Newly introduced findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1]
crun-HEAD/src/libcrun/handlers/krun.c: scope_hint: In function 'libkrun_start_passt'
crun-HEAD/src/libcrun/handlers/krun.c:557:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd[0]'
#  555|     ret = pipe (pipefd);
#  556|     if (UNLIKELY (ret == -1))
#  557|->     return ret;
#  558|   
#  559|     pid = fork ();

Error: GCC_ANALYZER_WARNING (CWE-775): [#def2]
crun-HEAD/src/libcrun/handlers/krun.c:562:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd[0]'
#  560|     if (pid < 0)
#  561|       {
#  562|->       close (pipefd[0]);
#  563|         close (pipefd[1]);
#  564|         return pid;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def3]
crun-HEAD/src/libcrun/handlers/krun.c:562:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd[1]'
#  560|     if (pid < 0)
#  561|       {
#  562|->       close (pipefd[0]);
#  563|         close (pipefd[1]);
#  564|         return pid;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def4]
crun-HEAD/src/libcrun/handlers/krun.c:563:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd[1]'
#  561|       {
#  562|         close (pipefd[0]);
#  563|->       close (pipefd[1]);
#  564|         return pid;
#  565|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def5]
crun-HEAD/src/libcrun/handlers/krun.c:568:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd[0]'
#  566|     else if (pid == 0)
#  567|       {
#  568|->       close (pipefd[0]);
#  569|   
#  570|         ret = dup2 (pipefd[1], STDERR_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def6]
crun-HEAD/src/libcrun/handlers/krun.c:568:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd[1]'
#  566|     else if (pid == 0)
#  567|       {
#  568|->       close (pipefd[0]);
#  569|   
#  570|         ret = dup2 (pipefd[1], STDERR_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def7]
crun-HEAD/src/libcrun/handlers/krun.c:576:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd[1]'
#  574|           }
#  575|   
#  576|->       close (pipefd[1]);
#  577|         execvp ("passt", argv);
#  578|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def8]
crun-HEAD/src/libcrun/handlers/krun.c:576:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'ret'
#  574|           }
#  575|   
#  576|->       close (pipefd[1]);
#  577|         execvp ("passt", argv);
#  578|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def9]
crun-HEAD/src/libcrun/handlers/krun.c:584:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd[0]'
#  582|            simple way to do it is with a blocking read on its stdout. */
#  583|         char buffer[1];
#  584|->       close (pipefd[1]);
#  585|         ret = read (pipefd[0], buffer, 1);
#  586|         if (UNLIKELY (ret < 0))

Error: GCC_ANALYZER_WARNING (CWE-775): [#def10]
crun-HEAD/src/libcrun/handlers/krun.c:584:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd[1]'
#  582|            simple way to do it is with a blocking read on its stdout. */
#  583|         char buffer[1];
#  584|->       close (pipefd[1]);
#  585|         ret = read (pipefd[0], buffer, 1);
#  586|         if (UNLIKELY (ret < 0))

Error: GCC_ANALYZER_WARNING (CWE-775): [#def11]
crun-HEAD/src/libcrun/handlers/krun.c:588:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd[0]'
#  586|         if (UNLIKELY (ret < 0))
#  587|           return ret;
#  588|->       close (pipefd[0]);
#  589|       }
#  590|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def12]
crun-HEAD/src/libcrun/handlers/krun.c:592:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'ret'
#  590|   
#  591|     return 0;
#  592|-> }
#  593|   
#  594|   /* libkrun_create_kvm_device: explicitly adds kvm device.  */

Error: COMPILER_WARNING (CWE-563): [#def13]
crun-HEAD/src/libcrun/handlers/krun.c: scope_hint: In function 'libkrun_close_fds'
crun-HEAD/src/libcrun/handlers/krun.c:936:7: warning[-Wunused-variable]: unused variable 'ret'
#  936 |   int ret;
#      |       ^~~
#  934|     int high_passt_fd;
#  935|     int low_passt_fd;
#  936|->   int ret;
#  937|     int i;
#  938|

Scan Properties

analyzer-version-clippy	1.93.0
analyzer-version-cppcheck	2.19.1
analyzer-version-gcc	16.0.1
analyzer-version-gcc-analyzer	16.0.1
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.93.0
diffbase-analyzer-version-cppcheck	2.19.1
diffbase-analyzer-version-gcc	16.0.1
diffbase-analyzer-version-gcc-analyzer	16.0.1
diffbase-analyzer-version-shellcheck	0.11.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-161.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20260119.105402.g7a5be1b.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	crun-1.26-1.20260208184922351896.main.68.g96136b3a
diffbase-store-results-to	/tmp/tmph1ju89yu/crun-1.26-1.20260208184922351896.main.68.g96136b3a.tar.xz
diffbase-time-created	2026-02-09 17:01:07
diffbase-time-finished	2026-02-09 17:12:11
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,clippy,cppcheck,shellcheck,gcc' '-o' '/tmp/tmph1ju89yu/crun-1.26-1.20260208184922351896.main.68.g96136b3a.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmph1ju89yu/crun-1.26-1.20260208184922351896.main.68.g96136b3a.src.rpm'
diffbase-tool-version	csmock-3.8.3.20260128.181932.g41af877-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-161.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20260119.105402.g7a5be1b.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	crun-1.26-1.20260209163142979447.pr1913.78.gfabde214
store-results-to	/tmp/tmpl31_xse8/crun-1.26-1.20260209163142979447.pr1913.78.gfabde214.tar.xz
time-created	2026-02-09 17:12:34
time-finished	2026-02-09 17:21:33
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,clippy,cppcheck,shellcheck,gcc' '-o' '/tmp/tmpl31_xse8/crun-1.26-1.20260209163142979447.pr1913.78.gfabde214.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmpl31_xse8/crun-1.26-1.20260209163142979447.pr1913.78.gfabde214.src.rpm'
tool-version	csmock-3.8.3.20260128.181932.g41af877-1.el9