((value[0] << 4) & 0x30) | (value[1] >> 4)]; # 51| *out++ = basis_64[((value[1] << 2) & 0x3C) | (value[2] >> 6)]; Error: GCC_ANALYZER_WARNING (CWE-476): [#def17] osbuild-composer-161/vendor/github.com/ubccr/kerby/base64.c:58:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’ # 56| if (vlen > 0) # 57| { # 58|-> *out++ = basis_64[value[0] >> 2]; # 59| unsigned char oval = (value[0] << 4) & 0x30; # 60| if (vlen > 1) oval |= value[1] >> 4; Error: GCC_ANALYZER_WARNING (CWE-476): [#def18] osbuild-composer-161/vendor/github.com/ubccr/kerby/base64.c:65:10: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’ # 63| *out++ = '='; # 64| } # 65|-> *out = '\0'; # 66| # 67| return result; Error: GCC_ANALYZER_WARNING (CWE-476): [#def19] osbuild-composer-161/vendor/github.com/ubccr/kerby/base64.c: scope_hint: In function ‘base64_decode’ osbuild-composer-161/vendor/github.com/ubccr/kerby/base64.c:106:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘out’ # 104| # 105| value += 4; # 106|-> *out++ = (CHAR64(c1) << 2) | (CHAR64(c2) >> 4); # 107| *rlen += 1; # 108| Error: GCC_ANALYZER_WARNING (CWE-476): [#def20] osbuild-composer-161/vendor/github.com/ubccr/kerby/base64.c:121:13: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘result’ # 119| # 120| base64_decode_error: # 121|-> *result = 0; # 122| *rlen = 0; # 123| Error: GCC_ANALYZER_WARNING (CWE-688): [#def21] osbuild-composer-161/vendor/github.com/ubccr/kerby/kerberosgss.c: scope_hint: In function ‘authenticate_gss_client_step’ osbuild-composer-161/vendor/github.com/ubccr/kerby/kerberosgss.c:219:13: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*state.username’ where non-null expected osbuild-composer-161/vendor/github.com/ubccr/kerby/kerberosgss.c:25: included_from: Included from here. /usr/include/string.h:159:14: note: argument 1 of ‘strncpy’ must be non-null # 217| } else { # 218| state->username = (char *)malloc(name_token.length + 1); # 219|-> strncpy(state->username, (char*) name_token.value, name_token.length); # 220| state->username[name_token.length] = 0; # 221| gss_release_buffer(&state->min_stat, &name_token); Error: GCC_ANALYZER_WARNING (CWE-688): [#def22] osbuild-composer-161/vendor/github.com/ubccr/kerby/kerberosgss.c: scope_hint: In function ‘authenticate_gss_server_step’ osbuild-composer-161/vendor/github.com/ubccr/kerby/kerberosgss.c:386:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*state.username’ where non-null expected /usr/include/string.h:159:14: note: argument 1 of ‘strncpy’ must be non-null # 384| } # 385| state->username = (char *)malloc(output_token.length + 1); # 386|-> strncpy(state->username, (char*) output_token.value, output_token.length); # 387| state->username[output_token.length] = 0; # 388| Error: GCC_ANALYZER_WARNING (CWE-688): [#def23] osbuild-composer-161/vendor/github.com/ubccr/kerby/kerberosgss.c:408:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*state.targetname’ where non-null expected /usr/include/string.h:159:14: note: argument 1 of ‘strncpy’ must be non-null # 406| } # 407| state->targetname = (char *)malloc(output_token.length + 1); # 408|-> strncpy( # 409| state->targetname, (char*) output_token.value, output_token.length # 410| );
| analyzer-version-clippy | 1.93.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.1 |
| analyzer-version-gcc-analyzer | 16.0.1 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-226.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20260119.105402.g7a5be1b.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | osbuild-composer-161-1.20260204082951117865.main.1.gf41ab99be |
| store-results-to | /tmp/tmpaeg4kmtz/osbuild-composer-161-1.20260204082951117865.main.1.gf41ab99be.tar.xz |
| time-created | 2026-02-06 11:34:00 |
| time-finished | 2026-02-06 11:42:36 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'cppcheck,unicontrol,shellcheck,gcc,clippy' '-o' '/tmp/tmpaeg4kmtz/osbuild-composer-161-1.20260204082951117865.main.1.gf41ab99be.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmpaeg4kmtz/osbuild-composer-161-1.20260204082951117865.main.1.gf41ab99be.src.rpm' |
| tool-version | csmock-3.8.3.20260128.181932.g41af877-1.el9 |