Covscan found a large number of issues in diffutils-3.6. The Coverity
covscan result is attached.
Best Regards,
Than
Error: NO_EFFECT (CWE-398):
diffutils-3.6/lib/anytostr.c:41: unsigned_compare: This less-than-zero
comparison of an unsigned value is never true. "i < 0U".
# 39| *p = 0;
# 40|
# 41|-> if (i < 0)
# 42| {
# 43| do
Error: NO_EFFECT (CWE-398):
diffutils-3.6/lib/anytostr.c:41: unsigned_compare: This less-than-zero
comparison of an unsigned value is never true. "i < 0UL".
# 39| *p = 0;
# 40|
# 41|-> if (i < 0)
# 42| {
# 43| do
Error: UNINIT (CWE-457):
diffutils-3.6/lib/diffseq.h:377: var_decl: Declaring variable "fxbest" without
initializer.
diffutils-3.6/lib/diffseq.h:420: uninit_use: Using uninitialized value "fxbest".
# 418| if ((xlim + ylim) - bxybest < fxybest - (xoff + yoff))
# 419| {
# 420|-> part->xmid = fxbest;
# 421| part->ymid = fxybest - fxbest;
# 422| part->lo_minimal = true;
Error: COMPILER_WARNING:
diffutils-3.6/lib/diffseq.h:421:36: warning: 'fxbest' may be used uninitialized
in this function [-Wmaybe-uninitialized]
# part->ymid = fxybest - fxbest;
# ~~~~~~~~^~~~~~~~
diffutils-3.6/lib/diffseq.h:377:18: note: 'fxbest' was declared here
# OFFSET fxbest IF_LINT (= 0);
# ^~~~~~
# 419| {
# 420| part->xmid = fxbest;
# 421|-> part->ymid = fxybest - fxbest;
# 422| part->lo_minimal = true;
# 423| part->hi_minimal = false;
Error: UNINIT (CWE-457):
diffutils-3.6/lib/diffseq.h:379: var_decl: Declaring variable "bxbest" without
initializer.
diffutils-3.6/lib/diffseq.h:427: uninit_use: Using uninitialized value "bxbest".
# 425| else
# 426| {
# 427|-> part->xmid = bxbest;
# 428| part->ymid = bxybest - bxbest;
# 429| part->lo_minimal = false;
Error: COMPILER_WARNING:
diffutils-3.6/src/analyze.c:35: included_from: Included from here.
diffutils-3.6/lib/diffseq.h: scope_hint: In function 'compareseq'
diffutils-3.6/lib/diffseq.h:428:36: warning: 'bxbest' may be used uninitialized
in this function [-Wmaybe-uninitialized]
# part->ymid = bxybest - bxbest;
# ~~~~~~~~^~~~~~~~
diffutils-3.6/lib/diffseq.h:379:18: note: 'bxbest' was declared here
# OFFSET bxbest IF_LINT (= 0);
# ^~~~~~
# 426| {
# 427| part->xmid = bxbest;
# 428|-> part->ymid = bxybest - bxbest;
# 429| part->lo_minimal = false;
# 430| part->hi_minimal = true;
Error: DEADCODE (CWE-561):
diffutils-3.6/lib/dirname-lgpl.c:34: assignment: Assigning: "prefix_length" =
"0UL".
diffutils-3.6/lib/dirname-lgpl.c:38: const: At condition "prefix_length !=
0UL", the value of "prefix_length" must be equal to 0.
diffutils-3.6/lib/dirname-lgpl.c:38: dead_error_condition: The condition
"prefix_length != 0UL" cannot be true.
diffutils-3.6/lib/dirname-lgpl.c:38: dead_error_line: Execution cannot reach
the expression "0" inside this statement: "prefix_length += ((prefix_l...".
# 36|
# 37| /* Advance prefix_length beyond important leading slashes. */
# 38|-> prefix_length += (prefix_length != 0
# 39| ? (FILE_SYSTEM_DRIVE_PREFIX_CAN_BE_RELATIVE
# 40| && ISSLASH (file[prefix_length]))
Error: RESOURCE_LEAK (CWE-772):
diffutils-3.6/lib/freopen-safer.c:42: open_fn: Returning handle opened by
"open". [Note: The source code implementation of the function has been
overridden by a user model.]
diffutils-3.6/lib/freopen-safer.c:42: var_assign: Assigning: "value" = handle
returned from "open("/dev/null", 0)".
diffutils-3.6/lib/freopen-safer.c:52: leaked_handle: Handle variable "value"
going out of scope leaks the handle.
# 50| return false;
# 51| }
# 52|-> return true;
# 53| }
# 54|
Error: CLANG_WARNING:
diffutils-3.6/lib/localcharset.c:243:23: warning: Potential leak of memory
pointed to by 'old_res_ptr'
# strcpy (res_ptr + res_size - (l2 + 1) - (l1 + 1), buf1);
# ^
diffutils-3.6/lib/localcharset.c:588:7: note: Assuming 'codeset' is not equal
to NULL
# if (codeset == NULL)
# ^~~~~~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:588:3: note: Taking false branch
# if (codeset == NULL)
# ^
diffutils-3.6/lib/localcharset.c:593:18: note: Calling 'get_charset_aliases'
# for (aliases = get_charset_aliases ();
# ^~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:130:7: note: Assuming 'cp' is equal to NULL
# if (cp == NULL)
# ^~~~~~~~~~
diffutils-3.6/lib/localcharset.c:130:3: note: Taking true branch
# if (cp == NULL)
# ^
diffutils-3.6/lib/localcharset.c:141:11: note: Assuming 'dir' is not equal to
NULL
# if (dir == NULL || dir[0] == '\0')
# ^~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:141:11: note: Left side of '||' is false
diffutils-3.6/lib/localcharset.c:141:26: note: Assuming the condition is false
# if (dir == NULL || dir[0] == '\0')
# ^~~~~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:141:7: note: Taking false branch
# if (dir == NULL || dir[0] == '\0')
# ^
diffutils-3.6/lib/localcharset.c:148:26: note: Assuming 'dir_len' is <= 0
# int add_slash = (dir_len > 0 && !ISSLASH (dir[dir_len - 1]));
# ^~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:148:38: note: Left side of '&&' is false
# int add_slash = (dir_len > 0 && !ISSLASH (dir[dir_len - 1]));
# ^
diffutils-3.6/lib/localcharset.c:150:13: note: Assuming 'file_name' is not
equal to NULL
# if (file_name != NULL)
# ^~~~~~~~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:150:9: note: Taking true branch
# if (file_name != NULL)
# ^
diffutils-3.6/lib/localcharset.c:153:13: note: Taking false branch
# if (add_slash)
# ^
diffutils-3.6/lib/localcharset.c:161:7: note: Taking false branch
# if (file_name == NULL)
# ^
diffutils-3.6/lib/localcharset.c:177:15: note: Assuming 'fd' is >= 0
# if (fd < 0)
# ^~~~~~
diffutils-3.6/lib/localcharset.c:177:11: note: Taking false branch
# if (fd < 0)
# ^
diffutils-3.6/lib/localcharset.c:185:19: note: Assuming 'fp' is not equal to
NULL
# if (fp == NULL)
# ^~~~~~~~~~
diffutils-3.6/lib/localcharset.c:185:15: note: Taking false branch
# if (fp == NULL)
# ^
diffutils-3.6/lib/localcharset.c:197:19: note: Loop condition is true.
Entering loop body
# for (;;)
# ^
diffutils-3.6/lib/localcharset.c:206:23: note: Taking false branch
# if (c == EOF)
# ^
diffutils-3.6/lib/localcharset.c:208:27: note: Assuming the condition is false
# if (c == '\n' || c == ' ' || c == '\t')
# ^~~~~~~~~
diffutils-3.6/lib/localcharset.c:208:27: note: Left side of '||' is false
diffutils-3.6/lib/localcharset.c:208:40: note: Assuming the condition is false
# if (c == '\n' || c == ' ' || c == '\t')
# ^~~~~~~~
diffutils-3.6/lib/localcharset.c:208:27: note: Left side of '||' is false
# if (c == '\n' || c == ' ' || c == '\t')
# ^
diffutils-3.6/lib/localcharset.c:208:52: note: Assuming the condition is false
# if (c == '\n' || c == ' ' || c == '\t')
# ^~~~~~~~~
diffutils-3.6/lib/localcharset.c:208:23: note: Taking false branch
# if (c == '\n' || c == ' ' || c == '\t')
# ^
diffutils-3.6/lib/localcharset.c:210:27: note: Assuming the condition is false
# if (c == '#')
# ^~~~~~~~
diffutils-3.6/lib/localcharset.c:210:23: note: Taking false branch
# if (c == '#')
# ^
diffutils-3.6/lib/localcharset.c:221:27: note: Assuming the condition is false
# if (fscanf (fp, "%50s %50s", buf1, buf2) < 2)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:221:23: note: Taking false branch
# if (fscanf (fp, "%50s %50s", buf1, buf2) < 2)
# ^
diffutils-3.6/lib/localcharset.c:226:23: note: Taking true branch
# if (res_size == 0)
# ^
diffutils-3.6/lib/localcharset.c:229:46: note: Memory is allocated
# res_ptr = (char *) malloc (res_size + 1);
# ^~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:236:27: note: Assuming 'res_ptr' is not equal
to NULL
# if (res_ptr == NULL)
# ^~~~~~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:236:23: note: Taking false branch
# if (res_ptr == NULL)
# ^
diffutils-3.6/lib/localcharset.c:197:19: note: Loop condition is true.
Entering loop body
# for (;;)
# ^
diffutils-3.6/lib/localcharset.c:206:27: note: Assuming the condition is false
# if (c == EOF)
# ^~~~~~~~
diffutils-3.6/lib/localcharset.c:206:23: note: Taking false branch
# if (c == EOF)
# ^
diffutils-3.6/lib/localcharset.c:208:27: note: Assuming the condition is false
# if (c == '\n' || c == ' ' || c == '\t')
# ^~~~~~~~~
diffutils-3.6/lib/localcharset.c:208:27: note: Left side of '||' is false
diffutils-3.6/lib/localcharset.c:208:40: note: Assuming the condition is false
# if (c == '\n' || c == ' ' || c == '\t')
# ^~~~~~~~
diffutils-3.6/lib/localcharset.c:208:27: note: Left side of '||' is false
# if (c == '\n' || c == ' ' || c == '\t')
# ^
diffutils-3.6/lib/localcharset.c:208:52: note: Assuming the condition is false
# if (c == '\n' || c == ' ' || c == '\t')
# ^~~~~~~~~
diffutils-3.6/lib/localcharset.c:208:23: note: Taking false branch
# if (c == '\n' || c == ' ' || c == '\t')
# ^
diffutils-3.6/lib/localcharset.c:210:27: note: Assuming the condition is false
# if (c == '#')
# ^~~~~~~~
diffutils-3.6/lib/localcharset.c:210:23: note: Taking false branch
# if (c == '#')
# ^
diffutils-3.6/lib/localcharset.c:221:27: note: Assuming the condition is false
# if (fscanf (fp, "%50s %50s", buf1, buf2) < 2)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:221:23: note: Taking false branch
# if (fscanf (fp, "%50s %50s", buf1, buf2) < 2)
# ^
diffutils-3.6/lib/localcharset.c:226:27: note: Assuming 'res_size' is equal to 0
# if (res_size == 0)
# ^~~~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:226:23: note: Taking true branch
# if (res_size == 0)
# ^
diffutils-3.6/lib/localcharset.c:236:27: note: Assuming 'res_ptr' is not equal
to NULL
# if (res_ptr == NULL)
# ^~~~~~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:236:23: note: Taking false branch
# if (res_ptr == NULL)
# ^
diffutils-3.6/lib/localcharset.c:243:23: note: Potential leak of memory pointed
to by 'old_res_ptr'
# strcpy (res_ptr + res_size - (l2 + 1) - (l1 + 1), buf1);
# ^
# 241| break;
# 242| }
# 243|-> strcpy (res_ptr + res_size - (l2 + 1) - (l1 +
1), buf1);
# 244| strcpy (res_ptr + res_size - (l2 + 1), buf2);
# 245| }
Error: CHECKED_RETURN (CWE-252):
diffutils-3.6/lib/localcharset.c:246: check_return: Calling "fclose" without
checking return value (as is done elsewhere 7 out of 8 times).
diffutils-3.6/lib/exclude.c:691: example_checked: Example 1: "fclose(in)" has
its value checked in "fclose(in) != 0".
diffutils-3.6/src/cmp.c:156: example_checked: Example 2: "fclose(stdout)" has
its value checked in "fclose(stdout) != 0".
diffutils-3.6/src/diff.c:886: example_checked: Example 3: "fclose(stdout)" has
its value checked in "fclose(stdout) != 0".
diffutils-3.6/src/diff3.c:470: example_checked: Example 4: "fclose(stdout)" has
its value checked in "fclose(stdout) != 0".
diffutils-3.6/src/sdiff.c:168: example_checked: Example 5: "fclose(stdout)" has
its value checked in "fclose(stdout) != 0".
# 244| strcpy (res_ptr + res_size - (l2 + 1), buf2);
# 245| }
# 246|-> fclose (fp);
# 247| if (res_size == 0)
# 248| cp = "";
Error: CLANG_WARNING:
diffutils-3.6/lib/localcharset.c:248:26: warning: Potential leak of memory
pointed to by 'res_ptr'
# cp = "";
# ^
diffutils-3.6/lib/localcharset.c:588:7: note: Assuming 'codeset' is not equal
to NULL
# if (codeset == NULL)
# ^~~~~~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:588:3: note: Taking false branch
# if (codeset == NULL)
# ^
diffutils-3.6/lib/localcharset.c:593:18: note: Calling 'get_charset_aliases'
# for (aliases = get_charset_aliases ();
# ^~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:130:7: note: Assuming 'cp' is equal to NULL
# if (cp == NULL)
# ^~~~~~~~~~
diffutils-3.6/lib/localcharset.c:130:3: note: Taking true branch
# if (cp == NULL)
# ^
diffutils-3.6/lib/localcharset.c:141:11: note: Assuming 'dir' is not equal to
NULL
# if (dir == NULL || dir[0] == '\0')
# ^~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:141:11: note: Left side of '||' is false
diffutils-3.6/lib/localcharset.c:141:26: note: Assuming the condition is false
# if (dir == NULL || dir[0] == '\0')
# ^~~~~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:141:7: note: Taking false branch
# if (dir == NULL || dir[0] == '\0')
# ^
diffutils-3.6/lib/localcharset.c:148:26: note: Assuming 'dir_len' is <= 0
# int add_slash = (dir_len > 0 && !ISSLASH (dir[dir_len - 1]));
# ^~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:148:38: note: Left side of '&&' is false
# int add_slash = (dir_len > 0 && !ISSLASH (dir[dir_len - 1]));
# ^
diffutils-3.6/lib/localcharset.c:150:13: note: Assuming 'file_name' is not
equal to NULL
# if (file_name != NULL)
# ^~~~~~~~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:150:9: note: Taking true branch
# if (file_name != NULL)
# ^
diffutils-3.6/lib/localcharset.c:153:13: note: Taking false branch
# if (add_slash)
# ^
diffutils-3.6/lib/localcharset.c:161:7: note: Taking false branch
# if (file_name == NULL)
# ^
diffutils-3.6/lib/localcharset.c:177:15: note: Assuming 'fd' is >= 0
# if (fd < 0)
# ^~~~~~
diffutils-3.6/lib/localcharset.c:177:11: note: Taking false branch
# if (fd < 0)
# ^
diffutils-3.6/lib/localcharset.c:185:19: note: Assuming 'fp' is not equal to
NULL
# if (fp == NULL)
# ^~~~~~~~~~
diffutils-3.6/lib/localcharset.c:185:15: note: Taking false branch
# if (fp == NULL)
# ^
diffutils-3.6/lib/localcharset.c:197:19: note: Loop condition is true.
Entering loop body
# for (;;)
# ^
diffutils-3.6/lib/localcharset.c:206:23: note: Taking false branch
# if (c == EOF)
# ^
diffutils-3.6/lib/localcharset.c:208:27: note: Assuming the condition is false
# if (c == '\n' || c == ' ' || c == '\t')
# ^~~~~~~~~
diffutils-3.6/lib/localcharset.c:208:27: note: Left side of '||' is false
diffutils-3.6/lib/localcharset.c:208:40: note: Assuming the condition is false
# if (c == '\n' || c == ' ' || c == '\t')
# ^~~~~~~~
diffutils-3.6/lib/localcharset.c:208:27: note: Left side of '||' is false
# if (c == '\n' || c == ' ' || c == '\t')
# ^
diffutils-3.6/lib/localcharset.c:208:52: note: Assuming the condition is false
# if (c == '\n' || c == ' ' || c == '\t')
# ^~~~~~~~~
diffutils-3.6/lib/localcharset.c:208:23: note: Taking false branch
# if (c == '\n' || c == ' ' || c == '\t')
# ^
diffutils-3.6/lib/localcharset.c:210:27: note: Assuming the condition is false
# if (c == '#')
# ^~~~~~~~
diffutils-3.6/lib/localcharset.c:210:23: note: Taking false branch
# if (c == '#')
# ^
diffutils-3.6/lib/localcharset.c:221:27: note: Assuming the condition is false
# if (fscanf (fp, "%50s %50s", buf1, buf2) < 2)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:221:23: note: Taking false branch
# if (fscanf (fp, "%50s %50s", buf1, buf2) < 2)
# ^
diffutils-3.6/lib/localcharset.c:226:23: note: Taking true branch
# if (res_size == 0)
# ^
diffutils-3.6/lib/localcharset.c:229:46: note: Memory is allocated
# res_ptr = (char *) malloc (res_size + 1);
# ^~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:236:27: note: Assuming 'res_ptr' is not equal
to NULL
# if (res_ptr == NULL)
# ^~~~~~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:236:23: note: Taking false branch
# if (res_ptr == NULL)
# ^
diffutils-3.6/lib/localcharset.c:197:19: note: Loop condition is true.
Entering loop body
# for (;;)
# ^
diffutils-3.6/lib/localcharset.c:206:27: note: Assuming the condition is true
# if (c == EOF)
# ^~~~~~~~
diffutils-3.6/lib/localcharset.c:206:23: note: Taking true branch
# if (c == EOF)
# ^
diffutils-3.6/lib/localcharset.c:207:25: note: Execution continues on line 246
# break;
# ^
diffutils-3.6/lib/localcharset.c:247:23: note: Assuming 'res_size' is equal to 0
# if (res_size == 0)
# ^~~~~~~~~~~~~
diffutils-3.6/lib/localcharset.c:247:19: note: Taking true branch
# if (res_size == 0)
# ^
diffutils-3.6/lib/localcharset.c:248:26: note: Potential leak of memory pointed
to by 'res_ptr'
# cp = "";
# ^
# 246| fclose (fp);
# 247| if (res_size == 0)
# 248|-> cp = "";
# 249| else
# 250| {
Error: DEADCODE (CWE-561):
diffutils-3.6/lib/mktime.c:107: assignment: Assigning: "one" = "1L".
diffutils-3.6/lib/mktime.c:108: const: At condition "(-one >> 1) ==
0xffffffffffffffffL", the value of "one" must be equal to 1.
diffutils-3.6/lib/mktime.c:108: dead_error_condition: The condition "(-one >>
1) == 0xffffffffffffffffL" must be true.
diffutils-3.6/lib/mktime.c:108: dead_error_line: Execution cannot reach the
expression "a / (one << b)" inside this statement: "return ((-one >> 1) ==
0xff...".
# 106| {
# 107| long_int one = 1;
# 108|-> return (-one >> 1 == -1
# 109| ? a >> b
# 110| : a / (one << b) - (a % (one << b) < 0));
Error: CONSTANT_EXPRESSION_RESULT (CWE-398):
diffutils-3.6/lib/mktime.c:270: result_independent_of_operands: "*t <
-9223372036854775808L /* mktime_min */" is always false regardless of the
values of its operands. This occurs as the logical operand of "if".
# 268| {
# 269| struct tm *r;
# 270|-> if (*t < mktime_min)
# 271| *t = mktime_min;
# 272| else if (mktime_max < *t)
Error: CONSTANT_EXPRESSION_RESULT (CWE-398):
diffutils-3.6/lib/mktime.c:272: result_independent_of_operands:
"9223372036854775807L /* mktime_max */ < *t" is always false regardless of the
values of its operands. This occurs as the logical operand of "if".
# 270| if (*t < mktime_min)
# 271| *t = mktime_min;
# 272|-> else if (mktime_max < *t)
# 273| *t = mktime_max;
# 274| r = convert_time (convert, *t, tp);
Error: CONSTANT_EXPRESSION_RESULT (CWE-398):
diffutils-3.6/lib/mktime.c:472: result_independent_of_operands:
"-9223372036854775808L /* mktime_min */ <= t" is always true regardless of the
values of its operands. This occurs as the logical first operand of "&&".
# 470| sec_adjustment += sec_requested;
# 471| if (INT_ADD_WRAPV (t, sec_adjustment, &t)
# 472|-> || ! (mktime_min <= t && t <= mktime_max)
# 473| || ! convert_time (convert, t, &tm))
# 474| return -1;
Error: CONSTANT_EXPRESSION_RESULT (CWE-398):
diffutils-3.6/lib/quotearg.c:653: same_on_both_sides: "91 == 91" is always true
regardless of the values of its operands because those operands are identical.
This occurs as the logical first operand of "&&".
# 651| In practice the problem is limited to ASCII
# 652| chars >= '@' that are shell special chars.
*/
# 653|-> if ('[' == 0x5b && elide_outer_quotes
# 654| && quoting_style ==
shell_always_quoting_style)
# 655| {
Error: NO_EFFECT (CWE-398):
diffutils-3.6/lib/strftime.c:660: bad_memset: Function "memset" with fill value
"'0'" (the zero character) in "memset(p, 48, _delta)".
diffutils-3.6/lib/strftime.c:660: remediation: Did you intend to use 0 (the
value zero)?
# 658| if (*f != L_('%'))
# 659| {
# 660|-> add1 (*f);
# 661| continue;
# 662| }
Error: CPPCHECK_WARNING:
diffutils-3.6/lib/strftime.c:660: error[invalidFunctionArg]: Invalid memset()
argument nr 3. The value is -2 but the valid values are '0:'.
# 658| if (*f != L_('%'))
# 659| {
# 660|-> add1 (*f);
# 661| continue;
# 662| }
Error: NO_EFFECT (CWE-398):
diffutils-3.6/lib/strftime.c:771: bad_memset: Function "memset" with fill value
"'0'" (the zero character) in "memset(p, 48, _delta)".
diffutils-3.6/lib/strftime.c:771: remediation: Did you intend to use 0 (the
value zero)?
# 769| if (modifier != 0)
# 770| goto bad_format;
# 771|-> add1 (*f);
# 772| break;
# 773|
Error: NO_EFFECT (CWE-398):
diffutils-3.6/lib/strftime.c:855: bad_memset: Function "memset" with fill value
"'0'" (the zero character) in "memset(p, 48, _delta)".
diffutils-3.6/lib/strftime.c:855: remediation: Did you intend to use 0 (the
value zero)?
# 853| tp, to_uppcase,
tzset_called
# 854| extra_args LOCALE_ARG);
# 855|-> add (len, __strftime_internal (p,
# 856| STRFTIME_ARG (maxsize - i)
# 857| subfmt,
Error: NO_EFFECT (CWE-398):
diffutils-3.6/lib/strftime.c:890: bad_memset: Function "memset" with fill value
"'0'" (the zero character) in "memset(p, 48, _delta)".
diffutils-3.6/lib/strftime.c:890: remediation: Did you intend to use 0 (the
value zero)?
# 888| len = strftime (ubuf, sizeof ubuf, ufmt, tp);
# 889| if (len != 0)
# 890|-> cpy (len - 1, ubuf + 1);
# 891| }
# 892| break;
Error: NO_EFFECT (CWE-398):
diffutils-3.6/lib/strftime.c:1028: bad_memset: Function "memset" with fill
value "'0'" (the zero character) in "memset(p, 48, _delta)".
diffutils-3.6/lib/strftime.c:1028: remediation: Did you intend to use 0 (the
value zero)?
# 1026| {
# 1027| if (sign_char)
# 1028|-> add1 (sign_char);
# 1029| }
# 1030| else
Error: NO_EFFECT (CWE-398):
diffutils-3.6/lib/strftime.c:1047: bad_memset: Function "memset" with fill
value "'0'" (the zero character) in "memset(p, 48, _delta)".
diffutils-3.6/lib/strftime.c:1047: remediation: Did you intend to use 0 (the
value zero)?
# 1045| width = width > padding ? width - padding : 0;
# 1046| if (sign_char)
# 1047|-> add1 (sign_char);
# 1048| }
# 1049| else
Error: NO_EFFECT (CWE-398):
diffutils-3.6/lib/strftime.c:1055: bad_memset: Function "memset" with fill
value "'0'" (the zero character) in "memset(p, 48, _delta)".
diffutils-3.6/lib/strftime.c:1055: remediation: Did you intend to use 0 (the
value zero)?
# 1053|
# 1054| if (sign_char)
# 1055|-> add1 (sign_char);
# 1056|
# 1057| if (p)
Error: NO_EFFECT (CWE-398):
diffutils-3.6/lib/strftime.c:1058: bad_memset: Function "memset" with fill
value "'0'" (the zero character) in "memset(p, 48, padding)".
diffutils-3.6/lib/strftime.c:1058: remediation: Did you intend to use 0 (the
value zero)?
# 1056|
# 1057| if (p)
# 1058|-> memset_zero (p, padding);
# 1059| i += padding;
# 1060| width = 0;
Error: NO_EFFECT (CWE-398):
diffutils-3.6/lib/strftime.c:1066: bad_memset: Function "memset" with fill
value "'0'" (the zero character) in "memset(p, 48, _delta)".
diffutils-3.6/lib/strftime.c:1066: remediation: Did you intend to use 0 (the
value zero)?
# 1064| {
# 1065| if (sign_char)
# 1066|-> add1 (sign_char);
# 1067| }
# 1068| }
Error: NO_EFFECT (CWE-398):
diffutils-3.6/lib/strftime.c:1070: bad_memset: Function "memset" with fill
value "'0'" (the zero character) in "memset(p, 48, _delta)".
diffutils-3.6/lib/strftime.c:1070: remediation: Did you intend to use 0 (the
value zero)?
# 1068| }
# 1069|
# 1070|-> cpy (buf + sizeof (buf) / sizeof (buf[0]) - bufp, bufp);
# 1071| break;
# 1072|
Error: NO_EFFECT (CWE-398):
diffutils-3.6/lib/strftime.c:1141: bad_memset: Function "memset" with fill
value "'0'" (the zero character) in "memset(p, 48, _delta)".
diffutils-3.6/lib/strftime.c:1141: remediation: Did you intend to use 0 (the
value zero)?
# 1139|
# 1140| case L_('n'):
# 1141|-> add1 (L_('\n'));
# 1142| break;
# 1143|
Error: NO_EFFECT (CWE-398):
diffutils-3.6/lib/strftime.c:1233: bad_memset: Function "memset" with fill
value "'0'" (the zero character) in "memset(p, 48, _delta)".
diffutils-3.6/lib/strftime.c:1233: remediation: Did you intend to use 0 (the
value zero)?
# 1231|
# 1232| case L_('t'):
# 1233|-> add1 (L_('\t'));
# 1234| break;
# 1235|
Error: NO_EFFECT (CWE-398):
diffutils-3.6/lib/strftime.c:1379: bad_memset: Function "memset" with fill
value "'0'" (the zero character) in "memset(p, 48, _delta)".
diffutils-3.6/lib/strftime.c:1379: remediation: Did you intend to use 0 (the
value zero)?
# 1377| }
# 1378| #else
# 1379|-> cpy (strlen (zone), zone);
# 1380| #endif
# 1381| break;
Error: NO_EFFECT (CWE-398):
diffutils-3.6/lib/strftime.c:1494: bad_memset: Function "memset" with fill
value "'0'" (the zero character) in "memset(p, 48, _delta)".
diffutils-3.6/lib/strftime.c:1494: remediation: Did you intend to use 0 (the
value zero)?
# 1492| for (flen = 1; f[1 - flen] != L_('%'); flen++)
# 1493| continue;
# 1494|-> cpy (flen, &f[1 - flen]);
# 1495| }
# 1496| break;
Error: COMPILER_WARNING:
diffutils-3.6/lib/trim.c: scope_hint: In function 'trim2'
diffutils-3.6/lib/trim.c:103:16: warning: 'r' may be used uninitialized in this
function [-Wmaybe-uninitialized]
# *r = '\0';
# ~~~^~~~~~
# 101|
# 102| if (state == 2)
# 103|-> *r = '\0';
# 104| }
# 105| }
Error: FORWARD_NULL (CWE-476):
diffutils-3.6/lib/vasnprintf.c:1848: assign_zero: Assigning: "result" = "NULL".
diffutils-3.6/lib/vasnprintf.c:1894: var_deref_model: Passing null pointer
"result + length" to "memcpy", which dereferences it. [Note: The source code
implementation of the function has been overridden by a builtin model.]
# 1892| if (sizeof (FCHAR_T) == sizeof (DCHAR_T))
# 1893| {
# 1894|-> DCHAR_CPY (result + length, (const DCHAR_T *) cp, n);
# 1895| length = augmented_length;
# 1896| }
Error: FORWARD_NULL (CWE-476):
diffutils-3.6/lib/vasnprintf.c:1848: assign_zero: Assigning: "result" = "NULL".
diffutils-3.6/lib/vasnprintf.c:1916: var_deref_op: Dereferencing null pointer
"result".
# 1914| augmented_length = xsum (length, 1);
# 1915| ENSURE_ALLOCATION (augmented_length);
# 1916|-> result[length] = '%';
# 1917| length = augmented_length;
# 1918| }
Error: FORWARD_NULL (CWE-476):
diffutils-3.6/lib/vasnprintf.c:1848: assign_zero: Assigning: "result" = "NULL".
diffutils-3.6/lib/vasnprintf.c:4936: var_deref_op: Dereferencing null pointer
"result".
# 4934| /* Prepare checking whether snprintf returns the count
# 4935| via %n. */
# 4936|-> *(TCHAR_T *) (result + length) = '\0';
# 4937| #endif
# 4938|
Error: FORWARD_NULL (CWE-476):
diffutils-3.6/lib/vasnprintf.c:1848: assign_zero: Assigning: "result" = "NULL".
diffutils-3.6/lib/vasnprintf.c:5551: var_deref_op: Dereferencing null pointer
"result".
# 5549| /* Add the final NUL. */
# 5550| ENSURE_ALLOCATION (xsum (length, 1));
# 5551|-> result[length] = '\0';
# 5552|
# 5553| if (result != resultbuf && length + 1 < allocated)
Error: CPPCHECK_WARNING (CWE-401):
diffutils-3.6/lib/xmalloc.c:86: error[leakNoVarFunctionCall]: Allocation with
xmalloc, memset doesn't release it.
# 84| xzalloc (size_t s)
# 85| {
# 86|-> return memset (xmalloc (s), 0, s);
# 87| }
# 88|
Error: CPPCHECK_WARNING (CWE-401):
diffutils-3.6/lib/xmalloc.c:113: error[leakNoVarFunctionCall]: Allocation with
xmalloc, memcpy doesn't release it.
# 111| xmemdup (void const *p, size_t s)
# 112| {
# 113|-> return memcpy (xmalloc (s), p, s);
# 114| }
# 115|
Error: BAD_FREE (CWE-763):
diffutils-3.6/src/analyze.c:691: offset_free: "free" frees address offset from
"cmp->file[f].linbuf".
# 689| {
# 690| free (cmp->file[f].equivs);
# 691|-> free (cmp->file[f].linbuf + cmp->file[f].linbuf_base);
# 692| }
# 693|
Error: CLANG_WARNING:
diffutils-3.6/src/cmp.c:538:6: warning: 2nd function call argument is an
uninitialized value
# printf ("%*s %3o %3o\n",
# ^
diffutils-3.6/src/cmp.c:397:3: note: 'offset_width' declared without an initial
value
# int offset_width IF_LINT (= 0);
# ^~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:399:7: note: Assuming 'comparison_type' is not equal to
type_all_diffs
# if (comparison_type == type_all_diffs)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:399:3: note: Taking false branch
# if (comparison_type == type_all_diffs)
# ^
diffutils-3.6/src/cmp.c:415:3: note: Loop condition is true. Entering loop body
# for (f = 0; f < 2; f++)
# ^
diffutils-3.6/src/cmp.c:418:11: note: Assuming 'ig' is 0
# if (ig && file_position (f) == -1)
# ^~
diffutils-3.6/src/cmp.c:418:14: note: Left side of '&&' is false
# if (ig && file_position (f) == -1)
# ^
diffutils-3.6/src/cmp.c:415:3: note: Loop condition is true. Entering loop body
# for (f = 0; f < 2; f++)
# ^
diffutils-3.6/src/cmp.c:418:11: note: Assuming 'ig' is 0
# if (ig && file_position (f) == -1)
# ^~
diffutils-3.6/src/cmp.c:418:14: note: Left side of '&&' is false
# if (ig && file_position (f) == -1)
# ^
diffutils-3.6/src/cmp.c:415:3: note: Loop condition is false. Execution
continues on line 439
# for (f = 0; f < 2; f++)
# ^
diffutils-3.6/src/cmp.c:441:11: note: Assuming 'remaining' is equal to
UINTMAX_MAX
# if (remaining != UINTMAX_MAX)
# ^~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:441:7: note: Taking false branch
# if (remaining != UINTMAX_MAX)
# ^
diffutils-3.6/src/cmp.c:449:11: note: Assuming 'read0' is not equal to SIZE_MAX
# if (read0 == SIZE_MAX)
# ^~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:449:7: note: Taking false branch
# if (read0 == SIZE_MAX)
# ^
diffutils-3.6/src/cmp.c:452:11: note: Assuming 'read1' is not equal to SIZE_MAX
# if (read1 == SIZE_MAX)
# ^~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:452:7: note: Taking false branch
# if (read1 == SIZE_MAX)
# ^
diffutils-3.6/src/cmp.c:458:11: note: Assuming the condition is false
# if (memcmp (buf0, buf1, smaller) == 0)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:458:7: note: Taking false branch
# if (memcmp (buf0, buf1, smaller) == 0)
# ^
diffutils-3.6/src/cmp.c:470:11: note: Assuming 'comparison_type' is not equal
to type_first_diff
# if (comparison_type == type_first_diff && first_diff != 0)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:470:46: note: Left side of '&&' is false
# if (comparison_type == type_first_diff && first_diff != 0)
# ^
diffutils-3.6/src/cmp.c:476:7: note: Taking true branch
# if (first_diff < smaller)
# ^
diffutils-3.6/src/cmp.c:478:4: note: Control jumps to 'case type_all_diffs:'
at line 526
# switch (comparison_type)
# ^
diffutils-3.6/src/cmp.c:531:5: note: Taking false branch
# if (c0 != c1)
# ^
diffutils-3.6/src/cmp.c:554:15: note: Assuming 'first_diff' is >= 'smaller'
# while (first_diff < smaller);
# ^~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:527:8: note: Loop condition is false. Exiting loop
# do
# ^
diffutils-3.6/src/cmp.c:556:8: note: Execution continues on line 564
# break;
# ^
diffutils-3.6/src/cmp.c:564:11: note: Assuming 'read0' is equal to 'read1'
# if (read0 != read1)
# ^~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:564:7: note: Taking false branch
# if (read0 != read1)
# ^
diffutils-3.6/src/cmp.c:603:10: note: Left side of '&&' is true
# while (differing <= 0 && read0 == buf_size);
# ^
diffutils-3.6/src/cmp.c:603:28: note: Assuming 'read0' is equal to 'buf_size'
# while (differing <= 0 && read0 == buf_size);
# ^~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:437:3: note: Loop condition is true. Execution
continues on line 439
# do
# ^
diffutils-3.6/src/cmp.c:441:7: note: Taking false branch
# if (remaining != UINTMAX_MAX)
# ^
diffutils-3.6/src/cmp.c:449:11: note: Assuming 'read0' is not equal to SIZE_MAX
# if (read0 == SIZE_MAX)
# ^~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:449:7: note: Taking false branch
# if (read0 == SIZE_MAX)
# ^
diffutils-3.6/src/cmp.c:452:11: note: Assuming 'read1' is not equal to SIZE_MAX
# if (read1 == SIZE_MAX)
# ^~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:452:7: note: Taking false branch
# if (read1 == SIZE_MAX)
# ^
diffutils-3.6/src/cmp.c:458:11: note: Assuming the condition is false
# if (memcmp (buf0, buf1, smaller) == 0)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:458:7: note: Taking false branch
# if (memcmp (buf0, buf1, smaller) == 0)
# ^
diffutils-3.6/src/cmp.c:470:11: note: Assuming 'comparison_type' is not equal
to type_first_diff
# if (comparison_type == type_first_diff && first_diff != 0)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:470:46: note: Left side of '&&' is false
# if (comparison_type == type_first_diff && first_diff != 0)
# ^
diffutils-3.6/src/cmp.c:476:7: note: Taking true branch
# if (first_diff < smaller)
# ^
diffutils-3.6/src/cmp.c:478:4: note: Control jumps to 'case type_all_diffs:'
at line 526
# switch (comparison_type)
# ^
diffutils-3.6/src/cmp.c:531:5: note: Taking false branch
# if (c0 != c1)
# ^
diffutils-3.6/src/cmp.c:554:15: note: Assuming 'first_diff' is >= 'smaller'
# while (first_diff < smaller);
# ^~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:527:8: note: Loop condition is false. Exiting loop
# do
# ^
diffutils-3.6/src/cmp.c:556:8: note: Execution continues on line 564
# break;
# ^
diffutils-3.6/src/cmp.c:564:11: note: Assuming 'read0' is equal to 'read1'
# if (read0 != read1)
# ^~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:564:7: note: Taking false branch
# if (read0 != read1)
# ^
diffutils-3.6/src/cmp.c:603:10: note: Left side of '&&' is true
# while (differing <= 0 && read0 == buf_size);
# ^
diffutils-3.6/src/cmp.c:603:28: note: Assuming 'read0' is equal to 'buf_size'
# while (differing <= 0 && read0 == buf_size);
# ^~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:437:3: note: Loop condition is true. Execution
continues on line 439
# do
# ^
diffutils-3.6/src/cmp.c:441:7: note: Taking false branch
# if (remaining != UINTMAX_MAX)
# ^
diffutils-3.6/src/cmp.c:449:11: note: Assuming 'read0' is not equal to SIZE_MAX
# if (read0 == SIZE_MAX)
# ^~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:449:7: note: Taking false branch
# if (read0 == SIZE_MAX)
# ^
diffutils-3.6/src/cmp.c:452:11: note: Assuming 'read1' is not equal to SIZE_MAX
# if (read1 == SIZE_MAX)
# ^~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:452:7: note: Taking false branch
# if (read1 == SIZE_MAX)
# ^
diffutils-3.6/src/cmp.c:458:11: note: Assuming the condition is false
# if (memcmp (buf0, buf1, smaller) == 0)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:458:7: note: Taking false branch
# if (memcmp (buf0, buf1, smaller) == 0)
# ^
diffutils-3.6/src/cmp.c:470:11: note: Assuming 'comparison_type' is not equal
to type_first_diff
# if (comparison_type == type_first_diff && first_diff != 0)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:470:46: note: Left side of '&&' is false
# if (comparison_type == type_first_diff && first_diff != 0)
# ^
diffutils-3.6/src/cmp.c:476:7: note: Taking true branch
# if (first_diff < smaller)
# ^
diffutils-3.6/src/cmp.c:478:4: note: Control jumps to 'case type_all_diffs:'
at line 526
# switch (comparison_type)
# ^
diffutils-3.6/src/cmp.c:531:5: note: Taking true branch
# if (c0 != c1)
# ^
diffutils-3.6/src/cmp.c:535:13: note: Assuming 'opt_print_bytes' is 0
# if (!opt_print_bytes)
# ^~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:535:9: note: Taking true branch
# if (!opt_print_bytes)
# ^
diffutils-3.6/src/cmp.c:538:6: note: 2nd function call argument is an
uninitialized value
# printf ("%*s %3o %3o\n",
# ^
# 536| {
# 537| /* See POSIX for this format. */
# 538|-> printf ("%*s %3o %3o\n",
# 539| offset_width, byte_num, c0, c1);
# 540| }
Error: CLANG_WARNING:
diffutils-3.6/src/cmp.c:547:6: warning: 2nd function call argument is an
uninitialized value
# printf ("%*s %3o %-4s %3o %s\n",
# ^
diffutils-3.6/src/cmp.c:397:3: note: 'offset_width' declared without an initial
value
# int offset_width IF_LINT (= 0);
# ^~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:399:7: note: Assuming 'comparison_type' is not equal to
type_all_diffs
# if (comparison_type == type_all_diffs)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:399:3: note: Taking false branch
# if (comparison_type == type_all_diffs)
# ^
diffutils-3.6/src/cmp.c:415:3: note: Loop condition is true. Entering loop body
# for (f = 0; f < 2; f++)
# ^
diffutils-3.6/src/cmp.c:418:11: note: Assuming 'ig' is 0
# if (ig && file_position (f) == -1)
# ^~
diffutils-3.6/src/cmp.c:418:14: note: Left side of '&&' is false
# if (ig && file_position (f) == -1)
# ^
diffutils-3.6/src/cmp.c:415:3: note: Loop condition is true. Entering loop body
# for (f = 0; f < 2; f++)
# ^
diffutils-3.6/src/cmp.c:418:11: note: Assuming 'ig' is 0
# if (ig && file_position (f) == -1)
# ^~
diffutils-3.6/src/cmp.c:418:14: note: Left side of '&&' is false
# if (ig && file_position (f) == -1)
# ^
diffutils-3.6/src/cmp.c:415:3: note: Loop condition is false. Execution
continues on line 439
# for (f = 0; f < 2; f++)
# ^
diffutils-3.6/src/cmp.c:441:11: note: Assuming 'remaining' is equal to
UINTMAX_MAX
# if (remaining != UINTMAX_MAX)
# ^~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:441:7: note: Taking false branch
# if (remaining != UINTMAX_MAX)
# ^
diffutils-3.6/src/cmp.c:449:11: note: Assuming 'read0' is not equal to SIZE_MAX
# if (read0 == SIZE_MAX)
# ^~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:449:7: note: Taking false branch
# if (read0 == SIZE_MAX)
# ^
diffutils-3.6/src/cmp.c:452:11: note: Assuming 'read1' is not equal to SIZE_MAX
# if (read1 == SIZE_MAX)
# ^~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:452:7: note: Taking false branch
# if (read1 == SIZE_MAX)
# ^
diffutils-3.6/src/cmp.c:458:11: note: Assuming the condition is false
# if (memcmp (buf0, buf1, smaller) == 0)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:458:7: note: Taking false branch
# if (memcmp (buf0, buf1, smaller) == 0)
# ^
diffutils-3.6/src/cmp.c:470:11: note: Assuming 'comparison_type' is not equal
to type_first_diff
# if (comparison_type == type_first_diff && first_diff != 0)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:470:46: note: Left side of '&&' is false
# if (comparison_type == type_first_diff && first_diff != 0)
# ^
diffutils-3.6/src/cmp.c:476:7: note: Taking true branch
# if (first_diff < smaller)
# ^
diffutils-3.6/src/cmp.c:478:4: note: Control jumps to 'case type_all_diffs:'
at line 526
# switch (comparison_type)
# ^
diffutils-3.6/src/cmp.c:531:5: note: Taking false branch
# if (c0 != c1)
# ^
diffutils-3.6/src/cmp.c:554:15: note: Assuming 'first_diff' is >= 'smaller'
# while (first_diff < smaller);
# ^~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:527:8: note: Loop condition is false. Exiting loop
# do
# ^
diffutils-3.6/src/cmp.c:556:8: note: Execution continues on line 564
# break;
# ^
diffutils-3.6/src/cmp.c:564:11: note: Assuming 'read0' is equal to 'read1'
# if (read0 != read1)
# ^~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:564:7: note: Taking false branch
# if (read0 != read1)
# ^
diffutils-3.6/src/cmp.c:603:10: note: Left side of '&&' is true
# while (differing <= 0 && read0 == buf_size);
# ^
diffutils-3.6/src/cmp.c:603:28: note: Assuming 'read0' is equal to 'buf_size'
# while (differing <= 0 && read0 == buf_size);
# ^~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:437:3: note: Loop condition is true. Execution
continues on line 439
# do
# ^
diffutils-3.6/src/cmp.c:441:7: note: Taking false branch
# if (remaining != UINTMAX_MAX)
# ^
diffutils-3.6/src/cmp.c:449:11: note: Assuming 'read0' is not equal to SIZE_MAX
# if (read0 == SIZE_MAX)
# ^~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:449:7: note: Taking false branch
# if (read0 == SIZE_MAX)
# ^
diffutils-3.6/src/cmp.c:452:11: note: Assuming 'read1' is not equal to SIZE_MAX
# if (read1 == SIZE_MAX)
# ^~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:452:7: note: Taking false branch
# if (read1 == SIZE_MAX)
# ^
diffutils-3.6/src/cmp.c:458:11: note: Assuming the condition is false
# if (memcmp (buf0, buf1, smaller) == 0)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:458:7: note: Taking false branch
# if (memcmp (buf0, buf1, smaller) == 0)
# ^
diffutils-3.6/src/cmp.c:470:11: note: Assuming 'comparison_type' is not equal
to type_first_diff
# if (comparison_type == type_first_diff && first_diff != 0)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:470:46: note: Left side of '&&' is false
# if (comparison_type == type_first_diff && first_diff != 0)
# ^
diffutils-3.6/src/cmp.c:476:7: note: Taking true branch
# if (first_diff < smaller)
# ^
diffutils-3.6/src/cmp.c:478:4: note: Control jumps to 'case type_all_diffs:'
at line 526
# switch (comparison_type)
# ^
diffutils-3.6/src/cmp.c:531:5: note: Taking false branch
# if (c0 != c1)
# ^
diffutils-3.6/src/cmp.c:554:15: note: Assuming 'first_diff' is >= 'smaller'
# while (first_diff < smaller);
# ^~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:527:8: note: Loop condition is false. Exiting loop
# do
# ^
diffutils-3.6/src/cmp.c:556:8: note: Execution continues on line 564
# break;
# ^
diffutils-3.6/src/cmp.c:564:11: note: Assuming 'read0' is equal to 'read1'
# if (read0 != read1)
# ^~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:564:7: note: Taking false branch
# if (read0 != read1)
# ^
diffutils-3.6/src/cmp.c:603:10: note: Left side of '&&' is true
# while (differing <= 0 && read0 == buf_size);
# ^
diffutils-3.6/src/cmp.c:603:28: note: Assuming 'read0' is equal to 'buf_size'
# while (differing <= 0 && read0 == buf_size);
# ^~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:437:3: note: Loop condition is true. Execution
continues on line 439
# do
# ^
diffutils-3.6/src/cmp.c:441:7: note: Taking false branch
# if (remaining != UINTMAX_MAX)
# ^
diffutils-3.6/src/cmp.c:449:11: note: Assuming 'read0' is not equal to SIZE_MAX
# if (read0 == SIZE_MAX)
# ^~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:449:7: note: Taking false branch
# if (read0 == SIZE_MAX)
# ^
diffutils-3.6/src/cmp.c:452:11: note: Assuming 'read1' is not equal to SIZE_MAX
# if (read1 == SIZE_MAX)
# ^~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:452:7: note: Taking false branch
# if (read1 == SIZE_MAX)
# ^
diffutils-3.6/src/cmp.c:458:11: note: Assuming the condition is false
# if (memcmp (buf0, buf1, smaller) == 0)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:458:7: note: Taking false branch
# if (memcmp (buf0, buf1, smaller) == 0)
# ^
diffutils-3.6/src/cmp.c:470:11: note: Assuming 'comparison_type' is not equal
to type_first_diff
# if (comparison_type == type_first_diff && first_diff != 0)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:470:46: note: Left side of '&&' is false
# if (comparison_type == type_first_diff && first_diff != 0)
# ^
diffutils-3.6/src/cmp.c:476:7: note: Taking true branch
# if (first_diff < smaller)
# ^
diffutils-3.6/src/cmp.c:478:4: note: Control jumps to 'case type_all_diffs:'
at line 526
# switch (comparison_type)
# ^
diffutils-3.6/src/cmp.c:531:5: note: Taking true branch
# if (c0 != c1)
# ^
diffutils-3.6/src/cmp.c:535:13: note: Assuming 'opt_print_bytes' is not equal
to 0
# if (!opt_print_bytes)
# ^~~~~~~~~~~~~~~~
diffutils-3.6/src/cmp.c:535:9: note: Taking false branch
# if (!opt_print_bytes)
# ^
diffutils-3.6/src/cmp.c:547:6: note: 2nd function call argument is an
uninitialized value
# printf ("%*s %3o %-4s %3o %s\n",
# ^
# 545| sprintc (s0, c0);
# 546| sprintc (s1, c1);
# 547|-> printf ("%*s %3o %-4s %3o %s\n",
# 548| offset_width, byte_num, c0, s0, c1,
s1);
# 549| }
Error: FORWARD_NULL (CWE-476):
diffutils-3.6/src/diff.c:826: var_compare_op: Comparing "regexps" to null
implies that "regexps" might be null.
diffutils-3.6/src/diff.c:846: var_deref_model: Passing null pointer "regexps +
len" to "memcpy", which dereferences it. [Note: The source code implementation
of the function has been overridden by a builtin model.]
# 844| regexps[len++] = '|';
# 845| }
# 846|-> memcpy (regexps + len, pattern, patlen + 1);
# 847| }
# 848| }
Error: RESOURCE_LEAK (CWE-772):
diffutils-3.6/src/diff3.c:783: alloc_fn: Storage is returned from allocation
function "create_diff3_block".
diffutils-3.6/src/diff3.c:909:30: alloc_fn: Storage is returned from allocation
function "xmalloc".
diffutils-3.6/lib/xmalloc.c:41:11: alloc_fn: Storage is returned from
allocation function "malloc".
diffutils-3.6/lib/xmalloc.c:41:11: var_assign: Assigning: "p" = "malloc(n)".
diffutils-3.6/lib/xmalloc.c:44:3: return_alloc: Returning allocated memory "p".
diffutils-3.6/src/diff3.c:909:30: var_assign: Assigning: "result" =
"xmalloc(112UL)".
diffutils-3.6/src/diff3.c:961:3: return_alloc: Returning allocated memory
"result".
diffutils-3.6/src/diff3.c:783: var_assign: Assigning: "result" = storage
returned from "create_diff3_block(low[0], high[0], low[1], high[1], lowc,
highc)".
diffutils-3.6/src/diff3.c:798: leaked_storage: Variable "result" going out of
scope leaks the storage it points to.
# 796| D_LENARRAY (result, FILEC) +
result_offset,
# 797| D_NUMLINES (ptr, FC)))
# 798|-> return 0;
# 799| }
# 800|
Error: RESOURCE_LEAK (CWE-772):
diffutils-3.6/src/diff3.c:783: alloc_fn: Storage is returned from allocation
function "create_diff3_block".
diffutils-3.6/src/diff3.c:909:30: alloc_fn: Storage is returned from allocation
function "xmalloc".
diffutils-3.6/lib/xmalloc.c:41:11: alloc_fn: Storage is returned from
allocation function "malloc".
diffutils-3.6/lib/xmalloc.c:41:11: var_assign: Assigning: "p" = "malloc(n)".
diffutils-3.6/lib/xmalloc.c:44:3: return_alloc: Returning allocated memory "p".
diffutils-3.6/src/diff3.c:909:30: var_assign: Assigning: "result" =
"xmalloc(112UL)".
diffutils-3.6/src/diff3.c:961:3: return_alloc: Returning allocated memory
"result".
diffutils-3.6/src/diff3.c:783: var_assign: Assigning: "result" = storage
returned from "create_diff3_block(low[0], high[0], low[1], high[1], lowc,
highc)".
diffutils-3.6/src/diff3.c:827: leaked_storage: Variable "result" going out of
scope leaks the storage it points to.
# 825| D_LENARRAY (result, FILE0 + d) +
result_offset,
# 826| D_NUMLINES (ptr, FO)))
# 827|-> return 0;
# 828|
# 829| /* Catch the lines between here and the next diff */
Error: COMPILER_WARNING:
diffutils-3.6/src/diff3.c: scope_hint: In function 'process_diff'
diffutils-3.6/src/diff3.c:1091:15: warning: 'bptr' may be used uninitialized in
this function [-Wmaybe-uninitialized]
# *last_block = bptr;
# ~~~~~~~~~~~~^~~~~~
# 1089|
# 1090| *block_list_end = NULL;
# 1091|-> *last_block = bptr;
# 1092| return block_list;
# 1093| }
Error: CLANG_WARNING:
diffutils-3.6/src/diff3.c:1091:15: warning: Assigned value is garbage or
undefined
# *last_block = bptr;
# ^
diffutils-3.6/src/diff3.c:276:10: note: Assuming the condition is false
# while ((c = getopt_long (argc, argv, "aeimvx3AEL:TX", longopts, 0)) != -1)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:276:3: note: Loop condition is false. Execution
continues on line 343
# while ((c = getopt_long (argc, argv, "aeimvx3AEL:TX", longopts, 0)) != -1)
# ^
diffutils-3.6/src/diff3.c:348:7: note: Left side of '||' is false
# if (incompat > 1 /* Ensure at most one of -AeExX3. */
# ^
diffutils-3.6/src/diff3.c:348:7: note: Left side of '||' is false
diffutils-3.6/src/diff3.c:350:21: note: Left side of '&&' is false
# || (tag_count && ! flagging)) /* -L requires one of -AEX. */
# ^
diffutils-3.6/src/diff3.c:353:3: note: Taking false branch
# if (argc - optind != 3)
# ^
diffutils-3.6/src/diff3.c:363:3: note: Loop condition is true. Entering loop
body
# for (i = tag_count; i < 3; i++)
# ^
diffutils-3.6/src/diff3.c:363:3: note: Loop condition is true. Entering loop
body
diffutils-3.6/src/diff3.c:363:3: note: Loop condition is true. Entering loop
body
diffutils-3.6/src/diff3.c:363:3: note: Loop condition is false. Execution
continues on line 382
diffutils-3.6/src/diff3.c:384:3: note: Taking false branch
# if (STREQ (file[common], "-"))
# ^
diffutils-3.6/src/diff3.c:398:3: note: Loop condition is true. Entering loop
body
# for (i = 0; i < 3; i++)
# ^
diffutils-3.6/src/diff3.c:398:3: note: Loop condition is true. Entering loop
body
diffutils-3.6/src/diff3.c:398:3: note: Loop condition is true. Entering loop
body
diffutils-3.6/src/diff3.c:398:3: note: Loop condition is false. Execution
continues on line 401
diffutils-3.6/src/diff3.c:401:3: note: Loop condition is true. Entering loop
body
# for (i = 0; i < 3; i++)
# ^
diffutils-3.6/src/diff3.c:402:5: note: Taking true branch
# if (! STREQ (file[i], "-"))
# ^
diffutils-3.6/src/diff3.c:404:6: note: Assuming the condition is false
# if (stat (file[i], &statb) < 0)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:404:2: note: Taking false branch
# if (stat (file[i], &statb) < 0)
# ^
diffutils-3.6/src/diff3.c:406:7: note: Taking false branch
# else if (S_ISDIR (statb.st_mode))
# ^
diffutils-3.6/src/diff3.c:401:3: note: Loop condition is true. Entering loop
body
# for (i = 0; i < 3; i++)
# ^
diffutils-3.6/src/diff3.c:402:5: note: Taking true branch
# if (! STREQ (file[i], "-"))
# ^
diffutils-3.6/src/diff3.c:404:6: note: Assuming the condition is false
# if (stat (file[i], &statb) < 0)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:404:2: note: Taking false branch
# if (stat (file[i], &statb) < 0)
# ^
diffutils-3.6/src/diff3.c:406:7: note: Taking false branch
# else if (S_ISDIR (statb.st_mode))
# ^
diffutils-3.6/src/diff3.c:401:3: note: Loop condition is true. Entering loop
body
# for (i = 0; i < 3; i++)
# ^
diffutils-3.6/src/diff3.c:402:5: note: Taking true branch
# if (! STREQ (file[i], "-"))
# ^
diffutils-3.6/src/diff3.c:404:6: note: Assuming the condition is false
# if (stat (file[i], &statb) < 0)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:404:2: note: Taking false branch
# if (stat (file[i], &statb) < 0)
# ^
diffutils-3.6/src/diff3.c:406:7: note: Taking false branch
# else if (S_ISDIR (statb.st_mode))
# ^
diffutils-3.6/src/diff3.c:401:3: note: Loop condition is false. Execution
continues on line 412
# for (i = 0; i < 3; i++)
# ^
diffutils-3.6/src/diff3.c:420:13: note: Calling 'process_diff'
# thread1 = process_diff (file[rev_mapping[FILE1]], commonname, &last_block,
&b1);
#
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:999:3: note: 'bptr' declared without an initial value
# struct diff_block *bptr IF_LINT (= NULL);
# ^~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:1008:10: note: Assuming 'scan_diff' is >= 'diff_limit'
# while (scan_diff < diff_limit)
# ^~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:1008:3: note: Loop condition is false. Execution
continues on line 1090
# while (scan_diff < diff_limit)
# ^
diffutils-3.6/src/diff3.c:1091:15: note: Assigned value is garbage or undefined
# *last_block = bptr;
# ^ ~~~~
# 1089|
# 1090| *block_list_end = NULL;
# 1091|-> *last_block = bptr;
# 1092| return block_list;
# 1093| }
Error: CLANG_WARNING:
diffutils-3.6/src/diff3.c:1458:10: warning: Array access results in a null
pointer dereference
# cp = D_RELNUM (ptr, realfile, line);
# ^
diffutils-3.6/src/diff3.c:109:3: note: expanded from macro 'D_RELNUM'
# ((diff)->lines[filenum][linenum])
# ^
diffutils-3.6/src/diff3.c:276:10: note: Assuming the condition is false
# while ((c = getopt_long (argc, argv, "aeimvx3AEL:TX", longopts, 0)) != -1)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:276:3: note: Loop condition is false. Execution
continues on line 343
# while ((c = getopt_long (argc, argv, "aeimvx3AEL:TX", longopts, 0)) != -1)
# ^
diffutils-3.6/src/diff3.c:348:7: note: Left side of '||' is false
# if (incompat > 1 /* Ensure at most one of -AeExX3. */
# ^
diffutils-3.6/src/diff3.c:348:7: note: Left side of '||' is false
diffutils-3.6/src/diff3.c:350:21: note: Left side of '&&' is false
# || (tag_count && ! flagging)) /* -L requires one of -AEX. */
# ^
diffutils-3.6/src/diff3.c:353:3: note: Taking false branch
# if (argc - optind != 3)
# ^
diffutils-3.6/src/diff3.c:363:3: note: Loop condition is true. Entering loop
body
# for (i = tag_count; i < 3; i++)
# ^
diffutils-3.6/src/diff3.c:363:3: note: Loop condition is true. Entering loop
body
diffutils-3.6/src/diff3.c:363:3: note: Loop condition is true. Entering loop
body
diffutils-3.6/src/diff3.c:363:3: note: Loop condition is false. Execution
continues on line 382
diffutils-3.6/src/diff3.c:384:3: note: Taking false branch
# if (STREQ (file[common], "-"))
# ^
diffutils-3.6/src/diff3.c:398:3: note: Loop condition is true. Entering loop
body
# for (i = 0; i < 3; i++)
# ^
diffutils-3.6/src/diff3.c:398:3: note: Loop condition is true. Entering loop
body
diffutils-3.6/src/diff3.c:398:3: note: Loop condition is true. Entering loop
body
diffutils-3.6/src/diff3.c:398:3: note: Loop condition is false. Execution
continues on line 401
diffutils-3.6/src/diff3.c:401:3: note: Loop condition is true. Entering loop
body
# for (i = 0; i < 3; i++)
# ^
diffutils-3.6/src/diff3.c:402:5: note: Taking true branch
# if (! STREQ (file[i], "-"))
# ^
diffutils-3.6/src/diff3.c:404:6: note: Assuming the condition is false
# if (stat (file[i], &statb) < 0)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:404:2: note: Taking false branch
# if (stat (file[i], &statb) < 0)
# ^
diffutils-3.6/src/diff3.c:406:7: note: Taking false branch
# else if (S_ISDIR (statb.st_mode))
# ^
diffutils-3.6/src/diff3.c:401:3: note: Loop condition is true. Entering loop
body
# for (i = 0; i < 3; i++)
# ^
diffutils-3.6/src/diff3.c:402:5: note: Taking true branch
# if (! STREQ (file[i], "-"))
# ^
diffutils-3.6/src/diff3.c:404:6: note: Assuming the condition is false
# if (stat (file[i], &statb) < 0)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:404:2: note: Taking false branch
# if (stat (file[i], &statb) < 0)
# ^
diffutils-3.6/src/diff3.c:406:7: note: Taking false branch
# else if (S_ISDIR (statb.st_mode))
# ^
diffutils-3.6/src/diff3.c:401:3: note: Loop condition is true. Entering loop
body
# for (i = 0; i < 3; i++)
# ^
diffutils-3.6/src/diff3.c:402:5: note: Taking true branch
# if (! STREQ (file[i], "-"))
# ^
diffutils-3.6/src/diff3.c:404:6: note: Assuming the condition is false
# if (stat (file[i], &statb) < 0)
# ^~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:404:2: note: Taking false branch
# if (stat (file[i], &statb) < 0)
# ^
diffutils-3.6/src/diff3.c:406:7: note: Taking false branch
# else if (S_ISDIR (statb.st_mode))
# ^
diffutils-3.6/src/diff3.c:401:3: note: Loop condition is false. Execution
continues on line 412
# for (i = 0; i < 3; i++)
# ^
diffutils-3.6/src/diff3.c:426:11: note: Calling 'make_3way_diff'
# diff3 = make_3way_diff (thread0, thread1);
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:647:10: note: Assuming the condition is false
# while (current[0] || current[1])
# ^~~~~~~~~~
diffutils-3.6/src/diff3.c:647:10: note: Left side of '||' is false
diffutils-3.6/src/diff3.c:647:3: note: Loop condition is true. Entering loop
body
# while (current[0] || current[1])
# ^
diffutils-3.6/src/diff3.c:652:7: note: Taking true branch
# if (!current[0])
# ^
diffutils-3.6/src/diff3.c:680:7: note: Left side of '&&' is false
# && D_LOWLINE (other_diff, FC) <= high_water_mark + 1)
# ^
diffutils-3.6/src/diff3.c:717:18: note: Calling 'using_to_diff3_block'
# tmpblock = using_to_diff3_block (using, last_using,
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:770:3: note: Loop condition is true. Entering loop
body
# for (d = 0; d < 2; d++)
# ^
diffutils-3.6/src/diff3.c:771:5: note: Taking false branch
# if (using[d])
# ^
diffutils-3.6/src/diff3.c:770:3: note: Loop condition is true. Entering loop
body
# for (d = 0; d < 2; d++)
# ^
diffutils-3.6/src/diff3.c:771:5: note: Taking true branch
# if (using[d])
# ^
diffutils-3.6/src/diff3.c:770:3: note: Loop condition is false. Execution
continues on line 783
# for (d = 0; d < 2; d++)
# ^
diffutils-3.6/src/diff3.c:783:12: note: Calling 'create_diff3_block'
# result = create_diff3_block (low[0], high[0], low[1], high[1], lowc, highc);
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:912:3: note: Assuming pointer value is null
# D3_TYPE (result) = ERROR;
# ^~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:123:23: note: expanded from macro 'D3_TYPE'
##define D3_TYPE(diff) ((diff)->correspond)
# ^
diffutils-3.6/src/diff3.c:925:7: note: Assuming 'numlines' is 0
# if (numlines)
# ^~~~~~~~
diffutils-3.6/src/diff3.c:925:3: note: Taking false branch
# if (numlines)
# ^
diffutils-3.6/src/diff3.c:937:7: note: Assuming 'numlines' is 0
# if (numlines)
# ^~~~~~~~
diffutils-3.6/src/diff3.c:937:3: note: Taking false branch
# if (numlines)
# ^
diffutils-3.6/src/diff3.c:949:7: note: Assuming 'numlines' is 0
# if (numlines)
# ^~~~~~~~
diffutils-3.6/src/diff3.c:949:3: note: Taking false branch
# if (numlines)
# ^
diffutils-3.6/src/diff3.c:783:12: note: Returning from 'create_diff3_block'
# result = create_diff3_block (low[0], high[0], low[1], high[1], lowc, highc);
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:788:3: note: Loop condition is true. Entering loop
body
# for (d = 0; d < 2; d++)
# ^
diffutils-3.6/src/diff3.c:789:5: note: Loop condition is false. Execution
continues on line 788
# for (ptr = using[d]; ptr; ptr = D_NEXT (ptr))
# ^
diffutils-3.6/src/diff3.c:788:3: note: Loop condition is true. Entering loop
body
# for (d = 0; d < 2; d++)
# ^
diffutils-3.6/src/diff3.c:789:5: note: Loop condition is true. Entering loop
body
# for (ptr = using[d]; ptr; ptr = D_NEXT (ptr))
# ^
diffutils-3.6/src/diff3.c:793:2: note: Taking false branch
# if (!copy_stringlist (D_LINEARRAY (ptr, FC),
# ^
diffutils-3.6/src/diff3.c:789:5: note: Loop condition is false. Execution
continues on line 788
# for (ptr = using[d]; ptr; ptr = D_NEXT (ptr))
# ^
diffutils-3.6/src/diff3.c:788:3: note: Loop condition is false. Execution
continues on line 804
# for (d = 0; d < 2; d++)
# ^
diffutils-3.6/src/diff3.c:804:3: note: Loop condition is true. Entering loop
body
# for (d = 0; d < 2; d++)
# ^
diffutils-3.6/src/diff3.c:810:15: note: '?' condition is false
# i + lo < (u ? D_LOWLINE (u, FO) : hi + 1);
# ^
diffutils-3.6/src/diff3.c:809:7: note: Loop condition is false. Execution
continues on line 817
# for (i = 0;
# ^
diffutils-3.6/src/diff3.c:817:7: note: Loop condition is false. Execution
continues on line 804
# for (ptr = u; ptr; ptr = D_NEXT (ptr))
# ^
diffutils-3.6/src/diff3.c:804:3: note: Loop condition is true. Entering loop
body
# for (d = 0; d < 2; d++)
# ^
diffutils-3.6/src/diff3.c:810:15: note: '?' condition is true
# i + lo < (u ? D_LOWLINE (u, FO) : hi + 1);
# ^
diffutils-3.6/src/diff3.c:809:7: note: Loop condition is false. Execution
continues on line 817
# for (i = 0;
# ^
diffutils-3.6/src/diff3.c:817:7: note: Loop condition is true. Entering loop
body
# for (ptr = u; ptr; ptr = D_NEXT (ptr))
# ^
diffutils-3.6/src/diff3.c:822:4: note: Taking false branch
# if (!copy_stringlist (D_LINEARRAY (ptr, FO),
# ^
diffutils-3.6/src/diff3.c:831:4: note: Loop condition is false. Execution
continues on line 817
# for (i = D_HIGHLINE (ptr, FO) + 1 - lo;
# ^
diffutils-3.6/src/diff3.c:817:7: note: Loop condition is false. Execution
continues on line 804
# for (ptr = u; ptr; ptr = D_NEXT (ptr))
# ^
diffutils-3.6/src/diff3.c:804:3: note: Loop condition is false. Execution
continues on line 843
# for (d = 0; d < 2; d++)
# ^
diffutils-3.6/src/diff3.c:843:3: note: Taking true branch
# if (!using[0])
# ^
diffutils-3.6/src/diff3.c:717:18: note: Returning from 'using_to_diff3_block'
# tmpblock = using_to_diff3_block (using, last_using,
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:721:7: note: Taking false branch
# if (!tmpblock)
# ^
diffutils-3.6/src/diff3.c:647:10: note: Left side of '||' is false
# while (current[0] || current[1])
# ^
diffutils-3.6/src/diff3.c:647:3: note: Loop condition is false. Execution
continues on line 731
# while (current[0] || current[1])
# ^
diffutils-3.6/src/diff3.c:426:11: note: Returning from 'make_3way_diff'
# diff3 = make_3way_diff (thread0, thread1);
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:431:7: note: Assuming 'edscript' is 0
# if (edscript)
# ^~~~~~~~
diffutils-3.6/src/diff3.c:431:3: note: Taking false branch
# if (edscript)
# ^
diffutils-3.6/src/diff3.c:435:12: note: Assuming 'merge' is 0
# else if (merge)
# ^~~~~
diffutils-3.6/src/diff3.c:435:8: note: Taking false branch
# else if (merge)
# ^
diffutils-3.6/src/diff3.c:446:7: note: Calling 'output_diff3'
# output_diff3 (stdout, diff3, mapping, rev_mapping);
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:1399:29: note: Assuming 'initial_tab' is 0
# char const *line_prefix = initial_tab ? "\t" : " ";
# ^~~~~~~~~~~
diffutils-3.6/src/diff3.c:1399:29: note: '?' condition is false
diffutils-3.6/src/diff3.c:1401:8: note: Value assigned to 'ptr'
# for (ptr = diff; ptr; ptr = D_NEXT (ptr))
# ^~~~~~~~~~
diffutils-3.6/src/diff3.c:1401:3: note: Loop condition is true. Entering loop
body
# for (ptr = diff; ptr; ptr = D_NEXT (ptr))
# ^
diffutils-3.6/src/diff3.c:1405:7: note: Control jumps to 'case DIFF_2ND:' at
line 1413
# switch (ptr->correspond)
# ^
diffutils-3.6/src/diff3.c:1419:16: note: Assuming 'oddoneout' is equal to 0
# dontprint = oddoneout == 0;
# ^~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:1420:4: note: Execution continues on line 1424
# break;
# ^
diffutils-3.6/src/diff3.c:1427:7: note: Loop condition is true. Entering loop
body
# for (i = 0; i < 3;
# ^
diffutils-3.6/src/diff3.c:1437:4: note: Control jumps to 'case 0:' at line 1442
# switch (lowt - hight)
# ^
diffutils-3.6/src/diff3.c:1444:8: note: Execution continues on line 1450
# break;
# ^
diffutils-3.6/src/diff3.c:1450:4: note: Taking false branch
# if (i == dontprint) continue;
# ^
diffutils-3.6/src/diff3.c:1452:4: note: Taking true branch
# if (lowt <= hight)
# ^
diffutils-3.6/src/diff3.c:1458:10: note: Array access results in a null pointer
dereference
# cp = D_RELNUM (ptr, realfile, line);
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diffutils-3.6/src/diff3.c:109:3: note: expanded from macro 'D_RELNUM'
# ((diff)->lines[filenum][linenum])
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1456| {
# 1457| fputs (line_prefix, outputfile);
# 1458|-> cp = D_RELNUM (ptr, realfile, line);
# 1459| length = D_RELLEN (ptr, realfile, line);
# 1460| fwrite (cp, sizeof (char), length, outputfile);
Error: DEADCODE (CWE-561):
diffutils-3.6/src/ifdef.c:318: cond_at_least: Condition "(unsigned int)c - 48U
<= 9U", taking false branch. Now the value of "c" is at least 58.
diffutils-3.6/src/ifdef.c:320: at_least: At condition "c == '.'", the value of
"c" must be at least 58.
diffutils-3.6/src/ifdef.c:320: dead_error_condition: The condition "c == '.'"
cannot be true.
diffutils-3.6/src/ifdef.c:321: dead_error_line: Execution cannot reach this
statement: "while ((unsigned int)(c = *...".
# 319| c = *f++;
# 320| if (c == '.')
# 321|-> while (ISDIGIT (c = *f++))
# 322| continue;
# 323| c1 = *f++;
Error: RESOURCE_LEAK (CWE-772):
diffutils-3.6/src/ifdef.c:368: alloc_fn: Storage is returned from allocation
function "xmalloc".
diffutils-3.6/lib/xmalloc.c:41:11: alloc_fn: Storage is returned from
allocation function "malloc".
diffutils-3.6/lib/xmalloc.c:41:11: var_assign: Assigning: "p" = "malloc(n)".
diffutils-3.6/lib/xmalloc.c:44:3: return_alloc: Returning allocated memory "p".
diffutils-3.6/src/ifdef.c:368: var_assign: Assigning: "format" = storage
returned from "xmalloc(spec_prefix_len + pI_len + 2UL)".
diffutils-3.6/src/ifdef.c:370: var_assign: Assigning: "p" = "format".
diffutils-3.6/src/ifdef.c:371: noescape: Resource "format" is not freed or
pointed-to in "memcpy". [Note: The source code implementation of the function
has been overridden by a builtin model.]
diffutils-3.6/src/ifdef.c:372: noescape: Resource "format + spec_prefix_len" is
not freed or pointed-to in "memcpy". [Note: The source code implementation of
the function has been overridden by a builtin model.]
diffutils-3.6/src/ifdef.c:375: noescape: Resource "format" is not freed or
pointed-to in "fprintf". [Note: The source code implementation of the function
has been overridden by a builtin model.]
diffutils-3.6/src/ifdef.c:379: leaked_storage: Variable "p" going out of scope
leaks the storage it points to.
diffutils-3.6/src/ifdef.c:379: leaked_storage: Variable "format" going out of
scope leaks the storage it points to.
# 377| free (format);
# 378| #endif
# 379|-> }
# 380| }
# 381| break;
Error: COMPILER_WARNING:
diffutils-3.6/src/sdiff.c: scope_hint: In function 'edit'
diffutils-3.6/src/sdiff.c:868:11: warning: 'cmd1' may be used uninitialized in
this function [-Wmaybe-uninitialized]
# int cmd1 IF_LINT (= 0);
# ^~~~
# 866| {
# 867| int cmd0 IF_LINT (= 0);
# 868|-> int cmd1 IF_LINT (= 0);
# 869| bool gotcmd = false;
# 870|
Error: UNINIT (CWE-457):
diffutils-3.6/src/sdiff.c:868: var_decl: Declaring variable "cmd1" without
initializer.
diffutils-3.6/src/sdiff.c:965: uninit_use: Using uninitialized value "cmd1".
# 963| perror_fatal (tmpname);
# 964|
# 965|-> switch (cmd1)
# 966| {
# 967| case 'd':
Error: SECURE_TEMP (CWE-377):
diffutils-3.6/src/sdiff.c:1169: secure_temp: Calling "mkstemp" without securely
setting umask first.
# 1167| int fd;
# 1168| sprintf (buf, "%s/sdiffXXXXXX", dir);
# 1169|-> fd = mkstemp (buf);
# 1170| if (0 <= fd)
# 1171| tmpname = buf;
Error: RESOURCE_LEAK (CWE-772):
diffutils-3.6/src/sdiff.c:1166: alloc_fn: Storage is returned from allocation
function "xmalloc".
diffutils-3.6/lib/xmalloc.c:41:11: alloc_fn: Storage is returned from
allocation function "malloc".
diffutils-3.6/lib/xmalloc.c:41:11: var_assign: Assigning: "p" = "malloc(n)".
diffutils-3.6/lib/xmalloc.c:44:3: return_alloc: Returning allocated memory "p".
diffutils-3.6/src/sdiff.c:1166: var_assign: Assigning: "buf" = storage returned
from "xmalloc(strlen(dir) + 1UL + 5UL + 6UL + 1UL)".
diffutils-3.6/src/sdiff.c:1168: noescape: Resource "buf" is not freed or
pointed-to in "sprintf". [Note: The source code implementation of the function
has been overridden by a builtin model.]
diffutils-3.6/src/sdiff.c:1169: noescape: Resource "buf" is not freed or
pointed-to in "mkstemp".
diffutils-3.6/src/sdiff.c:1172: leaked_storage: Variable "buf" going out of
scope leaks the storage it points to.
# 1170| if (0 <= fd)
# 1171| tmpname = buf;
# 1172|-> return fd;
# 1173| }
Error: RESOURCE_LEAK (CWE-772):
diffutils-3.6/src/util.c:594: alloc_fn: Storage is returned from allocation
function "xstrdup".
diffutils-3.6/lib/xmalloc.c:121:3: alloc_fn: Storage is returned from
allocation function "xmemdup".
diffutils-3.6/lib/xmalloc.c:113:3: alloc_fn: Storage is returned from
allocation function "xmalloc".
diffutils-3.6/lib/xmalloc.c:41:11: alloc_fn: Storage is returned from
allocation function "malloc".
diffutils-3.6/lib/xmalloc.c:41:11: var_assign: Assigning: "p" = "malloc(n)".
diffutils-3.6/lib/xmalloc.c:44:3: return_alloc: Returning allocated memory "p".
diffutils-3.6/lib/xmalloc.c:113:3: identity_transfer: Passing "xmalloc(s)" as
argument 1 to function "memcpy", which returns that argument. [Note: The source
code implementation of the function has been overridden by a builtin model.]
diffutils-3.6/lib/xmalloc.c:113:3: return_alloc_fn: Directly returning storage
allocated by "memcpy".
diffutils-3.6/lib/xmalloc.c:121:3: return_alloc_fn: Directly returning storage
allocated by "xmemdup".
diffutils-3.6/src/util.c:594: var_assign: Assigning: "color_buf" = storage
returned from "xstrdup(p)".
diffutils-3.6/src/util.c:594: var_assign: Assigning: "buf" = "color_buf".
diffutils-3.6/src/util.c:702: leaked_storage: Variable "buf" going out of scope
leaks the storage it points to.
diffutils-3.6/src/util.c:702: leaked_storage: Variable "color_buf" going out of
scope leaks the storage it points to.
# 700| colors_enabled = false;
# 701| }
# 702|-> }
# 703|
# 704| static void
