Newly introduced findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-688): [#def1]
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'join_namespaces'
crun-HEAD/src/libcrun/linux.c:4026:17: warning[-Wanalyzer-null-argument]: use of NULL 'cwd' where non-null expected
/usr/include/unistd.h:517:12: note: argument 1 of 'chdir' must be non-null
# 4024|         if (value == CLONE_NEWNS)
# 4025|           {
# 4026|->           ret = chdir (cwd);
# 4027|             if (UNLIKELY (ret < 0))
# 4028|               return crun_make_error (err, errno, "chdir `%s`", cwd);

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def2]
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'libcrun_join_process'
crun-HEAD/src/libcrun/linux.c:5727:25: warning[-Wanalyzer-fd-double-close]: double 'close' of file descriptor 'sync_socket_fd[0]'
# 5725|   exit:
# 5726|     if (sync_socket_fd[0] >= 0)
# 5727|->     TEMP_FAILURE_RETRY (close (sync_socket_fd[0]));
# 5728|     if (sync_socket_fd[1] >= 0)
# 5729|       TEMP_FAILURE_RETRY (close (sync_socket_fd[1]));

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def3]
crun-HEAD/src/libcrun/linux.c:5729:25: warning[-Wanalyzer-fd-double-close]: double 'close' of file descriptor 'sync_socket_fd[1]'
# 5727|       TEMP_FAILURE_RETRY (close (sync_socket_fd[0]));
# 5728|     if (sync_socket_fd[1] >= 0)
# 5729|->     TEMP_FAILURE_RETRY (close (sync_socket_fd[1]));
# 5730|     return ret;
# 5731|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'libcrun_make_runtime_mounts'
crun-HEAD/src/libcrun/linux.c:6353:1: warning[-Wanalyzer-malloc-leak]: leak of 'data'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'libcrun_make_runtime_mounts'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'libcrun_make_runtime_mounts'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'libcrun_make_runtime_mounts'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'libcrun_make_runtime_mounts'
# 6351|   
# 6352|     return run_in_container_namespace (status, do_mount_in_a_container, &args, err);
# 6353|-> }
# 6354|   
# 6355|   int

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def5]
crun-HEAD/src/libcrun/utils.h:213:33: warning[-Wanalyzer-fd-double-close]: double 'close' of file descriptor '**cgroup_dirfd.dirfd'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
#  211|     if (*fd >= 0)
#  212|       {
#  213|->       ret = TEMP_FAILURE_RETRY (close (*fd));
#  214|         if (LIKELY (ret == 0))
#  215|           *fd = -1;

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def6]
crun-HEAD/src/libcrun/utils.h:213:33: warning[-Wanalyzer-fd-double-close]: double 'close' of file descriptor 'gid_fd'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
crun-HEAD/src/libcrun/linux.c:3752:12: note: in expansion of macro 'crun_make_error'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
crun-HEAD/src/libcrun/linux.c:443:16: note: in expansion of macro 'crun_make_error'
#  211|     if (*fd >= 0)
#  212|       {
#  213|->       ret = TEMP_FAILURE_RETRY (close (*fd));
#  214|         if (LIKELY (ret == 0))
#  215|           *fd = -1;

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def7]
crun-HEAD/src/libcrun/utils.h:213:33: warning[-Wanalyzer-fd-double-close]: double 'close' of file descriptor 'targetfd'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
crun-HEAD/src/libcrun/linux.c:3752:12: note: in expansion of macro 'crun_make_error'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
crun-HEAD/src/libcrun/linux.c:3971:12: note: in expansion of macro 'crun_make_error'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'close_and_reset.part.0'
#  211|     if (*fd >= 0)
#  212|       {
#  213|->       ret = TEMP_FAILURE_RETRY (close (*fd));
#  214|         if (LIKELY (ret == 0))
#  215|           *fd = -1;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def8]
crun-HEAD/src/libcrun/utils.h: scope_hint: In function 'xstrdup'
crun-HEAD/src/libcrun/utils.h:227:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*str'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'xstrdup'
crun-HEAD/src/libcrun/linux.c:3752:12: note: in expansion of macro 'crun_make_error'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'xstrdup'
crun-HEAD/src/libcrun/linux.c: scope_hint: In function 'xstrdup'
crun-HEAD/libocispec/src/ocispec/json_common.h:7: included_from: Included from here.
crun-HEAD/libocispec/src/ocispec/runtime_spec_schema_config_schema.h:7: included_from: Included from here.
crun-HEAD/src/libcrun/linux.h:27: included_from: Included from here.
/usr/include/string.h:202:14: note: argument 1 of 'strdup' must be a pointer to a null-terminated string
#  225|       return NULL;
#  226|   
#  227|->   ret = strdup (str);
#  228|     if (ret == NULL)
#  229|       OOM ();

Scan Properties

analyzer-version-clippy	1.93.1
analyzer-version-cppcheck	2.19.1
analyzer-version-gcc	16.0.1
analyzer-version-gcc-analyzer	16.0.1
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.93.1
diffbase-analyzer-version-cppcheck	2.19.1
diffbase-analyzer-version-gcc	16.0.1
diffbase-analyzer-version-gcc-analyzer	16.0.1
diffbase-analyzer-version-shellcheck	0.11.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-81.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20260119.105402.g7a5be1b.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	crun-1.26-1.20260212010636159877.main.96.g94fda0b6
diffbase-store-results-to	/tmp/tmprv013uan/crun-1.26-1.20260212010636159877.main.96.g94fda0b6.tar.xz
diffbase-time-created	2026-02-14 10:34:05
diffbase-time-finished	2026-02-14 10:38:06
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,clippy,cppcheck,shellcheck,gcc' '-o' '/tmp/tmprv013uan/crun-1.26-1.20260212010636159877.main.96.g94fda0b6.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmprv013uan/crun-1.26-1.20260212010636159877.main.96.g94fda0b6.src.rpm'
diffbase-tool-version	csmock-3.8.3.20260128.181932.g41af877-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-81.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20260119.105402.g7a5be1b.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	crun-1.26-1.20260214102541921187.pr2018.97.ge4ce560a
store-results-to	/tmp/tmppqy7j8sx/crun-1.26-1.20260214102541921187.pr2018.97.ge4ce560a.tar.xz
time-created	2026-02-14 10:38:35
time-finished	2026-02-14 10:41:47
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,clippy,cppcheck,shellcheck,gcc' '-o' '/tmp/tmppqy7j8sx/crun-1.26-1.20260214102541921187.pr2018.97.ge4ce560a.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmppqy7j8sx/crun-1.26-1.20260214102541921187.pr2018.97.ge4ce560a.src.rpm'
tool-version	csmock-3.8.3.20260128.181932.g41af877-1.el9