Error: NO_EFFECT (CWE-398): diffutils-3.6/lib/anytostr.c:41: unsigned_compare: This less-than-zero comparison of an unsigned value is never true. "i < 0U". # 39| *p = 0; # 40| # 41|-> if (i < 0) # 42| { # 43| do Error: NO_EFFECT (CWE-398): diffutils-3.6/lib/anytostr.c:41: unsigned_compare: This less-than-zero comparison of an unsigned value is never true. "i < 0UL". # 39| *p = 0; # 40| # 41|-> if (i < 0) # 42| { # 43| do Error: UNINIT (CWE-457): diffutils-3.6/lib/diffseq.h:377: var_decl: Declaring variable "fxbest" without initializer. diffutils-3.6/lib/diffseq.h:420: uninit_use: Using uninitialized value "fxbest". # 418| if ((xlim + ylim) - bxybest < fxybest - (xoff + yoff)) # 419| { # 420|-> part->xmid = fxbest; # 421| part->ymid = fxybest - fxbest; # 422| part->lo_minimal = true; Error: COMPILER_WARNING: diffutils-3.6/lib/diffseq.h:421:36: warning: 'fxbest' may be used uninitialized in this function [-Wmaybe-uninitialized] # part->ymid = fxybest - fxbest; # ~~~~~~~~^~~~~~~~ diffutils-3.6/lib/diffseq.h:377:18: note: 'fxbest' was declared here # OFFSET fxbest IF_LINT (= 0); # ^~~~~~ # 419| { # 420| part->xmid = fxbest; # 421|-> part->ymid = fxybest - fxbest; # 422| part->lo_minimal = true; # 423| part->hi_minimal = false; Error: UNINIT (CWE-457): diffutils-3.6/lib/diffseq.h:379: var_decl: Declaring variable "bxbest" without initializer. diffutils-3.6/lib/diffseq.h:427: uninit_use: Using uninitialized value "bxbest". # 425| else # 426| { # 427|-> part->xmid = bxbest; # 428| part->ymid = bxybest - bxbest; # 429| part->lo_minimal = false; Error: COMPILER_WARNING: diffutils-3.6/src/analyze.c:35: included_from: Included from here. diffutils-3.6/lib/diffseq.h: scope_hint: In function 'compareseq' diffutils-3.6/lib/diffseq.h:428:36: warning: 'bxbest' may be used uninitialized in this function [-Wmaybe-uninitialized] # part->ymid = bxybest - bxbest; # ~~~~~~~~^~~~~~~~ diffutils-3.6/lib/diffseq.h:379:18: note: 'bxbest' was declared here # OFFSET bxbest IF_LINT (= 0); # ^~~~~~ # 426| { # 427| part->xmid = bxbest; # 428|-> part->ymid = bxybest - bxbest; # 429| part->lo_minimal = false; # 430| part->hi_minimal = true; Error: DEADCODE (CWE-561): diffutils-3.6/lib/dirname-lgpl.c:34: assignment: Assigning: "prefix_length" = "0UL". diffutils-3.6/lib/dirname-lgpl.c:38: const: At condition "prefix_length != 0UL", the value of "prefix_length" must be equal to 0. diffutils-3.6/lib/dirname-lgpl.c:38: dead_error_condition: The condition "prefix_length != 0UL" cannot be true. diffutils-3.6/lib/dirname-lgpl.c:38: dead_error_line: Execution cannot reach the expression "0" inside this statement: "prefix_length += ((prefix_l...". # 36| # 37| /* Advance prefix_length beyond important leading slashes. */ # 38|-> prefix_length += (prefix_length != 0 # 39| ? (FILE_SYSTEM_DRIVE_PREFIX_CAN_BE_RELATIVE # 40| && ISSLASH (file[prefix_length])) Error: RESOURCE_LEAK (CWE-772): diffutils-3.6/lib/freopen-safer.c:42: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.] diffutils-3.6/lib/freopen-safer.c:42: var_assign: Assigning: "value" = handle returned from "open("/dev/null", 0)". diffutils-3.6/lib/freopen-safer.c:52: leaked_handle: Handle variable "value" going out of scope leaks the handle. # 50| return false; # 51| } # 52|-> return true; # 53| } # 54| Error: CLANG_WARNING: diffutils-3.6/lib/localcharset.c:243:23: warning: Potential leak of memory pointed to by 'old_res_ptr' # strcpy (res_ptr + res_size - (l2 + 1) - (l1 + 1), buf1); # ^ diffutils-3.6/lib/localcharset.c:588:7: note: Assuming 'codeset' is not equal to NULL # if (codeset == NULL) # ^~~~~~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:588:3: note: Taking false branch # if (codeset == NULL) # ^ diffutils-3.6/lib/localcharset.c:593:18: note: Calling 'get_charset_aliases' # for (aliases = get_charset_aliases (); # ^~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:130:7: note: Assuming 'cp' is equal to NULL # if (cp == NULL) # ^~~~~~~~~~ diffutils-3.6/lib/localcharset.c:130:3: note: Taking true branch # if (cp == NULL) # ^ diffutils-3.6/lib/localcharset.c:141:11: note: Assuming 'dir' is not equal to NULL # if (dir == NULL || dir[0] == '\0') # ^~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:141:11: note: Left side of '||' is false diffutils-3.6/lib/localcharset.c:141:26: note: Assuming the condition is false # if (dir == NULL || dir[0] == '\0') # ^~~~~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:141:7: note: Taking false branch # if (dir == NULL || dir[0] == '\0') # ^ diffutils-3.6/lib/localcharset.c:148:26: note: Assuming 'dir_len' is <= 0 # int add_slash = (dir_len > 0 && !ISSLASH (dir[dir_len - 1])); # ^~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:148:38: note: Left side of '&&' is false # int add_slash = (dir_len > 0 && !ISSLASH (dir[dir_len - 1])); # ^ diffutils-3.6/lib/localcharset.c:150:13: note: Assuming 'file_name' is not equal to NULL # if (file_name != NULL) # ^~~~~~~~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:150:9: note: Taking true branch # if (file_name != NULL) # ^ diffutils-3.6/lib/localcharset.c:153:13: note: Taking false branch # if (add_slash) # ^ diffutils-3.6/lib/localcharset.c:161:7: note: Taking false branch # if (file_name == NULL) # ^ diffutils-3.6/lib/localcharset.c:177:15: note: Assuming 'fd' is >= 0 # if (fd < 0) # ^~~~~~ diffutils-3.6/lib/localcharset.c:177:11: note: Taking false branch # if (fd < 0) # ^ diffutils-3.6/lib/localcharset.c:185:19: note: Assuming 'fp' is not equal to NULL # if (fp == NULL) # ^~~~~~~~~~ diffutils-3.6/lib/localcharset.c:185:15: note: Taking false branch # if (fp == NULL) # ^ diffutils-3.6/lib/localcharset.c:197:19: note: Loop condition is true. Entering loop body # for (;;) # ^ diffutils-3.6/lib/localcharset.c:206:23: note: Taking false branch # if (c == EOF) # ^ diffutils-3.6/lib/localcharset.c:208:27: note: Assuming the condition is false # if (c == '\n' || c == ' ' || c == '\t') # ^~~~~~~~~ diffutils-3.6/lib/localcharset.c:208:27: note: Left side of '||' is false diffutils-3.6/lib/localcharset.c:208:40: note: Assuming the condition is false # if (c == '\n' || c == ' ' || c == '\t') # ^~~~~~~~ diffutils-3.6/lib/localcharset.c:208:27: note: Left side of '||' is false # if (c == '\n' || c == ' ' || c == '\t') # ^ diffutils-3.6/lib/localcharset.c:208:52: note: Assuming the condition is false # if (c == '\n' || c == ' ' || c == '\t') # ^~~~~~~~~ diffutils-3.6/lib/localcharset.c:208:23: note: Taking false branch # if (c == '\n' || c == ' ' || c == '\t') # ^ diffutils-3.6/lib/localcharset.c:210:27: note: Assuming the condition is false # if (c == '#') # ^~~~~~~~ diffutils-3.6/lib/localcharset.c:210:23: note: Taking false branch # if (c == '#') # ^ diffutils-3.6/lib/localcharset.c:221:27: note: Assuming the condition is false # if (fscanf (fp, "%50s %50s", buf1, buf2) < 2) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:221:23: note: Taking false branch # if (fscanf (fp, "%50s %50s", buf1, buf2) < 2) # ^ diffutils-3.6/lib/localcharset.c:226:23: note: Taking true branch # if (res_size == 0) # ^ diffutils-3.6/lib/localcharset.c:229:46: note: Memory is allocated # res_ptr = (char *) malloc (res_size + 1); # ^~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:236:27: note: Assuming 'res_ptr' is not equal to NULL # if (res_ptr == NULL) # ^~~~~~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:236:23: note: Taking false branch # if (res_ptr == NULL) # ^ diffutils-3.6/lib/localcharset.c:197:19: note: Loop condition is true. Entering loop body # for (;;) # ^ diffutils-3.6/lib/localcharset.c:206:27: note: Assuming the condition is false # if (c == EOF) # ^~~~~~~~ diffutils-3.6/lib/localcharset.c:206:23: note: Taking false branch # if (c == EOF) # ^ diffutils-3.6/lib/localcharset.c:208:27: note: Assuming the condition is false # if (c == '\n' || c == ' ' || c == '\t') # ^~~~~~~~~ diffutils-3.6/lib/localcharset.c:208:27: note: Left side of '||' is false diffutils-3.6/lib/localcharset.c:208:40: note: Assuming the condition is false # if (c == '\n' || c == ' ' || c == '\t') # ^~~~~~~~ diffutils-3.6/lib/localcharset.c:208:27: note: Left side of '||' is false # if (c == '\n' || c == ' ' || c == '\t') # ^ diffutils-3.6/lib/localcharset.c:208:52: note: Assuming the condition is false # if (c == '\n' || c == ' ' || c == '\t') # ^~~~~~~~~ diffutils-3.6/lib/localcharset.c:208:23: note: Taking false branch # if (c == '\n' || c == ' ' || c == '\t') # ^ diffutils-3.6/lib/localcharset.c:210:27: note: Assuming the condition is false # if (c == '#') # ^~~~~~~~ diffutils-3.6/lib/localcharset.c:210:23: note: Taking false branch # if (c == '#') # ^ diffutils-3.6/lib/localcharset.c:221:27: note: Assuming the condition is false # if (fscanf (fp, "%50s %50s", buf1, buf2) < 2) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:221:23: note: Taking false branch # if (fscanf (fp, "%50s %50s", buf1, buf2) < 2) # ^ diffutils-3.6/lib/localcharset.c:226:27: note: Assuming 'res_size' is equal to 0 # if (res_size == 0) # ^~~~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:226:23: note: Taking true branch # if (res_size == 0) # ^ diffutils-3.6/lib/localcharset.c:236:27: note: Assuming 'res_ptr' is not equal to NULL # if (res_ptr == NULL) # ^~~~~~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:236:23: note: Taking false branch # if (res_ptr == NULL) # ^ diffutils-3.6/lib/localcharset.c:243:23: note: Potential leak of memory pointed to by 'old_res_ptr' # strcpy (res_ptr + res_size - (l2 + 1) - (l1 + 1), buf1); # ^ # 241| break; # 242| } # 243|-> strcpy (res_ptr + res_size - (l2 + 1) - (l1 + 1), buf1); # 244| strcpy (res_ptr + res_size - (l2 + 1), buf2); # 245| } Error: CHECKED_RETURN (CWE-252): diffutils-3.6/lib/localcharset.c:246: check_return: Calling "fclose" without checking return value (as is done elsewhere 7 out of 8 times). diffutils-3.6/lib/exclude.c:691: example_checked: Example 1: "fclose(in)" has its value checked in "fclose(in) != 0". diffutils-3.6/src/cmp.c:156: example_checked: Example 2: "fclose(stdout)" has its value checked in "fclose(stdout) != 0". diffutils-3.6/src/diff.c:886: example_checked: Example 3: "fclose(stdout)" has its value checked in "fclose(stdout) != 0". diffutils-3.6/src/diff3.c:470: example_checked: Example 4: "fclose(stdout)" has its value checked in "fclose(stdout) != 0". diffutils-3.6/src/sdiff.c:168: example_checked: Example 5: "fclose(stdout)" has its value checked in "fclose(stdout) != 0". # 244| strcpy (res_ptr + res_size - (l2 + 1), buf2); # 245| } # 246|-> fclose (fp); # 247| if (res_size == 0) # 248| cp = ""; Error: CLANG_WARNING: diffutils-3.6/lib/localcharset.c:248:26: warning: Potential leak of memory pointed to by 'res_ptr' # cp = ""; # ^ diffutils-3.6/lib/localcharset.c:588:7: note: Assuming 'codeset' is not equal to NULL # if (codeset == NULL) # ^~~~~~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:588:3: note: Taking false branch # if (codeset == NULL) # ^ diffutils-3.6/lib/localcharset.c:593:18: note: Calling 'get_charset_aliases' # for (aliases = get_charset_aliases (); # ^~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:130:7: note: Assuming 'cp' is equal to NULL # if (cp == NULL) # ^~~~~~~~~~ diffutils-3.6/lib/localcharset.c:130:3: note: Taking true branch # if (cp == NULL) # ^ diffutils-3.6/lib/localcharset.c:141:11: note: Assuming 'dir' is not equal to NULL # if (dir == NULL || dir[0] == '\0') # ^~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:141:11: note: Left side of '||' is false diffutils-3.6/lib/localcharset.c:141:26: note: Assuming the condition is false # if (dir == NULL || dir[0] == '\0') # ^~~~~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:141:7: note: Taking false branch # if (dir == NULL || dir[0] == '\0') # ^ diffutils-3.6/lib/localcharset.c:148:26: note: Assuming 'dir_len' is <= 0 # int add_slash = (dir_len > 0 && !ISSLASH (dir[dir_len - 1])); # ^~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:148:38: note: Left side of '&&' is false # int add_slash = (dir_len > 0 && !ISSLASH (dir[dir_len - 1])); # ^ diffutils-3.6/lib/localcharset.c:150:13: note: Assuming 'file_name' is not equal to NULL # if (file_name != NULL) # ^~~~~~~~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:150:9: note: Taking true branch # if (file_name != NULL) # ^ diffutils-3.6/lib/localcharset.c:153:13: note: Taking false branch # if (add_slash) # ^ diffutils-3.6/lib/localcharset.c:161:7: note: Taking false branch # if (file_name == NULL) # ^ diffutils-3.6/lib/localcharset.c:177:15: note: Assuming 'fd' is >= 0 # if (fd < 0) # ^~~~~~ diffutils-3.6/lib/localcharset.c:177:11: note: Taking false branch # if (fd < 0) # ^ diffutils-3.6/lib/localcharset.c:185:19: note: Assuming 'fp' is not equal to NULL # if (fp == NULL) # ^~~~~~~~~~ diffutils-3.6/lib/localcharset.c:185:15: note: Taking false branch # if (fp == NULL) # ^ diffutils-3.6/lib/localcharset.c:197:19: note: Loop condition is true. Entering loop body # for (;;) # ^ diffutils-3.6/lib/localcharset.c:206:23: note: Taking false branch # if (c == EOF) # ^ diffutils-3.6/lib/localcharset.c:208:27: note: Assuming the condition is false # if (c == '\n' || c == ' ' || c == '\t') # ^~~~~~~~~ diffutils-3.6/lib/localcharset.c:208:27: note: Left side of '||' is false diffutils-3.6/lib/localcharset.c:208:40: note: Assuming the condition is false # if (c == '\n' || c == ' ' || c == '\t') # ^~~~~~~~ diffutils-3.6/lib/localcharset.c:208:27: note: Left side of '||' is false # if (c == '\n' || c == ' ' || c == '\t') # ^ diffutils-3.6/lib/localcharset.c:208:52: note: Assuming the condition is false # if (c == '\n' || c == ' ' || c == '\t') # ^~~~~~~~~ diffutils-3.6/lib/localcharset.c:208:23: note: Taking false branch # if (c == '\n' || c == ' ' || c == '\t') # ^ diffutils-3.6/lib/localcharset.c:210:27: note: Assuming the condition is false # if (c == '#') # ^~~~~~~~ diffutils-3.6/lib/localcharset.c:210:23: note: Taking false branch # if (c == '#') # ^ diffutils-3.6/lib/localcharset.c:221:27: note: Assuming the condition is false # if (fscanf (fp, "%50s %50s", buf1, buf2) < 2) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:221:23: note: Taking false branch # if (fscanf (fp, "%50s %50s", buf1, buf2) < 2) # ^ diffutils-3.6/lib/localcharset.c:226:23: note: Taking true branch # if (res_size == 0) # ^ diffutils-3.6/lib/localcharset.c:229:46: note: Memory is allocated # res_ptr = (char *) malloc (res_size + 1); # ^~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:236:27: note: Assuming 'res_ptr' is not equal to NULL # if (res_ptr == NULL) # ^~~~~~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:236:23: note: Taking false branch # if (res_ptr == NULL) # ^ diffutils-3.6/lib/localcharset.c:197:19: note: Loop condition is true. Entering loop body # for (;;) # ^ diffutils-3.6/lib/localcharset.c:206:27: note: Assuming the condition is true # if (c == EOF) # ^~~~~~~~ diffutils-3.6/lib/localcharset.c:206:23: note: Taking true branch # if (c == EOF) # ^ diffutils-3.6/lib/localcharset.c:207:25: note: Execution continues on line 246 # break; # ^ diffutils-3.6/lib/localcharset.c:247:23: note: Assuming 'res_size' is equal to 0 # if (res_size == 0) # ^~~~~~~~~~~~~ diffutils-3.6/lib/localcharset.c:247:19: note: Taking true branch # if (res_size == 0) # ^ diffutils-3.6/lib/localcharset.c:248:26: note: Potential leak of memory pointed to by 'res_ptr' # cp = ""; # ^ # 246| fclose (fp); # 247| if (res_size == 0) # 248|-> cp = ""; # 249| else # 250| { Error: DEADCODE (CWE-561): diffutils-3.6/lib/mktime.c:107: assignment: Assigning: "one" = "1L". diffutils-3.6/lib/mktime.c:108: const: At condition "(-one >> 1) == 0xffffffffffffffffL", the value of "one" must be equal to 1. diffutils-3.6/lib/mktime.c:108: dead_error_condition: The condition "(-one >> 1) == 0xffffffffffffffffL" must be true. diffutils-3.6/lib/mktime.c:108: dead_error_line: Execution cannot reach the expression "a / (one << b)" inside this statement: "return ((-one >> 1) == 0xff...". # 106| { # 107| long_int one = 1; # 108|-> return (-one >> 1 == -1 # 109| ? a >> b # 110| : a / (one << b) - (a % (one << b) < 0)); Error: CONSTANT_EXPRESSION_RESULT (CWE-398): diffutils-3.6/lib/mktime.c:270: result_independent_of_operands: "*t < -9223372036854775808L /* mktime_min */" is always false regardless of the values of its operands. This occurs as the logical operand of "if". # 268| { # 269| struct tm *r; # 270|-> if (*t < mktime_min) # 271| *t = mktime_min; # 272| else if (mktime_max < *t) Error: CONSTANT_EXPRESSION_RESULT (CWE-398): diffutils-3.6/lib/mktime.c:272: result_independent_of_operands: "9223372036854775807L /* mktime_max */ < *t" is always false regardless of the values of its operands. This occurs as the logical operand of "if". # 270| if (*t < mktime_min) # 271| *t = mktime_min; # 272|-> else if (mktime_max < *t) # 273| *t = mktime_max; # 274| r = convert_time (convert, *t, tp); Error: CONSTANT_EXPRESSION_RESULT (CWE-398): diffutils-3.6/lib/mktime.c:472: result_independent_of_operands: "-9223372036854775808L /* mktime_min */ <= t" is always true regardless of the values of its operands. This occurs as the logical first operand of "&&". # 470| sec_adjustment += sec_requested; # 471| if (INT_ADD_WRAPV (t, sec_adjustment, &t) # 472|-> || ! (mktime_min <= t && t <= mktime_max) # 473| || ! convert_time (convert, t, &tm)) # 474| return -1; Error: CONSTANT_EXPRESSION_RESULT (CWE-398): diffutils-3.6/lib/quotearg.c:653: same_on_both_sides: "91 == 91" is always true regardless of the values of its operands because those operands are identical. This occurs as the logical first operand of "&&". # 651| In practice the problem is limited to ASCII # 652| chars >= '@' that are shell special chars. */ # 653|-> if ('[' == 0x5b && elide_outer_quotes # 654| && quoting_style == shell_always_quoting_style) # 655| { Error: NO_EFFECT (CWE-398): diffutils-3.6/lib/strftime.c:660: bad_memset: Function "memset" with fill value "'0'" (the zero character) in "memset(p, 48, _delta)". diffutils-3.6/lib/strftime.c:660: remediation: Did you intend to use 0 (the value zero)? # 658| if (*f != L_('%')) # 659| { # 660|-> add1 (*f); # 661| continue; # 662| } Error: CPPCHECK_WARNING: diffutils-3.6/lib/strftime.c:660: error[invalidFunctionArg]: Invalid memset() argument nr 3. The value is -2 but the valid values are '0:'. # 658| if (*f != L_('%')) # 659| { # 660|-> add1 (*f); # 661| continue; # 662| } Error: NO_EFFECT (CWE-398): diffutils-3.6/lib/strftime.c:771: bad_memset: Function "memset" with fill value "'0'" (the zero character) in "memset(p, 48, _delta)". diffutils-3.6/lib/strftime.c:771: remediation: Did you intend to use 0 (the value zero)? # 769| if (modifier != 0) # 770| goto bad_format; # 771|-> add1 (*f); # 772| break; # 773| Error: NO_EFFECT (CWE-398): diffutils-3.6/lib/strftime.c:855: bad_memset: Function "memset" with fill value "'0'" (the zero character) in "memset(p, 48, _delta)". diffutils-3.6/lib/strftime.c:855: remediation: Did you intend to use 0 (the value zero)? # 853| tp, to_uppcase, tzset_called # 854| extra_args LOCALE_ARG); # 855|-> add (len, __strftime_internal (p, # 856| STRFTIME_ARG (maxsize - i) # 857| subfmt, Error: NO_EFFECT (CWE-398): diffutils-3.6/lib/strftime.c:890: bad_memset: Function "memset" with fill value "'0'" (the zero character) in "memset(p, 48, _delta)". diffutils-3.6/lib/strftime.c:890: remediation: Did you intend to use 0 (the value zero)? # 888| len = strftime (ubuf, sizeof ubuf, ufmt, tp); # 889| if (len != 0) # 890|-> cpy (len - 1, ubuf + 1); # 891| } # 892| break; Error: NO_EFFECT (CWE-398): diffutils-3.6/lib/strftime.c:1028: bad_memset: Function "memset" with fill value "'0'" (the zero character) in "memset(p, 48, _delta)". diffutils-3.6/lib/strftime.c:1028: remediation: Did you intend to use 0 (the value zero)? # 1026| { # 1027| if (sign_char) # 1028|-> add1 (sign_char); # 1029| } # 1030| else Error: NO_EFFECT (CWE-398): diffutils-3.6/lib/strftime.c:1047: bad_memset: Function "memset" with fill value "'0'" (the zero character) in "memset(p, 48, _delta)". diffutils-3.6/lib/strftime.c:1047: remediation: Did you intend to use 0 (the value zero)? # 1045| width = width > padding ? width - padding : 0; # 1046| if (sign_char) # 1047|-> add1 (sign_char); # 1048| } # 1049| else Error: NO_EFFECT (CWE-398): diffutils-3.6/lib/strftime.c:1055: bad_memset: Function "memset" with fill value "'0'" (the zero character) in "memset(p, 48, _delta)". diffutils-3.6/lib/strftime.c:1055: remediation: Did you intend to use 0 (the value zero)? # 1053| # 1054| if (sign_char) # 1055|-> add1 (sign_char); # 1056| # 1057| if (p) Error: NO_EFFECT (CWE-398): diffutils-3.6/lib/strftime.c:1058: bad_memset: Function "memset" with fill value "'0'" (the zero character) in "memset(p, 48, padding)". diffutils-3.6/lib/strftime.c:1058: remediation: Did you intend to use 0 (the value zero)? # 1056| # 1057| if (p) # 1058|-> memset_zero (p, padding); # 1059| i += padding; # 1060| width = 0; Error: NO_EFFECT (CWE-398): diffutils-3.6/lib/strftime.c:1066: bad_memset: Function "memset" with fill value "'0'" (the zero character) in "memset(p, 48, _delta)". diffutils-3.6/lib/strftime.c:1066: remediation: Did you intend to use 0 (the value zero)? # 1064| { # 1065| if (sign_char) # 1066|-> add1 (sign_char); # 1067| } # 1068| } Error: NO_EFFECT (CWE-398): diffutils-3.6/lib/strftime.c:1070: bad_memset: Function "memset" with fill value "'0'" (the zero character) in "memset(p, 48, _delta)". diffutils-3.6/lib/strftime.c:1070: remediation: Did you intend to use 0 (the value zero)? # 1068| } # 1069| # 1070|-> cpy (buf + sizeof (buf) / sizeof (buf[0]) - bufp, bufp); # 1071| break; # 1072| Error: NO_EFFECT (CWE-398): diffutils-3.6/lib/strftime.c:1141: bad_memset: Function "memset" with fill value "'0'" (the zero character) in "memset(p, 48, _delta)". diffutils-3.6/lib/strftime.c:1141: remediation: Did you intend to use 0 (the value zero)? # 1139| # 1140| case L_('n'): # 1141|-> add1 (L_('\n')); # 1142| break; # 1143| Error: NO_EFFECT (CWE-398): diffutils-3.6/lib/strftime.c:1233: bad_memset: Function "memset" with fill value "'0'" (the zero character) in "memset(p, 48, _delta)". diffutils-3.6/lib/strftime.c:1233: remediation: Did you intend to use 0 (the value zero)? # 1231| # 1232| case L_('t'): # 1233|-> add1 (L_('\t')); # 1234| break; # 1235| Error: NO_EFFECT (CWE-398): diffutils-3.6/lib/strftime.c:1379: bad_memset: Function "memset" with fill value "'0'" (the zero character) in "memset(p, 48, _delta)". diffutils-3.6/lib/strftime.c:1379: remediation: Did you intend to use 0 (the value zero)? # 1377| } # 1378| #else # 1379|-> cpy (strlen (zone), zone); # 1380| #endif # 1381| break; Error: NO_EFFECT (CWE-398): diffutils-3.6/lib/strftime.c:1494: bad_memset: Function "memset" with fill value "'0'" (the zero character) in "memset(p, 48, _delta)". diffutils-3.6/lib/strftime.c:1494: remediation: Did you intend to use 0 (the value zero)? # 1492| for (flen = 1; f[1 - flen] != L_('%'); flen++) # 1493| continue; # 1494|-> cpy (flen, &f[1 - flen]); # 1495| } # 1496| break; Error: COMPILER_WARNING: diffutils-3.6/lib/trim.c: scope_hint: In function 'trim2' diffutils-3.6/lib/trim.c:103:16: warning: 'r' may be used uninitialized in this function [-Wmaybe-uninitialized] # *r = '\0'; # ~~~^~~~~~ # 101| # 102| if (state == 2) # 103|-> *r = '\0'; # 104| } # 105| } Error: FORWARD_NULL (CWE-476): diffutils-3.6/lib/vasnprintf.c:1848: assign_zero: Assigning: "result" = "NULL". diffutils-3.6/lib/vasnprintf.c:1894: var_deref_model: Passing null pointer "result + length" to "memcpy", which dereferences it. [Note: The source code implementation of the function has been overridden by a builtin model.] # 1892| if (sizeof (FCHAR_T) == sizeof (DCHAR_T)) # 1893| { # 1894|-> DCHAR_CPY (result + length, (const DCHAR_T *) cp, n); # 1895| length = augmented_length; # 1896| } Error: FORWARD_NULL (CWE-476): diffutils-3.6/lib/vasnprintf.c:1848: assign_zero: Assigning: "result" = "NULL". diffutils-3.6/lib/vasnprintf.c:1916: var_deref_op: Dereferencing null pointer "result". # 1914| augmented_length = xsum (length, 1); # 1915| ENSURE_ALLOCATION (augmented_length); # 1916|-> result[length] = '%'; # 1917| length = augmented_length; # 1918| } Error: FORWARD_NULL (CWE-476): diffutils-3.6/lib/vasnprintf.c:1848: assign_zero: Assigning: "result" = "NULL". diffutils-3.6/lib/vasnprintf.c:4936: var_deref_op: Dereferencing null pointer "result". # 4934| /* Prepare checking whether snprintf returns the count # 4935| via %n. */ # 4936|-> *(TCHAR_T *) (result + length) = '\0'; # 4937| #endif # 4938| Error: FORWARD_NULL (CWE-476): diffutils-3.6/lib/vasnprintf.c:1848: assign_zero: Assigning: "result" = "NULL". diffutils-3.6/lib/vasnprintf.c:5551: var_deref_op: Dereferencing null pointer "result". # 5549| /* Add the final NUL. */ # 5550| ENSURE_ALLOCATION (xsum (length, 1)); # 5551|-> result[length] = '\0'; # 5552| # 5553| if (result != resultbuf && length + 1 < allocated) Error: CPPCHECK_WARNING (CWE-401): diffutils-3.6/lib/xmalloc.c:86: error[leakNoVarFunctionCall]: Allocation with xmalloc, memset doesn't release it. # 84| xzalloc (size_t s) # 85| { # 86|-> return memset (xmalloc (s), 0, s); # 87| } # 88| Error: CPPCHECK_WARNING (CWE-401): diffutils-3.6/lib/xmalloc.c:113: error[leakNoVarFunctionCall]: Allocation with xmalloc, memcpy doesn't release it. # 111| xmemdup (void const *p, size_t s) # 112| { # 113|-> return memcpy (xmalloc (s), p, s); # 114| } # 115| Error: BAD_FREE (CWE-763): diffutils-3.6/src/analyze.c:691: offset_free: "free" frees address offset from "cmp->file[f].linbuf". # 689| { # 690| free (cmp->file[f].equivs); # 691|-> free (cmp->file[f].linbuf + cmp->file[f].linbuf_base); # 692| } # 693| Error: CLANG_WARNING: diffutils-3.6/src/cmp.c:538:6: warning: 2nd function call argument is an uninitialized value # printf ("%*s %3o %3o\n", # ^ diffutils-3.6/src/cmp.c:397:3: note: 'offset_width' declared without an initial value # int offset_width IF_LINT (= 0); # ^~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:399:7: note: Assuming 'comparison_type' is not equal to type_all_diffs # if (comparison_type == type_all_diffs) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:399:3: note: Taking false branch # if (comparison_type == type_all_diffs) # ^ diffutils-3.6/src/cmp.c:415:3: note: Loop condition is true. Entering loop body # for (f = 0; f < 2; f++) # ^ diffutils-3.6/src/cmp.c:418:11: note: Assuming 'ig' is 0 # if (ig && file_position (f) == -1) # ^~ diffutils-3.6/src/cmp.c:418:14: note: Left side of '&&' is false # if (ig && file_position (f) == -1) # ^ diffutils-3.6/src/cmp.c:415:3: note: Loop condition is true. Entering loop body # for (f = 0; f < 2; f++) # ^ diffutils-3.6/src/cmp.c:418:11: note: Assuming 'ig' is 0 # if (ig && file_position (f) == -1) # ^~ diffutils-3.6/src/cmp.c:418:14: note: Left side of '&&' is false # if (ig && file_position (f) == -1) # ^ diffutils-3.6/src/cmp.c:415:3: note: Loop condition is false. Execution continues on line 439 # for (f = 0; f < 2; f++) # ^ diffutils-3.6/src/cmp.c:441:11: note: Assuming 'remaining' is equal to UINTMAX_MAX # if (remaining != UINTMAX_MAX) # ^~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:441:7: note: Taking false branch # if (remaining != UINTMAX_MAX) # ^ diffutils-3.6/src/cmp.c:449:11: note: Assuming 'read0' is not equal to SIZE_MAX # if (read0 == SIZE_MAX) # ^~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:449:7: note: Taking false branch # if (read0 == SIZE_MAX) # ^ diffutils-3.6/src/cmp.c:452:11: note: Assuming 'read1' is not equal to SIZE_MAX # if (read1 == SIZE_MAX) # ^~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:452:7: note: Taking false branch # if (read1 == SIZE_MAX) # ^ diffutils-3.6/src/cmp.c:458:11: note: Assuming the condition is false # if (memcmp (buf0, buf1, smaller) == 0) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:458:7: note: Taking false branch # if (memcmp (buf0, buf1, smaller) == 0) # ^ diffutils-3.6/src/cmp.c:470:11: note: Assuming 'comparison_type' is not equal to type_first_diff # if (comparison_type == type_first_diff && first_diff != 0) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:470:46: note: Left side of '&&' is false # if (comparison_type == type_first_diff && first_diff != 0) # ^ diffutils-3.6/src/cmp.c:476:7: note: Taking true branch # if (first_diff < smaller) # ^ diffutils-3.6/src/cmp.c:478:4: note: Control jumps to 'case type_all_diffs:' at line 526 # switch (comparison_type) # ^ diffutils-3.6/src/cmp.c:531:5: note: Taking false branch # if (c0 != c1) # ^ diffutils-3.6/src/cmp.c:554:15: note: Assuming 'first_diff' is >= 'smaller' # while (first_diff < smaller); # ^~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:527:8: note: Loop condition is false. Exiting loop # do # ^ diffutils-3.6/src/cmp.c:556:8: note: Execution continues on line 564 # break; # ^ diffutils-3.6/src/cmp.c:564:11: note: Assuming 'read0' is equal to 'read1' # if (read0 != read1) # ^~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:564:7: note: Taking false branch # if (read0 != read1) # ^ diffutils-3.6/src/cmp.c:603:10: note: Left side of '&&' is true # while (differing <= 0 && read0 == buf_size); # ^ diffutils-3.6/src/cmp.c:603:28: note: Assuming 'read0' is equal to 'buf_size' # while (differing <= 0 && read0 == buf_size); # ^~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:437:3: note: Loop condition is true. Execution continues on line 439 # do # ^ diffutils-3.6/src/cmp.c:441:7: note: Taking false branch # if (remaining != UINTMAX_MAX) # ^ diffutils-3.6/src/cmp.c:449:11: note: Assuming 'read0' is not equal to SIZE_MAX # if (read0 == SIZE_MAX) # ^~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:449:7: note: Taking false branch # if (read0 == SIZE_MAX) # ^ diffutils-3.6/src/cmp.c:452:11: note: Assuming 'read1' is not equal to SIZE_MAX # if (read1 == SIZE_MAX) # ^~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:452:7: note: Taking false branch # if (read1 == SIZE_MAX) # ^ diffutils-3.6/src/cmp.c:458:11: note: Assuming the condition is false # if (memcmp (buf0, buf1, smaller) == 0) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:458:7: note: Taking false branch # if (memcmp (buf0, buf1, smaller) == 0) # ^ diffutils-3.6/src/cmp.c:470:11: note: Assuming 'comparison_type' is not equal to type_first_diff # if (comparison_type == type_first_diff && first_diff != 0) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:470:46: note: Left side of '&&' is false # if (comparison_type == type_first_diff && first_diff != 0) # ^ diffutils-3.6/src/cmp.c:476:7: note: Taking true branch # if (first_diff < smaller) # ^ diffutils-3.6/src/cmp.c:478:4: note: Control jumps to 'case type_all_diffs:' at line 526 # switch (comparison_type) # ^ diffutils-3.6/src/cmp.c:531:5: note: Taking false branch # if (c0 != c1) # ^ diffutils-3.6/src/cmp.c:554:15: note: Assuming 'first_diff' is >= 'smaller' # while (first_diff < smaller); # ^~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:527:8: note: Loop condition is false. Exiting loop # do # ^ diffutils-3.6/src/cmp.c:556:8: note: Execution continues on line 564 # break; # ^ diffutils-3.6/src/cmp.c:564:11: note: Assuming 'read0' is equal to 'read1' # if (read0 != read1) # ^~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:564:7: note: Taking false branch # if (read0 != read1) # ^ diffutils-3.6/src/cmp.c:603:10: note: Left side of '&&' is true # while (differing <= 0 && read0 == buf_size); # ^ diffutils-3.6/src/cmp.c:603:28: note: Assuming 'read0' is equal to 'buf_size' # while (differing <= 0 && read0 == buf_size); # ^~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:437:3: note: Loop condition is true. Execution continues on line 439 # do # ^ diffutils-3.6/src/cmp.c:441:7: note: Taking false branch # if (remaining != UINTMAX_MAX) # ^ diffutils-3.6/src/cmp.c:449:11: note: Assuming 'read0' is not equal to SIZE_MAX # if (read0 == SIZE_MAX) # ^~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:449:7: note: Taking false branch # if (read0 == SIZE_MAX) # ^ diffutils-3.6/src/cmp.c:452:11: note: Assuming 'read1' is not equal to SIZE_MAX # if (read1 == SIZE_MAX) # ^~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:452:7: note: Taking false branch # if (read1 == SIZE_MAX) # ^ diffutils-3.6/src/cmp.c:458:11: note: Assuming the condition is false # if (memcmp (buf0, buf1, smaller) == 0) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:458:7: note: Taking false branch # if (memcmp (buf0, buf1, smaller) == 0) # ^ diffutils-3.6/src/cmp.c:470:11: note: Assuming 'comparison_type' is not equal to type_first_diff # if (comparison_type == type_first_diff && first_diff != 0) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:470:46: note: Left side of '&&' is false # if (comparison_type == type_first_diff && first_diff != 0) # ^ diffutils-3.6/src/cmp.c:476:7: note: Taking true branch # if (first_diff < smaller) # ^ diffutils-3.6/src/cmp.c:478:4: note: Control jumps to 'case type_all_diffs:' at line 526 # switch (comparison_type) # ^ diffutils-3.6/src/cmp.c:531:5: note: Taking true branch # if (c0 != c1) # ^ diffutils-3.6/src/cmp.c:535:13: note: Assuming 'opt_print_bytes' is 0 # if (!opt_print_bytes) # ^~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:535:9: note: Taking true branch # if (!opt_print_bytes) # ^ diffutils-3.6/src/cmp.c:538:6: note: 2nd function call argument is an uninitialized value # printf ("%*s %3o %3o\n", # ^ # 536| { # 537| /* See POSIX for this format. */ # 538|-> printf ("%*s %3o %3o\n", # 539| offset_width, byte_num, c0, c1); # 540| } Error: CLANG_WARNING: diffutils-3.6/src/cmp.c:547:6: warning: 2nd function call argument is an uninitialized value # printf ("%*s %3o %-4s %3o %s\n", # ^ diffutils-3.6/src/cmp.c:397:3: note: 'offset_width' declared without an initial value # int offset_width IF_LINT (= 0); # ^~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:399:7: note: Assuming 'comparison_type' is not equal to type_all_diffs # if (comparison_type == type_all_diffs) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:399:3: note: Taking false branch # if (comparison_type == type_all_diffs) # ^ diffutils-3.6/src/cmp.c:415:3: note: Loop condition is true. Entering loop body # for (f = 0; f < 2; f++) # ^ diffutils-3.6/src/cmp.c:418:11: note: Assuming 'ig' is 0 # if (ig && file_position (f) == -1) # ^~ diffutils-3.6/src/cmp.c:418:14: note: Left side of '&&' is false # if (ig && file_position (f) == -1) # ^ diffutils-3.6/src/cmp.c:415:3: note: Loop condition is true. Entering loop body # for (f = 0; f < 2; f++) # ^ diffutils-3.6/src/cmp.c:418:11: note: Assuming 'ig' is 0 # if (ig && file_position (f) == -1) # ^~ diffutils-3.6/src/cmp.c:418:14: note: Left side of '&&' is false # if (ig && file_position (f) == -1) # ^ diffutils-3.6/src/cmp.c:415:3: note: Loop condition is false. Execution continues on line 439 # for (f = 0; f < 2; f++) # ^ diffutils-3.6/src/cmp.c:441:11: note: Assuming 'remaining' is equal to UINTMAX_MAX # if (remaining != UINTMAX_MAX) # ^~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:441:7: note: Taking false branch # if (remaining != UINTMAX_MAX) # ^ diffutils-3.6/src/cmp.c:449:11: note: Assuming 'read0' is not equal to SIZE_MAX # if (read0 == SIZE_MAX) # ^~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:449:7: note: Taking false branch # if (read0 == SIZE_MAX) # ^ diffutils-3.6/src/cmp.c:452:11: note: Assuming 'read1' is not equal to SIZE_MAX # if (read1 == SIZE_MAX) # ^~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:452:7: note: Taking false branch # if (read1 == SIZE_MAX) # ^ diffutils-3.6/src/cmp.c:458:11: note: Assuming the condition is false # if (memcmp (buf0, buf1, smaller) == 0) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:458:7: note: Taking false branch # if (memcmp (buf0, buf1, smaller) == 0) # ^ diffutils-3.6/src/cmp.c:470:11: note: Assuming 'comparison_type' is not equal to type_first_diff # if (comparison_type == type_first_diff && first_diff != 0) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:470:46: note: Left side of '&&' is false # if (comparison_type == type_first_diff && first_diff != 0) # ^ diffutils-3.6/src/cmp.c:476:7: note: Taking true branch # if (first_diff < smaller) # ^ diffutils-3.6/src/cmp.c:478:4: note: Control jumps to 'case type_all_diffs:' at line 526 # switch (comparison_type) # ^ diffutils-3.6/src/cmp.c:531:5: note: Taking false branch # if (c0 != c1) # ^ diffutils-3.6/src/cmp.c:554:15: note: Assuming 'first_diff' is >= 'smaller' # while (first_diff < smaller); # ^~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:527:8: note: Loop condition is false. Exiting loop # do # ^ diffutils-3.6/src/cmp.c:556:8: note: Execution continues on line 564 # break; # ^ diffutils-3.6/src/cmp.c:564:11: note: Assuming 'read0' is equal to 'read1' # if (read0 != read1) # ^~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:564:7: note: Taking false branch # if (read0 != read1) # ^ diffutils-3.6/src/cmp.c:603:10: note: Left side of '&&' is true # while (differing <= 0 && read0 == buf_size); # ^ diffutils-3.6/src/cmp.c:603:28: note: Assuming 'read0' is equal to 'buf_size' # while (differing <= 0 && read0 == buf_size); # ^~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:437:3: note: Loop condition is true. Execution continues on line 439 # do # ^ diffutils-3.6/src/cmp.c:441:7: note: Taking false branch # if (remaining != UINTMAX_MAX) # ^ diffutils-3.6/src/cmp.c:449:11: note: Assuming 'read0' is not equal to SIZE_MAX # if (read0 == SIZE_MAX) # ^~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:449:7: note: Taking false branch # if (read0 == SIZE_MAX) # ^ diffutils-3.6/src/cmp.c:452:11: note: Assuming 'read1' is not equal to SIZE_MAX # if (read1 == SIZE_MAX) # ^~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:452:7: note: Taking false branch # if (read1 == SIZE_MAX) # ^ diffutils-3.6/src/cmp.c:458:11: note: Assuming the condition is false # if (memcmp (buf0, buf1, smaller) == 0) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:458:7: note: Taking false branch # if (memcmp (buf0, buf1, smaller) == 0) # ^ diffutils-3.6/src/cmp.c:470:11: note: Assuming 'comparison_type' is not equal to type_first_diff # if (comparison_type == type_first_diff && first_diff != 0) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:470:46: note: Left side of '&&' is false # if (comparison_type == type_first_diff && first_diff != 0) # ^ diffutils-3.6/src/cmp.c:476:7: note: Taking true branch # if (first_diff < smaller) # ^ diffutils-3.6/src/cmp.c:478:4: note: Control jumps to 'case type_all_diffs:' at line 526 # switch (comparison_type) # ^ diffutils-3.6/src/cmp.c:531:5: note: Taking false branch # if (c0 != c1) # ^ diffutils-3.6/src/cmp.c:554:15: note: Assuming 'first_diff' is >= 'smaller' # while (first_diff < smaller); # ^~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:527:8: note: Loop condition is false. Exiting loop # do # ^ diffutils-3.6/src/cmp.c:556:8: note: Execution continues on line 564 # break; # ^ diffutils-3.6/src/cmp.c:564:11: note: Assuming 'read0' is equal to 'read1' # if (read0 != read1) # ^~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:564:7: note: Taking false branch # if (read0 != read1) # ^ diffutils-3.6/src/cmp.c:603:10: note: Left side of '&&' is true # while (differing <= 0 && read0 == buf_size); # ^ diffutils-3.6/src/cmp.c:603:28: note: Assuming 'read0' is equal to 'buf_size' # while (differing <= 0 && read0 == buf_size); # ^~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:437:3: note: Loop condition is true. Execution continues on line 439 # do # ^ diffutils-3.6/src/cmp.c:441:7: note: Taking false branch # if (remaining != UINTMAX_MAX) # ^ diffutils-3.6/src/cmp.c:449:11: note: Assuming 'read0' is not equal to SIZE_MAX # if (read0 == SIZE_MAX) # ^~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:449:7: note: Taking false branch # if (read0 == SIZE_MAX) # ^ diffutils-3.6/src/cmp.c:452:11: note: Assuming 'read1' is not equal to SIZE_MAX # if (read1 == SIZE_MAX) # ^~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:452:7: note: Taking false branch # if (read1 == SIZE_MAX) # ^ diffutils-3.6/src/cmp.c:458:11: note: Assuming the condition is false # if (memcmp (buf0, buf1, smaller) == 0) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:458:7: note: Taking false branch # if (memcmp (buf0, buf1, smaller) == 0) # ^ diffutils-3.6/src/cmp.c:470:11: note: Assuming 'comparison_type' is not equal to type_first_diff # if (comparison_type == type_first_diff && first_diff != 0) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:470:46: note: Left side of '&&' is false # if (comparison_type == type_first_diff && first_diff != 0) # ^ diffutils-3.6/src/cmp.c:476:7: note: Taking true branch # if (first_diff < smaller) # ^ diffutils-3.6/src/cmp.c:478:4: note: Control jumps to 'case type_all_diffs:' at line 526 # switch (comparison_type) # ^ diffutils-3.6/src/cmp.c:531:5: note: Taking true branch # if (c0 != c1) # ^ diffutils-3.6/src/cmp.c:535:13: note: Assuming 'opt_print_bytes' is not equal to 0 # if (!opt_print_bytes) # ^~~~~~~~~~~~~~~~ diffutils-3.6/src/cmp.c:535:9: note: Taking false branch # if (!opt_print_bytes) # ^ diffutils-3.6/src/cmp.c:547:6: note: 2nd function call argument is an uninitialized value # printf ("%*s %3o %-4s %3o %s\n", # ^ # 545| sprintc (s0, c0); # 546| sprintc (s1, c1); # 547|-> printf ("%*s %3o %-4s %3o %s\n", # 548| offset_width, byte_num, c0, s0, c1, s1); # 549| } Error: FORWARD_NULL (CWE-476): diffutils-3.6/src/diff.c:826: var_compare_op: Comparing "regexps" to null implies that "regexps" might be null. diffutils-3.6/src/diff.c:846: var_deref_model: Passing null pointer "regexps + len" to "memcpy", which dereferences it. [Note: The source code implementation of the function has been overridden by a builtin model.] # 844| regexps[len++] = '|'; # 845| } # 846|-> memcpy (regexps + len, pattern, patlen + 1); # 847| } # 848| } Error: RESOURCE_LEAK (CWE-772): diffutils-3.6/src/diff3.c:783: alloc_fn: Storage is returned from allocation function "create_diff3_block". diffutils-3.6/src/diff3.c:909:30: alloc_fn: Storage is returned from allocation function "xmalloc". diffutils-3.6/lib/xmalloc.c:41:11: alloc_fn: Storage is returned from allocation function "malloc". diffutils-3.6/lib/xmalloc.c:41:11: var_assign: Assigning: "p" = "malloc(n)". diffutils-3.6/lib/xmalloc.c:44:3: return_alloc: Returning allocated memory "p". diffutils-3.6/src/diff3.c:909:30: var_assign: Assigning: "result" = "xmalloc(112UL)". diffutils-3.6/src/diff3.c:961:3: return_alloc: Returning allocated memory "result". diffutils-3.6/src/diff3.c:783: var_assign: Assigning: "result" = storage returned from "create_diff3_block(low[0], high[0], low[1], high[1], lowc, highc)". diffutils-3.6/src/diff3.c:798: leaked_storage: Variable "result" going out of scope leaks the storage it points to. # 796| D_LENARRAY (result, FILEC) + result_offset, # 797| D_NUMLINES (ptr, FC))) # 798|-> return 0; # 799| } # 800| Error: RESOURCE_LEAK (CWE-772): diffutils-3.6/src/diff3.c:783: alloc_fn: Storage is returned from allocation function "create_diff3_block". diffutils-3.6/src/diff3.c:909:30: alloc_fn: Storage is returned from allocation function "xmalloc". diffutils-3.6/lib/xmalloc.c:41:11: alloc_fn: Storage is returned from allocation function "malloc". diffutils-3.6/lib/xmalloc.c:41:11: var_assign: Assigning: "p" = "malloc(n)". diffutils-3.6/lib/xmalloc.c:44:3: return_alloc: Returning allocated memory "p". diffutils-3.6/src/diff3.c:909:30: var_assign: Assigning: "result" = "xmalloc(112UL)". diffutils-3.6/src/diff3.c:961:3: return_alloc: Returning allocated memory "result". diffutils-3.6/src/diff3.c:783: var_assign: Assigning: "result" = storage returned from "create_diff3_block(low[0], high[0], low[1], high[1], lowc, highc)". diffutils-3.6/src/diff3.c:827: leaked_storage: Variable "result" going out of scope leaks the storage it points to. # 825| D_LENARRAY (result, FILE0 + d) + result_offset, # 826| D_NUMLINES (ptr, FO))) # 827|-> return 0; # 828| # 829| /* Catch the lines between here and the next diff */ Error: COMPILER_WARNING: diffutils-3.6/src/diff3.c: scope_hint: In function 'process_diff' diffutils-3.6/src/diff3.c:1091:15: warning: 'bptr' may be used uninitialized in this function [-Wmaybe-uninitialized] # *last_block = bptr; # ~~~~~~~~~~~~^~~~~~ # 1089| # 1090| *block_list_end = NULL; # 1091|-> *last_block = bptr; # 1092| return block_list; # 1093| } Error: CLANG_WARNING: diffutils-3.6/src/diff3.c:1091:15: warning: Assigned value is garbage or undefined # *last_block = bptr; # ^ diffutils-3.6/src/diff3.c:276:10: note: Assuming the condition is false # while ((c = getopt_long (argc, argv, "aeimvx3AEL:TX", longopts, 0)) != -1) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:276:3: note: Loop condition is false. Execution continues on line 343 # while ((c = getopt_long (argc, argv, "aeimvx3AEL:TX", longopts, 0)) != -1) # ^ diffutils-3.6/src/diff3.c:348:7: note: Left side of '||' is false # if (incompat > 1 /* Ensure at most one of -AeExX3. */ # ^ diffutils-3.6/src/diff3.c:348:7: note: Left side of '||' is false diffutils-3.6/src/diff3.c:350:21: note: Left side of '&&' is false # || (tag_count && ! flagging)) /* -L requires one of -AEX. */ # ^ diffutils-3.6/src/diff3.c:353:3: note: Taking false branch # if (argc - optind != 3) # ^ diffutils-3.6/src/diff3.c:363:3: note: Loop condition is true. Entering loop body # for (i = tag_count; i < 3; i++) # ^ diffutils-3.6/src/diff3.c:363:3: note: Loop condition is true. Entering loop body diffutils-3.6/src/diff3.c:363:3: note: Loop condition is true. Entering loop body diffutils-3.6/src/diff3.c:363:3: note: Loop condition is false. Execution continues on line 382 diffutils-3.6/src/diff3.c:384:3: note: Taking false branch # if (STREQ (file[common], "-")) # ^ diffutils-3.6/src/diff3.c:398:3: note: Loop condition is true. Entering loop body # for (i = 0; i < 3; i++) # ^ diffutils-3.6/src/diff3.c:398:3: note: Loop condition is true. Entering loop body diffutils-3.6/src/diff3.c:398:3: note: Loop condition is true. Entering loop body diffutils-3.6/src/diff3.c:398:3: note: Loop condition is false. Execution continues on line 401 diffutils-3.6/src/diff3.c:401:3: note: Loop condition is true. Entering loop body # for (i = 0; i < 3; i++) # ^ diffutils-3.6/src/diff3.c:402:5: note: Taking true branch # if (! STREQ (file[i], "-")) # ^ diffutils-3.6/src/diff3.c:404:6: note: Assuming the condition is false # if (stat (file[i], &statb) < 0) # ^~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:404:2: note: Taking false branch # if (stat (file[i], &statb) < 0) # ^ diffutils-3.6/src/diff3.c:406:7: note: Taking false branch # else if (S_ISDIR (statb.st_mode)) # ^ diffutils-3.6/src/diff3.c:401:3: note: Loop condition is true. Entering loop body # for (i = 0; i < 3; i++) # ^ diffutils-3.6/src/diff3.c:402:5: note: Taking true branch # if (! STREQ (file[i], "-")) # ^ diffutils-3.6/src/diff3.c:404:6: note: Assuming the condition is false # if (stat (file[i], &statb) < 0) # ^~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:404:2: note: Taking false branch # if (stat (file[i], &statb) < 0) # ^ diffutils-3.6/src/diff3.c:406:7: note: Taking false branch # else if (S_ISDIR (statb.st_mode)) # ^ diffutils-3.6/src/diff3.c:401:3: note: Loop condition is true. Entering loop body # for (i = 0; i < 3; i++) # ^ diffutils-3.6/src/diff3.c:402:5: note: Taking true branch # if (! STREQ (file[i], "-")) # ^ diffutils-3.6/src/diff3.c:404:6: note: Assuming the condition is false # if (stat (file[i], &statb) < 0) # ^~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:404:2: note: Taking false branch # if (stat (file[i], &statb) < 0) # ^ diffutils-3.6/src/diff3.c:406:7: note: Taking false branch # else if (S_ISDIR (statb.st_mode)) # ^ diffutils-3.6/src/diff3.c:401:3: note: Loop condition is false. Execution continues on line 412 # for (i = 0; i < 3; i++) # ^ diffutils-3.6/src/diff3.c:420:13: note: Calling 'process_diff' # thread1 = process_diff (file[rev_mapping[FILE1]], commonname, &last_block, &b1); # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:999:3: note: 'bptr' declared without an initial value # struct diff_block *bptr IF_LINT (= NULL); # ^~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:1008:10: note: Assuming 'scan_diff' is >= 'diff_limit' # while (scan_diff < diff_limit) # ^~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:1008:3: note: Loop condition is false. Execution continues on line 1090 # while (scan_diff < diff_limit) # ^ diffutils-3.6/src/diff3.c:1091:15: note: Assigned value is garbage or undefined # *last_block = bptr; # ^ ~~~~ # 1089| # 1090| *block_list_end = NULL; # 1091|-> *last_block = bptr; # 1092| return block_list; # 1093| } Error: CLANG_WARNING: diffutils-3.6/src/diff3.c:1458:10: warning: Array access results in a null pointer dereference # cp = D_RELNUM (ptr, realfile, line); # ^ diffutils-3.6/src/diff3.c:109:3: note: expanded from macro 'D_RELNUM' # ((diff)->lines[filenum][linenum]) # ^ diffutils-3.6/src/diff3.c:276:10: note: Assuming the condition is false # while ((c = getopt_long (argc, argv, "aeimvx3AEL:TX", longopts, 0)) != -1) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:276:3: note: Loop condition is false. Execution continues on line 343 # while ((c = getopt_long (argc, argv, "aeimvx3AEL:TX", longopts, 0)) != -1) # ^ diffutils-3.6/src/diff3.c:348:7: note: Left side of '||' is false # if (incompat > 1 /* Ensure at most one of -AeExX3. */ # ^ diffutils-3.6/src/diff3.c:348:7: note: Left side of '||' is false diffutils-3.6/src/diff3.c:350:21: note: Left side of '&&' is false # || (tag_count && ! flagging)) /* -L requires one of -AEX. */ # ^ diffutils-3.6/src/diff3.c:353:3: note: Taking false branch # if (argc - optind != 3) # ^ diffutils-3.6/src/diff3.c:363:3: note: Loop condition is true. Entering loop body # for (i = tag_count; i < 3; i++) # ^ diffutils-3.6/src/diff3.c:363:3: note: Loop condition is true. Entering loop body diffutils-3.6/src/diff3.c:363:3: note: Loop condition is true. Entering loop body diffutils-3.6/src/diff3.c:363:3: note: Loop condition is false. Execution continues on line 382 diffutils-3.6/src/diff3.c:384:3: note: Taking false branch # if (STREQ (file[common], "-")) # ^ diffutils-3.6/src/diff3.c:398:3: note: Loop condition is true. Entering loop body # for (i = 0; i < 3; i++) # ^ diffutils-3.6/src/diff3.c:398:3: note: Loop condition is true. Entering loop body diffutils-3.6/src/diff3.c:398:3: note: Loop condition is true. Entering loop body diffutils-3.6/src/diff3.c:398:3: note: Loop condition is false. Execution continues on line 401 diffutils-3.6/src/diff3.c:401:3: note: Loop condition is true. Entering loop body # for (i = 0; i < 3; i++) # ^ diffutils-3.6/src/diff3.c:402:5: note: Taking true branch # if (! STREQ (file[i], "-")) # ^ diffutils-3.6/src/diff3.c:404:6: note: Assuming the condition is false # if (stat (file[i], &statb) < 0) # ^~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:404:2: note: Taking false branch # if (stat (file[i], &statb) < 0) # ^ diffutils-3.6/src/diff3.c:406:7: note: Taking false branch # else if (S_ISDIR (statb.st_mode)) # ^ diffutils-3.6/src/diff3.c:401:3: note: Loop condition is true. Entering loop body # for (i = 0; i < 3; i++) # ^ diffutils-3.6/src/diff3.c:402:5: note: Taking true branch # if (! STREQ (file[i], "-")) # ^ diffutils-3.6/src/diff3.c:404:6: note: Assuming the condition is false # if (stat (file[i], &statb) < 0) # ^~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:404:2: note: Taking false branch # if (stat (file[i], &statb) < 0) # ^ diffutils-3.6/src/diff3.c:406:7: note: Taking false branch # else if (S_ISDIR (statb.st_mode)) # ^ diffutils-3.6/src/diff3.c:401:3: note: Loop condition is true. Entering loop body # for (i = 0; i < 3; i++) # ^ diffutils-3.6/src/diff3.c:402:5: note: Taking true branch # if (! STREQ (file[i], "-")) # ^ diffutils-3.6/src/diff3.c:404:6: note: Assuming the condition is false # if (stat (file[i], &statb) < 0) # ^~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:404:2: note: Taking false branch # if (stat (file[i], &statb) < 0) # ^ diffutils-3.6/src/diff3.c:406:7: note: Taking false branch # else if (S_ISDIR (statb.st_mode)) # ^ diffutils-3.6/src/diff3.c:401:3: note: Loop condition is false. Execution continues on line 412 # for (i = 0; i < 3; i++) # ^ diffutils-3.6/src/diff3.c:426:11: note: Calling 'make_3way_diff' # diff3 = make_3way_diff (thread0, thread1); # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:647:10: note: Assuming the condition is false # while (current[0] || current[1]) # ^~~~~~~~~~ diffutils-3.6/src/diff3.c:647:10: note: Left side of '||' is false diffutils-3.6/src/diff3.c:647:3: note: Loop condition is true. Entering loop body # while (current[0] || current[1]) # ^ diffutils-3.6/src/diff3.c:652:7: note: Taking true branch # if (!current[0]) # ^ diffutils-3.6/src/diff3.c:680:7: note: Left side of '&&' is false # && D_LOWLINE (other_diff, FC) <= high_water_mark + 1) # ^ diffutils-3.6/src/diff3.c:717:18: note: Calling 'using_to_diff3_block' # tmpblock = using_to_diff3_block (using, last_using, # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:770:3: note: Loop condition is true. Entering loop body # for (d = 0; d < 2; d++) # ^ diffutils-3.6/src/diff3.c:771:5: note: Taking false branch # if (using[d]) # ^ diffutils-3.6/src/diff3.c:770:3: note: Loop condition is true. Entering loop body # for (d = 0; d < 2; d++) # ^ diffutils-3.6/src/diff3.c:771:5: note: Taking true branch # if (using[d]) # ^ diffutils-3.6/src/diff3.c:770:3: note: Loop condition is false. Execution continues on line 783 # for (d = 0; d < 2; d++) # ^ diffutils-3.6/src/diff3.c:783:12: note: Calling 'create_diff3_block' # result = create_diff3_block (low[0], high[0], low[1], high[1], lowc, highc); # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:912:3: note: Assuming pointer value is null # D3_TYPE (result) = ERROR; # ^~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:123:23: note: expanded from macro 'D3_TYPE' ##define D3_TYPE(diff) ((diff)->correspond) # ^ diffutils-3.6/src/diff3.c:925:7: note: Assuming 'numlines' is 0 # if (numlines) # ^~~~~~~~ diffutils-3.6/src/diff3.c:925:3: note: Taking false branch # if (numlines) # ^ diffutils-3.6/src/diff3.c:937:7: note: Assuming 'numlines' is 0 # if (numlines) # ^~~~~~~~ diffutils-3.6/src/diff3.c:937:3: note: Taking false branch # if (numlines) # ^ diffutils-3.6/src/diff3.c:949:7: note: Assuming 'numlines' is 0 # if (numlines) # ^~~~~~~~ diffutils-3.6/src/diff3.c:949:3: note: Taking false branch # if (numlines) # ^ diffutils-3.6/src/diff3.c:783:12: note: Returning from 'create_diff3_block' # result = create_diff3_block (low[0], high[0], low[1], high[1], lowc, highc); # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:788:3: note: Loop condition is true. Entering loop body # for (d = 0; d < 2; d++) # ^ diffutils-3.6/src/diff3.c:789:5: note: Loop condition is false. Execution continues on line 788 # for (ptr = using[d]; ptr; ptr = D_NEXT (ptr)) # ^ diffutils-3.6/src/diff3.c:788:3: note: Loop condition is true. Entering loop body # for (d = 0; d < 2; d++) # ^ diffutils-3.6/src/diff3.c:789:5: note: Loop condition is true. Entering loop body # for (ptr = using[d]; ptr; ptr = D_NEXT (ptr)) # ^ diffutils-3.6/src/diff3.c:793:2: note: Taking false branch # if (!copy_stringlist (D_LINEARRAY (ptr, FC), # ^ diffutils-3.6/src/diff3.c:789:5: note: Loop condition is false. Execution continues on line 788 # for (ptr = using[d]; ptr; ptr = D_NEXT (ptr)) # ^ diffutils-3.6/src/diff3.c:788:3: note: Loop condition is false. Execution continues on line 804 # for (d = 0; d < 2; d++) # ^ diffutils-3.6/src/diff3.c:804:3: note: Loop condition is true. Entering loop body # for (d = 0; d < 2; d++) # ^ diffutils-3.6/src/diff3.c:810:15: note: '?' condition is false # i + lo < (u ? D_LOWLINE (u, FO) : hi + 1); # ^ diffutils-3.6/src/diff3.c:809:7: note: Loop condition is false. Execution continues on line 817 # for (i = 0; # ^ diffutils-3.6/src/diff3.c:817:7: note: Loop condition is false. Execution continues on line 804 # for (ptr = u; ptr; ptr = D_NEXT (ptr)) # ^ diffutils-3.6/src/diff3.c:804:3: note: Loop condition is true. Entering loop body # for (d = 0; d < 2; d++) # ^ diffutils-3.6/src/diff3.c:810:15: note: '?' condition is true # i + lo < (u ? D_LOWLINE (u, FO) : hi + 1); # ^ diffutils-3.6/src/diff3.c:809:7: note: Loop condition is false. Execution continues on line 817 # for (i = 0; # ^ diffutils-3.6/src/diff3.c:817:7: note: Loop condition is true. Entering loop body # for (ptr = u; ptr; ptr = D_NEXT (ptr)) # ^ diffutils-3.6/src/diff3.c:822:4: note: Taking false branch # if (!copy_stringlist (D_LINEARRAY (ptr, FO), # ^ diffutils-3.6/src/diff3.c:831:4: note: Loop condition is false. Execution continues on line 817 # for (i = D_HIGHLINE (ptr, FO) + 1 - lo; # ^ diffutils-3.6/src/diff3.c:817:7: note: Loop condition is false. Execution continues on line 804 # for (ptr = u; ptr; ptr = D_NEXT (ptr)) # ^ diffutils-3.6/src/diff3.c:804:3: note: Loop condition is false. Execution continues on line 843 # for (d = 0; d < 2; d++) # ^ diffutils-3.6/src/diff3.c:843:3: note: Taking true branch # if (!using[0]) # ^ diffutils-3.6/src/diff3.c:717:18: note: Returning from 'using_to_diff3_block' # tmpblock = using_to_diff3_block (using, last_using, # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:721:7: note: Taking false branch # if (!tmpblock) # ^ diffutils-3.6/src/diff3.c:647:10: note: Left side of '||' is false # while (current[0] || current[1]) # ^ diffutils-3.6/src/diff3.c:647:3: note: Loop condition is false. Execution continues on line 731 # while (current[0] || current[1]) # ^ diffutils-3.6/src/diff3.c:426:11: note: Returning from 'make_3way_diff' # diff3 = make_3way_diff (thread0, thread1); # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:431:7: note: Assuming 'edscript' is 0 # if (edscript) # ^~~~~~~~ diffutils-3.6/src/diff3.c:431:3: note: Taking false branch # if (edscript) # ^ diffutils-3.6/src/diff3.c:435:12: note: Assuming 'merge' is 0 # else if (merge) # ^~~~~ diffutils-3.6/src/diff3.c:435:8: note: Taking false branch # else if (merge) # ^ diffutils-3.6/src/diff3.c:446:7: note: Calling 'output_diff3' # output_diff3 (stdout, diff3, mapping, rev_mapping); # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:1399:29: note: Assuming 'initial_tab' is 0 # char const *line_prefix = initial_tab ? "\t" : " "; # ^~~~~~~~~~~ diffutils-3.6/src/diff3.c:1399:29: note: '?' condition is false diffutils-3.6/src/diff3.c:1401:8: note: Value assigned to 'ptr' # for (ptr = diff; ptr; ptr = D_NEXT (ptr)) # ^~~~~~~~~~ diffutils-3.6/src/diff3.c:1401:3: note: Loop condition is true. Entering loop body # for (ptr = diff; ptr; ptr = D_NEXT (ptr)) # ^ diffutils-3.6/src/diff3.c:1405:7: note: Control jumps to 'case DIFF_2ND:' at line 1413 # switch (ptr->correspond) # ^ diffutils-3.6/src/diff3.c:1419:16: note: Assuming 'oddoneout' is equal to 0 # dontprint = oddoneout == 0; # ^~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:1420:4: note: Execution continues on line 1424 # break; # ^ diffutils-3.6/src/diff3.c:1427:7: note: Loop condition is true. Entering loop body # for (i = 0; i < 3; # ^ diffutils-3.6/src/diff3.c:1437:4: note: Control jumps to 'case 0:' at line 1442 # switch (lowt - hight) # ^ diffutils-3.6/src/diff3.c:1444:8: note: Execution continues on line 1450 # break; # ^ diffutils-3.6/src/diff3.c:1450:4: note: Taking false branch # if (i == dontprint) continue; # ^ diffutils-3.6/src/diff3.c:1452:4: note: Taking true branch # if (lowt <= hight) # ^ diffutils-3.6/src/diff3.c:1458:10: note: Array access results in a null pointer dereference # cp = D_RELNUM (ptr, realfile, line); # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diffutils-3.6/src/diff3.c:109:3: note: expanded from macro 'D_RELNUM' # ((diff)->lines[filenum][linenum]) # ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 1456| { # 1457| fputs (line_prefix, outputfile); # 1458|-> cp = D_RELNUM (ptr, realfile, line); # 1459| length = D_RELLEN (ptr, realfile, line); # 1460| fwrite (cp, sizeof (char), length, outputfile); Error: DEADCODE (CWE-561): diffutils-3.6/src/ifdef.c:318: cond_at_least: Condition "(unsigned int)c - 48U <= 9U", taking false branch. Now the value of "c" is at least 58. diffutils-3.6/src/ifdef.c:320: at_least: At condition "c == '.'", the value of "c" must be at least 58. diffutils-3.6/src/ifdef.c:320: dead_error_condition: The condition "c == '.'" cannot be true. diffutils-3.6/src/ifdef.c:321: dead_error_line: Execution cannot reach this statement: "while ((unsigned int)(c = *...". # 319| c = *f++; # 320| if (c == '.') # 321|-> while (ISDIGIT (c = *f++)) # 322| continue; # 323| c1 = *f++; Error: RESOURCE_LEAK (CWE-772): diffutils-3.6/src/ifdef.c:368: alloc_fn: Storage is returned from allocation function "xmalloc". diffutils-3.6/lib/xmalloc.c:41:11: alloc_fn: Storage is returned from allocation function "malloc". diffutils-3.6/lib/xmalloc.c:41:11: var_assign: Assigning: "p" = "malloc(n)". diffutils-3.6/lib/xmalloc.c:44:3: return_alloc: Returning allocated memory "p". diffutils-3.6/src/ifdef.c:368: var_assign: Assigning: "format" = storage returned from "xmalloc(spec_prefix_len + pI_len + 2UL)". diffutils-3.6/src/ifdef.c:370: var_assign: Assigning: "p" = "format". diffutils-3.6/src/ifdef.c:371: noescape: Resource "format" is not freed or pointed-to in "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.] diffutils-3.6/src/ifdef.c:372: noescape: Resource "format + spec_prefix_len" is not freed or pointed-to in "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.] diffutils-3.6/src/ifdef.c:375: noescape: Resource "format" is not freed or pointed-to in "fprintf". [Note: The source code implementation of the function has been overridden by a builtin model.] diffutils-3.6/src/ifdef.c:379: leaked_storage: Variable "p" going out of scope leaks the storage it points to. diffutils-3.6/src/ifdef.c:379: leaked_storage: Variable "format" going out of scope leaks the storage it points to. # 377| free (format); # 378| #endif # 379|-> } # 380| } # 381| break; Error: COMPILER_WARNING: diffutils-3.6/src/sdiff.c: scope_hint: In function 'edit' diffutils-3.6/src/sdiff.c:868:11: warning: 'cmd1' may be used uninitialized in this function [-Wmaybe-uninitialized] # int cmd1 IF_LINT (= 0); # ^~~~ # 866| { # 867| int cmd0 IF_LINT (= 0); # 868|-> int cmd1 IF_LINT (= 0); # 869| bool gotcmd = false; # 870| Error: UNINIT (CWE-457): diffutils-3.6/src/sdiff.c:868: var_decl: Declaring variable "cmd1" without initializer. diffutils-3.6/src/sdiff.c:965: uninit_use: Using uninitialized value "cmd1". # 963| perror_fatal (tmpname); # 964| # 965|-> switch (cmd1) # 966| { # 967| case 'd': Error: SECURE_TEMP (CWE-377): diffutils-3.6/src/sdiff.c:1169: secure_temp: Calling "mkstemp" without securely setting umask first. # 1167| int fd; # 1168| sprintf (buf, "%s/sdiffXXXXXX", dir); # 1169|-> fd = mkstemp (buf); # 1170| if (0 <= fd) # 1171| tmpname = buf; Error: RESOURCE_LEAK (CWE-772): diffutils-3.6/src/sdiff.c:1166: alloc_fn: Storage is returned from allocation function "xmalloc". diffutils-3.6/lib/xmalloc.c:41:11: alloc_fn: Storage is returned from allocation function "malloc". diffutils-3.6/lib/xmalloc.c:41:11: var_assign: Assigning: "p" = "malloc(n)". diffutils-3.6/lib/xmalloc.c:44:3: return_alloc: Returning allocated memory "p". diffutils-3.6/src/sdiff.c:1166: var_assign: Assigning: "buf" = storage returned from "xmalloc(strlen(dir) + 1UL + 5UL + 6UL + 1UL)". diffutils-3.6/src/sdiff.c:1168: noescape: Resource "buf" is not freed or pointed-to in "sprintf". [Note: The source code implementation of the function has been overridden by a builtin model.] diffutils-3.6/src/sdiff.c:1169: noescape: Resource "buf" is not freed or pointed-to in "mkstemp". diffutils-3.6/src/sdiff.c:1172: leaked_storage: Variable "buf" going out of scope leaks the storage it points to. # 1170| if (0 <= fd) # 1171| tmpname = buf; # 1172|-> return fd; # 1173| } Error: RESOURCE_LEAK (CWE-772): diffutils-3.6/src/util.c:594: alloc_fn: Storage is returned from allocation function "xstrdup". diffutils-3.6/lib/xmalloc.c:121:3: alloc_fn: Storage is returned from allocation function "xmemdup". diffutils-3.6/lib/xmalloc.c:113:3: alloc_fn: Storage is returned from allocation function "xmalloc". diffutils-3.6/lib/xmalloc.c:41:11: alloc_fn: Storage is returned from allocation function "malloc". diffutils-3.6/lib/xmalloc.c:41:11: var_assign: Assigning: "p" = "malloc(n)". diffutils-3.6/lib/xmalloc.c:44:3: return_alloc: Returning allocated memory "p". diffutils-3.6/lib/xmalloc.c:113:3: identity_transfer: Passing "xmalloc(s)" as argument 1 to function "memcpy", which returns that argument. [Note: The source code implementation of the function has been overridden by a builtin model.] diffutils-3.6/lib/xmalloc.c:113:3: return_alloc_fn: Directly returning storage allocated by "memcpy". diffutils-3.6/lib/xmalloc.c:121:3: return_alloc_fn: Directly returning storage allocated by "xmemdup". diffutils-3.6/src/util.c:594: var_assign: Assigning: "color_buf" = storage returned from "xstrdup(p)". diffutils-3.6/src/util.c:594: var_assign: Assigning: "buf" = "color_buf". diffutils-3.6/src/util.c:702: leaked_storage: Variable "buf" going out of scope leaks the storage it points to. diffutils-3.6/src/util.c:702: leaked_storage: Variable "color_buf" going out of scope leaks the storage it points to. # 700| colors_enabled = false; # 701| } # 702|-> } # 703| # 704| static void