Yo All! I am getting new warnings when I compile NTPsec. See below
gcc version:
armv7a-unknown-linux-gnueabihf-10.3.0
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord Kelvin
[...]
[195/312] Compiling libntp/authreadkeys.c
../../libntp/authkeys.c: In function ‘alloc_auth_info’:
../../libntp/authkeys.c:295:16: warning: dereference of NULL ‘auth’ [CWE-690]
[-Wanalyzer-null-dereference]
295 | auth->cipher = NULL;
| ^
‘auth_setkey’: events 1-2
|
| 419 | auth_setkey(
| | ^~~~~~~~~~~
| | |
| | (1) entry to ‘auth_setkey’
|......
| 476 | alloc_auth_info(bucket, keyno, type, name, 0,
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling ‘alloc_auth_info’ from ‘auth_setkey’
| 477 | (unsigned short)key_size, newkey);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
+--> ‘alloc_auth_info’: events 3-4
|
| 270 | alloc_auth_info(
| | ^~~~~~~~~~~~~~~
| | |
| | (3) entry to ‘alloc_auth_info’
|......
| 282 | if (authnumfreekeys < 1) {
| | ~
| | |
| | (4) following ‘false’ branch...
|
‘alloc_auth_info’: event 5
|
|../../include/ntp_lists.h:171:1:
| 171 | do { \
| | ^~
| | |
| | (5) ...to here
../../libntp/authkeys.c:285:2: note: in expansion of macro ‘UNLINK_HEAD_SLIST’
| 285 | UNLINK_HEAD_SLIST(auth, authfreekeys, llink.f);
| | ^~~~~~~~~~~~~~~~~
|
‘alloc_auth_info’: event 6
|
|../../include/ntp_lists.h:173:5:
| 173 | if (NULL != (punlinked)) { \
| | ^
| | |
| | (6) following ‘false’ branch (when ‘auth’ is NULL)...
../../libntp/authkeys.c:285:2: note: in expansion of macro ‘UNLINK_HEAD_SLIST’
| 285 | UNLINK_HEAD_SLIST(auth, authfreekeys, llink.f);
| | ^~~~~~~~~~~~~~~~~
|
‘alloc_auth_info’: event 7
|
|../../include/ntp_lists.h:177:9:
| 177 | } while (false)
| | ^
| | |
| | (7) ...to here
../../libntp/authkeys.c:285:2: note: in expansion of macro ‘UNLINK_HEAD_SLIST’
| 285 | UNLINK_HEAD_SLIST(auth, authfreekeys, llink.f);
| | ^~~~~~~~~~~~~~~~~
|
‘alloc_auth_info’: events 8-10
|
| 292 | switch (type) {
| | ^~~~~~
| | |
| | (8) following ‘case 0:’ branch...
| 293 | case AUTH_NONE:
| | ~~~~
| | |
| | (9) ...to here
| | (10) ‘auth’ is NULL
|
‘alloc_auth_info’: event 11
|
| 295 | auth->cipher = NULL;
| | ^
| | |
| | (11) dereference of NULL ‘auth’
|
In file included from ../../include/ntp.h:14,
from ../../libntp/authkeys.c:10:
../../include/ntp_lists.h:130:21: warning: dereference of NULL ‘auth’ [CWE-690]
[-Wanalyzer-null-dereference]
130 | (pentry)->nextlink = (listhead); \
| ~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~
../../libntp/authkeys.c:309:2: note: in expansion of macro ‘LINK_SLIST’
309 | LINK_SLIST(*bucket, auth, hlink);
| ^~~~~~~~~~
‘auth_setkey’: events 1-2
|
| 419 | auth_setkey(
| | ^~~~~~~~~~~
| | |
| | (1) entry to ‘auth_setkey’
|......
| 476 | alloc_auth_info(bucket, keyno, type, name, 0,
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling ‘alloc_auth_info’ from ‘auth_setkey’
| 477 | (unsigned short)key_size, newkey);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
+--> ‘alloc_auth_info’: events 3-4
|
| 270 | alloc_auth_info(
| | ^~~~~~~~~~~~~~~
| | |
| | (3) entry to ‘alloc_auth_info’
|......
| 282 | if (authnumfreekeys < 1) {
| | ~
| | |
| | (4) following ‘false’ branch...
|
‘alloc_auth_info’: event 5
|
|../../include/ntp_lists.h:171:1:
| 171 | do { \
| | ^~
| | |
| | (5) ...to here
../../libntp/authkeys.c:285:2: note: in expansion of macro ‘UNLINK_HEAD_SLIST’
| 285 | UNLINK_HEAD_SLIST(auth, authfreekeys, llink.f);
| | ^~~~~~~~~~~~~~~~~
|
‘alloc_auth_info’: event 6
|
|../../include/ntp_lists.h:173:5:
| 173 | if (NULL != (punlinked)) { \
| | ^
| | |
| | (6) following ‘false’ branch (when ‘auth’ is NULL)...
../../libntp/authkeys.c:285:2: note: in expansion of macro ‘UNLINK_HEAD_SLIST’
| 285 | UNLINK_HEAD_SLIST(auth, authfreekeys, llink.f);
| | ^~~~~~~~~~~~~~~~~
|
‘alloc_auth_info’: event 7
|
|../../include/ntp_lists.h:177:9:
| 177 | } while (false)
| | ^
| | |
| | (7) ...to here
../../libntp/authkeys.c:285:2: note: in expansion of macro ‘UNLINK_HEAD_SLIST’
| 285 | UNLINK_HEAD_SLIST(auth, authfreekeys, llink.f);
| | ^~~~~~~~~~~~~~~~~
|
‘alloc_auth_info’: events 8-10
|
| 292 | switch (type) {
| | ^~~~~~
| | |
| | (8) following ‘case 2:’ branch...
|......
| 297 | case AUTH_DIGEST:
| | ~~~~
| | |
| | (9) ...to here
| | (10) ‘auth’ is NULL
|
‘alloc_auth_info’: event 11
|
|../../include/ntp_lists.h:130:21:
| 130 | (pentry)->nextlink = (listhead); \
| | ~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~
| | |
| | (11) dereference of NULL ‘auth’
../../libntp/authkeys.c:309:2: note: in expansion of macro ‘LINK_SLIST’
| 309 | LINK_SLIST(*bucket, auth, hlink);
| | ^~~~~~~~~~
|
[196/312] Compiling libntp/prettydate.c
[...]
[230/312] Compiling ntpd/ntp_control.c
../../ntpd/ntp_monitor.c: In function ‘mon_get_oldest_age’:
../../ntpd/ntp_monitor.c:295:18: warning: dereference of NULL ‘<unknown>’
[CWE-690] [-Wanalyzer-null-dereference]
295 | now -= oldest->last;
| ~~~~~~^~~~~~
‘mon_get_oldest_age’: events 1-2
|
| 292 | if (mon_data.mru_entries == 0)
| | ^
| | |
| | (1) following ‘false’ branch...
| 293 | return 0;
| 294 | oldest = TAIL_DLIST(mon_data.mon_mru_list, mru);
| | ~~~~~~
| | |
| | (2) ...to here
|
‘mon_get_oldest_age’: event 3
|
|../../include/ntp_lists.h:377:7:
| 374 | ( \
| | ~~~~~~~~~
| 375 | (&(listhead) != (listhead).link.b) \
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| 376 | ? (listhead).link.b \
| | ~~~~~~~~~~~~~~~~~~~~~~~~
| 377 | : NULL \
| | ^~~~~~~~~~~~
| | |
| | (3) following ‘false’ branch...
| 378 | )
| | ~
../../ntpd/ntp_monitor.c:294:14: note: in expansion of macro ‘TAIL_DLIST’
| 294 | oldest = TAIL_DLIST(mon_data.mon_mru_list, mru);
| | ^~~~~~~~~~
|
‘mon_get_oldest_age’: events 4-5
|
| 294 | oldest = TAIL_DLIST(mon_data.mon_mru_list, mru);
| 295 | now -= oldest->last;
| | ~~~~~~~~~~~~
| | |
| | (5) dereference of NULL ‘<unknown>’
|
[231/312] Compiling ntpd/ntp_recvbuff.c
[232/312] Compiling ntpd/ntp_filegen.c
[233/312] Compiling libntp/statestr.c
In function ‘leapsec_validate’:
../../ntpd/ntp_leapsec.c:962:5: warning: leak of FILE ‘farg’ [CWE-775]
[-Wanalyzer-file-leak]
962 | if (0 > hlseen) {
| ^
‘leapsec_load_file’: events 1-12
|
| 450 | leapsec_load_file(
| | ^~~~~~~~~~~~~~~~~
| | |
| | (1) entry to ‘leapsec_load_file’
|......
| 461 | if ( !(fname && *fname) )
| | ~ ~~~~~~~~~~~~~~~~~~
| | | | |
| | | | (3) ...to here
| | | (4) following ‘false’ branch...
| | (2) following ‘false’ branch (when ‘fname’ is non-NULL)...
|......
| 466 | if (0 != stat(fname, &sb_new)) {
| | ~~ ~
| | | |
| | | (6) following ‘false’ branch...
| | (5) ...to here
|......
| 474 | if (NULL != sb_old) {
| | ~~
| | |
| | (7) ...to here
|......
| 500 | if ((fp = fopen(fname, "r")) == NULL) {
| | ~~ ~
| | | |
| | | (9) assuming ‘fp’ is non-NULL
| | | (10) following ‘false’ branch (when ‘fp’ is non-NULL)...
| | (8) opened here
|......
| 508 | rc = leapsec_load_stream(fp, fname, logall);
| | ~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (12) calling ‘leapsec_load_stream’ from ‘leapsec_load_file’
| | (11) ...to here
|
+--> ‘leapsec_load_stream’: events 13-16
|
| 374 | leapsec_load_stream(
| | ^~~~~~~~~~~~~~~~~~~
| | |
| | (13) entry to ‘leapsec_load_stream’
|......
| 382 | if (NULL == fname) {
| | ~
| | |
| | (14) following ‘false’ branch (when ‘fname’ is
non-NULL)...
|......
| 386 | rcheck = leapsec_validate((leapsec_reader)getc, ifp);
| | ~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (16) calling ‘leapsec_validate’ from
‘leapsec_load_stream’
| | (15) ...to here
|
+--> ‘leapsec_validate’: events 17-18
|
| 937 | leapsec_validate(
| | ^~~~~~~~~~~~~~~~
| | |
| | (17) entry to ‘leapsec_validate’
|......
| 948 | while (get_line(func, farg, line, sizeof(line))) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (18) calling ‘get_line’ from
‘leapsec_validate’
|
+--> ‘get_line’: events 19-20
|
| 649 | get_line(
| | ^~~~~~~~
| | |
| | (19) entry to ‘get_line’
|......
| 659 | if (buff == NULL || size == 0) {
| | ~
| | |
| | (20) following ‘false’ branch...
|
‘get_line’: event 21
|
|cc1:
| (21): ...to here
|
‘get_line’: events 22-24
|
| 671 | while (ptr != buff &&
isspace((uint8_t)ptr[-1])) {
| | ^
| | |
| | (22) following ‘false’ branch (when
‘ptr == buff’)...
|......
| 674 | *ptr = '\0';
| | ~
| | |
| | (23) ...to here
| 675 | return (ptr == buff && ch == EOF) ? NULL :
buff;
| |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| |
(24) following ‘false’ branch...
|
‘get_line’: event 25
|
|cc1:
| (25): ...to here
|
<------+
|
‘leapsec_validate’: events 26-29
|
| 948 | while (get_line(func, farg, line, sizeof(line))) {
| | ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(26) returning to ‘leapsec_validate’ from
‘get_line’
| | (27) following ‘false’ branch...
|......
| 959 | EVP_DigestFinal_ex(mdctx, ldig.hv, NULL);
| | ~~~~~~~~~~~~~~~~~~
| | |
| | (28) ...to here
|......
| 962 | if (0 > hlseen) {
| | ~
| | |
| | (29) following ‘true’ branch (when ‘hlseen <
0’)...
|
‘leapsec_validate’: event 30
|
|cc1:
| (30): ...to here
|
‘leapsec_validate’: event 31
|
| 962 | if (0 > hlseen) {
| | ^
| | |
| | (31) ‘farg’ leaks here; was opened at (8)
|
[234/312] Compiling libntp/msyslog.c
[235/312] Compiling libntp/hextolfp.c
[236/312] Compiling libntp/timespecops.c
[237/312] Compiling libntp/prettydate.c
[238/312] Compiling libntp/ntp_calendar.c
[239/312] Compiling libntp/lib_strbuf.c
[240/312] Linking build/main/ntpd/libntpd_lib.a
[241/312] Compiling libntp/ntp_random.c
[242/312] Compiling libntp/assert.c
[243/312] Compiling libntp/ntp_c.c
[244/312] Compiling libntp/pymodule-mac.c
[245/312] Compiling libntp/clockwork.c
[246/312] Compiling libntp/emalloc.c
[247/312] Compiling libntp/strl_obsd.c
[248/312] Compiling libntp/systime.c
[249/312] Compiling ntpd/refclock_conf.c
[250/312] Compiling ntpd/ntp_wrapdate.c
[251/312] Compiling ntpd/ntp_refclock.c
[252/312] Compiling ntpd/refclock_local.c
[253/312] Compiling ntpd/refclock_spectracom.c
[254/312] Compiling ntpd/refclock_truetime.c
[255/312] Linking build/main/pylib/libntpc.so
[256/312] Compiling ntpd/refclock_generic.c
[257/312] Compiling ntpd/refclock_arbiter.c
[258/312] Compiling ntpd/refclock_modem.c
[259/312] Compiling ntpd/refclock_nmea.c
[260/312] Compiling ntpd/refclock_pps.c
[261/312] Compiling ntpd/refclock_hpgps.c
[262/312] Compiling ntpd/refclock_shm.c
[263/312] Compiling ntpd/refclock_trimble.c
[264/312] Compiling ntpd/refclock_oncore.c
[265/312] Compiling ntpd/refclock_jjy.c
[266/312] Compiling ntpd/refclock_zyfer.c
[267/312] Compiling ntpd/refclock_gpsd.c
[268/312] Compiling build/host/ntpd/ntp_parser.tab.c
[269/312] Compiling ntpd/ntp_timer.c
[270/312] Compiling ntpd/ntp_packetstamp.c
[271/312] Compiling ntpd/ntp_proto.c
[272/312] Compiling ntpd/ntp_config.c
[273/312] Compiling ntpd/ntp_io.c
[274/312] Compiling ntpd/ntp_sandbox.c
[275/312] Compiling ntpd/ntp_dns.c
[276/312] Compiling ntpd/ntp_scanner.c
../../ntpd/ntp_scanner.c: In function ‘lex_push_file’:
../../ntpd/ntp_scanner.c:434:4: warning: use of possibly-NULL ‘baselist’ where
non-null expected [CWE-690] [-Wanalyzer-possible-null-argument]
434 | qsort(baselist, (size_t)basecount, sizeof(char *),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
435 | rcmpstring);
| ~~~~~~~~~~~
‘lex_push_file’: events 1-4
|
| 401 | bool lex_push_file(
| | ^~~~~~~~~~~~~
| | |
| | (1) entry to ‘lex_push_file’
|......
| 407 | if (NULL != path) {
| | ~
| | |
| | (2) following ‘true’ branch (when ‘path’ is non-NULL)...
| 408 | char fullpath[PATH_MAX];
| | ~~~~
| | |
| | (3) ...to here
|......
| 415 | if (is_directory(fullpath)) {
| | ~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) calling ‘is_directory’ from ‘lex_push_file’
|
+--> ‘is_directory’: event 5
|
| 364 | bool is_directory(const char *path) {
| | ^~~~~~~~~~~~
| | |
| | (5) entry to ‘is_directory’
|
‘is_directory’: event 6
|
| 366 | return stat(path, &sb) == 0 && S_ISDIR(sb.st_mode);
| | ^
| | |
| | (6) following ‘true’ branch...
|
‘is_directory’: event 7
|
| 366 | return stat(path, &sb) == 0 && S_ISDIR(sb.st_mode);
| | ^
| | |
| | (7) ...to here
|
‘is_directory’: event 8
|
| 366 | return stat(path, &sb) == 0 && S_ISDIR(sb.st_mode);
| | ^
| | |
| | (8) following ‘true’ branch...
|
‘is_directory’: event 9
|
|
<------+
|
‘lex_push_file’: events 10-18
|
| 415 | if (is_directory(fullpath)) {
| | ~^~~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(10) returning to ‘lex_push_file’ from ‘is_directory’
| | (11) following ‘true’ branch...
| 416 | /* directory scanning */
| 417 | DIR *dfd;
| | ~~~
| | |
| | (12) ...to here
|......
| 421 | if ((dfd = opendir(fullpath)) == NULL)
| | ~
| | |
| | (13) following ‘false’ branch (when ‘dfd’ is non-NULL)...
| 422 | return false;
| 423 | baselist = (char **)malloc(sizeof(char *));
| | ~~~~~~~~
| | |
| | (14) ...to here
| | (15) this call could return NULL
| 424 | while ((dp = readdir(dfd)) != NULL)
| | ~
| | |
| | (16) following ‘false’ branch (when ‘dp’ is NULL)...
|......
| 433 | closedir(dfd);
| | ~~~~~~~~
| | |
| | (17) ...to here
| 434 | qsort(baselist, (size_t)basecount, sizeof(char *),
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (18) argument 1 (‘baselist’) from (15) could be NULL where
non-null expected
| 435 | rcmpstring);
| | ~~~~~~~~~~~
|
In file included from ../../ntpd/ntp_scanner.c:18:
/usr/include/stdlib.h:830:13: note: argument 1 of ‘qsort’ must be non-null
830 | extern void qsort (void *__base, size_t __nmemb, size_t __size,
| ^~~~~
[277/312] Compiling ntpd/ntp_peer.c
[...]
[318/475] Compiling tests/common/tests_main.c
In function ‘unity_malloc’:
../../tests/unity/unity_memory.c:104:5: warning: leak of ‘guard’ [CWE-401]
[-Wanalyzer-malloc-leak]
104 | return (void*)mem;
| ^~~~~~
‘unity_malloc’: events 1-7
|
| 82 | if (size == 0) return NULL;
| | ^
| | |
| | (1) following ‘false’ branch (when ‘size != 0’)...
|......
| 95 | guard = (Guard*)UNITY_MALLOC(total_size);
| | ~~~~~
| | |
| | (2) ...to here
| | (3) allocated here
| 96 | #endif
| 97 | if (guard == NULL) return NULL;
| | ~
| | |
| | (4) assuming ‘guard’ is non-NULL
| | (5) following ‘false’ branch (when ‘guard’ is non-NULL)...
| 98 | malloc_count++;
| | ~~~~~~~~~~~~
| | |
| | (6) ...to here
|......
| 104 | return (void*)mem;
| | ~~~~~~
| | |
| | (7) ‘guard’ leaks here; was allocated at (3)
|
[319/475] Compiling tests/libntp/vi64ops.c
[...]
pgp3j0DAYZBHW.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
