diff --git a/src/lib/writer-html.cc b/src/lib/writer-html.cc index 9e7bb716..db278b6b 100644 --- a/src/lib/writer-html.cc +++ b/src/lib/writer-html.cc @@ -52,8 +52,27 @@ namespace HtmlLib { str << "\n\ \n\ -
\n"; + str << "\n"; } void finalizePre(std::ostream &str) { @@ -133,7 +152,7 @@ void writeParseWarnings(std::ostream &str, const TScanProps &props) { const int count = boost::lexical_cast(itCount->second); const int ratio = boost::lexical_cast (itRatio->second); if (ratio < parsingRatioThr) - str << " warning: " + str << "
warning: " "low parsing ratio: " << ratio << "%
\n"; itCount = props.find("diffbase-cov-compilation-unit-count"); @@ -149,12 +168,12 @@ void writeParseWarnings(std::ostream &str, const TScanProps &props) { const int baseCount = boost::lexical_cast(itCount->second); const int baseRatio = boost::lexical_cast (itRatio->second); if (baseRatio < parsingRatioThr && baseRatio < ratio) - str << " warning: " + str << "
warning: " "low parsing ratio in diff base: " << baseRatio << "%
\n"; if (!count || 100 * baseCount / count < parsingOldToNewRatioThr) - str << "warning: " + str << "
warning: " "low count of parsed units in diff base: " << baseCount << "
\n"; } @@ -169,16 +188,16 @@ void writeScanProps(std::ostream &str, const TScanProps &props) { HtmlLib::initSection(str, "Scan Properties"); - str << "\n"; + str << "
\n"; int i = 0; for (TScanProps::const_reference item : props) { - const char *trStyle = ""; + const char *trClass = ""; if (++i & 1) - trStyle = " style='background-color: #EEE;'"; + trClass = " class='oddRow'"; - const char *tdStyle0 = "padding-right: 8px; white-space: nowrap;"; - str << "
" + const char *tdClass0 = "scanPropName"; + str << " \n"; } @@ -445,7 +464,7 @@ void HtmlWriter::Private::writeNewDefWarning(const Defect &def) return; // a newly introduced defect - this->str << " [warning: " + this->str << " [warning: " << this->newDefMsg << "]"; } @@ -456,7 +475,7 @@ void HtmlWriter::handleDef(const Defect &def) // HTML anchor d->str << ""; - d->str << "Error: " + d->str << "Error: " << HtmlLib::escapeTextInline(def.checker) << ""; const int cwe = def.cwe; @@ -482,7 +501,7 @@ void HtmlWriter::handleDef(const Defect &def) if (0 < def.imp) { // highlight the "imp" flag - d->str << " " + d->str << " " "[important]"; } @@ -498,13 +517,13 @@ void HtmlWriter::handleDef(const Defect &def) switch (evt.verbosityLevel) { case 1: if (isComment) - d->str << ""; + d->str << ""; else - d->str << ""; + d->str << ""; break; case 2: - d->str << ""; + d->str << ""; break; } @@ -544,9 +563,9 @@ void HtmlWriter::handleDef(const Defect &def) const bool isCtxLine = detector.isAnyCtxLine(evt); if (isCtxLine) { const char *color = (detector.isKeyCtxLine(evt)) - ? "000000" - : "C0C0C0"; - d->str << ""; + ? "ctxLine" + : "traceEvent"; + d->str << ""; } // translate message text diff --git a/tests/cshtml/0001-smoke/scan-results.html b/tests/cshtml/0001-smoke/scan-results.html index 2fd03b0e..ad391c6a 100644 --- a/tests/cshtml/0001-smoke/scan-results.html +++ b/tests/cshtml/0001-smoke/scan-results.html @@ -1,1434 +1,1451 @@ - " << item.first << " " << item.second << " curl-7.60.0-1.el8+7 - + +curl-7.60.0-1.el8+7 + + +curl-7.60.0-1.el8+7
[Show plain-text results]List of Defects
--Error: SHELLCHECK_WARNING: [#def1] ++Error: SHELLCHECK_WARNING: [#def1] /usr/bin/curl-config:25:1: warning[SC2034]: exec_prefix appears unused. Verify it or export it. -# 23| -# 24| prefix=/usr -# 25|-> exec_prefix=/usr -# 26| includedir=/usr/include -# 27| cppflag_curl_staticlib= +# 23| +# 24| prefix=/usr +# 25|-> exec_prefix=/usr +# 26| includedir=/usr/include +# 27| cppflag_curl_staticlib= -Error: SHELLCHECK_WARNING: [#def2] +Error: SHELLCHECK_WARNING: [#def2] /usr/bin/curl-config:26:1: warning[SC2034]: includedir appears unused. Verify it or export it. -# 24| prefix=/usr -# 25| exec_prefix=/usr -# 26|-> includedir=/usr/include -# 27| cppflag_curl_staticlib= -# 28| +# 24| prefix=/usr +# 25| exec_prefix=/usr +# 26|-> includedir=/usr/include +# 27| cppflag_curl_staticlib= +# 28| -Error: SHELLCHECK_WARNING: [#def3] +Error: SHELLCHECK_WARNING: [#def3] /usr/bin/curl-config:66:8: warning[SC2034]: value appears unused. Verify it or export it. -# 64| # [not currently used] -# 65| -*=*) value=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; -# 66|-> *) value= ;; -# 67| esac -# 68| +# 64| # [not currently used] +# 65| -*=*) value=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; +# 66|-> *) value= ;; +# 67| esac +# 68| -Error: SHELLCHECK_WARNING: [#def4] +Error: SHELLCHECK_WARNING: [#def4] /usr/bin/curl-config:146:14: warning[SC2039]: In POSIX sh, echo flags are undefined. -# 144| -# 145| --libs) -# 146|-> echo -lcurl -# 147| ;; -# 148| --ssl-backends) +# 144| +# 145| --libs) +# 146|-> echo -lcurl +# 147| ;; +# 148| --ssl-backends) -Error: DEADCODE (CWE-561): [#def5] -curl-7.60.0/lib/base64.c:183: assignment: Assigning: "convbuf" = "NULL". -curl-7.60.0/lib/base64.c:213: null: At condition "convbuf", the value of "convbuf" must be "NULL". -curl-7.60.0/lib/base64.c:213: dead_error_condition: The condition "convbuf" cannot be true. -curl-7.60.0/lib/base64.c:214: dead_error_line: Execution cannot reach this statement: "indata = (char *)convbuf;". +Error: DEADCODE (CWE-561): [#def5] +curl-7.60.0/lib/base64.c:183: assignment: Assigning: "convbuf" = "NULL". +curl-7.60.0/lib/base64.c:213: null: At condition "convbuf", the value of "convbuf" must be "NULL". +curl-7.60.0/lib/base64.c:213: dead_error_condition: The condition "convbuf" cannot be true. +curl-7.60.0/lib/base64.c:214: dead_error_line: Execution cannot reach this statement: "indata = (char *)convbuf;". curl-7.60.0/lib/base64.c:214: effectively_constant: Local variable "convbuf" is assigned only once, to a constant value, making it effectively constant throughout its scope. If this is not the intent, examine the logic to see if there is a missing assignment that would make "convbuf" not remain constant. -# 212| -# 213| if(convbuf) -# 214|-> indata = (char *)convbuf; -# 215| -# 216| while(insize > 0) { +# 212| +# 213| if(convbuf) +# 214|-> indata = (char *)convbuf; +# 215| +# 216| while(insize > 0) { -Error: OVERRUN (CWE-119): [#def6] -curl-7.60.0/lib/connect.c:1353: cond_true: Condition "!addr", taking true branch. -curl-7.60.0/lib/connect.c:1367: cond_true: Condition "conn->socktype == SOCK_DGRAM", taking true branch. -curl-7.60.0/lib/connect.c:1370: cond_true: Condition "addr->addrlen > 128UL /* sizeof (struct Curl_sockaddr_storage) */", taking true branch. -curl-7.60.0/lib/connect.c:1371: assignment: Assigning: "addr->addrlen" = "128U". +Error: OVERRUN (CWE-119): [#def6] +curl-7.60.0/lib/connect.c:1353: cond_true: Condition "!addr", taking true branch. +curl-7.60.0/lib/connect.c:1367: cond_true: Condition "conn->socktype == SOCK_DGRAM", taking true branch. +curl-7.60.0/lib/connect.c:1370: cond_true: Condition "addr->addrlen > 128UL /* sizeof (struct Curl_sockaddr_storage) */", taking true branch. +curl-7.60.0/lib/connect.c:1371: assignment: Assigning: "addr->addrlen" = "128U". curl-7.60.0/lib/connect.c:1372: overrun-buffer-arg: Overrunning struct type sockaddr of 16 bytes by passing it to a function which accesses it at byte offset 127 using argument "addr->addrlen" (which evaluates to 128). [Note: The source code implementation of the function has been overridden by a builtin model.] -# 1370| if(addr->addrlen > sizeof(struct Curl_sockaddr_storage)) -# 1371| addr->addrlen = sizeof(struct Curl_sockaddr_storage); -# 1372|-> memcpy(&addr->sa_addr, ai->ai_addr, addr->addrlen); -# 1373| -# 1374| if(data->set.fopensocket) { +# 1370| if(addr->addrlen > sizeof(struct Curl_sockaddr_storage)) +# 1371| addr->addrlen = sizeof(struct Curl_sockaddr_storage); +# 1372|-> memcpy(&addr->sa_addr, ai->ai_addr, addr->addrlen); +# 1373| +# 1374| if(data->set.fopensocket) { -Error: CPPCHECK_WARNING (CWE-456): [#def7] [warning: defect not occurring in curl-7.29.0-46.el7] +Error: CPPCHECK_WARNING (CWE-456): [#def7] [warning: defect not occurring in curl-7.29.0-46.el7] curl-7.60.0/lib/curl_ntlm_core.c:414: error[uninitvar]: Uninitialized variable: ks -# 412| DES_key_schedule ks; -# 413| -# 414|-> setup_des_key(keys, DESKEY(ks)); -# 415| DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results, -# 416| DESKEY(ks), DES_ENCRYPT); +# 412| DES_key_schedule ks; +# 413| +# 414|-> setup_des_key(keys, DESKEY(ks)); +# 415| DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results, +# 416| DESKEY(ks), DES_ENCRYPT); -Error: DEADCODE (CWE-561): [#def8] -curl-7.60.0/lib/curl_ntlm_core.c:479: assignment: Assigning: "result" = "((void)data) , CURLE_OK". -curl-7.60.0/lib/curl_ntlm_core.c:480: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/curl_ntlm_core.c:480: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def8] +curl-7.60.0/lib/curl_ntlm_core.c:479: assignment: Assigning: "result" = "((void)data) , CURLE_OK". +curl-7.60.0/lib/curl_ntlm_core.c:480: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/curl_ntlm_core.c:480: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/curl_ntlm_core.c:481: dead_error_line: Execution cannot reach this statement: "return result;". -# 479| result = Curl_convert_to_network(data, (char *)pw, 14); -# 480| if(result) -# 481|-> return result; -# 482| -# 483| { +# 479| result = Curl_convert_to_network(data, (char *)pw, 14); +# 480| if(result) +# 481|-> return result; +# 482| +# 483| { -Error: CPPCHECK_WARNING (CWE-456): [#def9] [warning: defect not occurring in curl-7.29.0-46.el7] +Error: CPPCHECK_WARNING (CWE-456): [#def9] [warning: defect not occurring in curl-7.29.0-46.el7] curl-7.60.0/lib/curl_ntlm_core.c:489: error[uninitvar]: Uninitialized variable: ks -# 487| DES_key_schedule ks; -# 488| -# 489|-> setup_des_key(pw, DESKEY(ks)); -# 490| DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer, -# 491| DESKEY(ks), DES_ENCRYPT); +# 487| DES_key_schedule ks; +# 488| +# 489|-> setup_des_key(pw, DESKEY(ks)); +# 490| DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer, +# 491| DESKEY(ks), DES_ENCRYPT); -Error: DEADCODE (CWE-561): [#def10] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/lib/curl_ntlm_core.c:571: assignment: Assigning: "result" = "((void)data) , CURLE_OK". -curl-7.60.0/lib/curl_ntlm_core.c:572: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/curl_ntlm_core.c:572: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def10] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/lib/curl_ntlm_core.c:571: assignment: Assigning: "result" = "((void)data) , CURLE_OK". +curl-7.60.0/lib/curl_ntlm_core.c:572: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/curl_ntlm_core.c:572: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/curl_ntlm_core.c:573: dead_error_line: Execution cannot reach this statement: "return result;". -# 571| result = Curl_convert_to_network(data, (char *)pw, len * 2); -# 572| if(result) -# 573|-> return result; -# 574| -# 575| { +# 571| result = Curl_convert_to_network(data, (char *)pw, len * 2); +# 572| if(result) +# 573|-> return result; +# 574| +# 575| { -Error: TAINTED_STRING (CWE-20): [#def11] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_socket != -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_pid", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:131: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:142: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:144: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:146: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:147: tainted_string_return_content: "getenv" returns tainted string content. -curl-7.60.0/lib/curl_ntlm_wb.c:147: var_assign: Assigning: "username" = "getenv("USER")", which taints "username". -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_false: Condition "!username", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_false: Condition "!username[0]", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:153: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_false: Condition "!username", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_false: Condition "!username[0]", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:156: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:159: cond_true: Condition "slash", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:160: tainted_data_transitive: Call to function "strdup" with tainted argument "username" returns tainted data. -curl-7.60.0/lib/curl_ntlm_wb.c:160: var_assign: Assigning: "domain" = "strdup(username)", which taints "domain". -curl-7.60.0/lib/curl_ntlm_wb.c:161: cond_false: Condition "!domain", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:162: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:180: cond_false: Condition "access(ntlm_auth, 1) != 0", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:184: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:186: cond_false: Condition "socketpair(1, SOCK_STREAM, 0, sockfds)", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:190: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:193: cond_false: Condition "child_pid == -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:200: else_branch: Reached else branch. -curl-7.60.0/lib/curl_ntlm_wb.c:200: cond_true: Condition "!child_pid", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:207: cond_false: Condition "dup2(sockfds[1], 0) == -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:211: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:213: cond_false: Condition "dup2(sockfds[1], 1) == -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:217: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:219: cond_true: Condition "domain", taking true branch. +Error: TAINTED_STRING (CWE-20): [#def11] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_socket != -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_pid", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:131: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:142: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:144: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:146: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:147: tainted_string_return_content: "getenv" returns tainted string content. +curl-7.60.0/lib/curl_ntlm_wb.c:147: var_assign: Assigning: "username" = "getenv("USER")", which taints "username". +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_false: Condition "!username", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_false: Condition "!username[0]", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:153: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_false: Condition "!username", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_false: Condition "!username[0]", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:156: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:159: cond_true: Condition "slash", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:160: tainted_data_transitive: Call to function "strdup" with tainted argument "username" returns tainted data. +curl-7.60.0/lib/curl_ntlm_wb.c:160: var_assign: Assigning: "domain" = "strdup(username)", which taints "domain". +curl-7.60.0/lib/curl_ntlm_wb.c:161: cond_false: Condition "!domain", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:162: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:180: cond_false: Condition "access(ntlm_auth, 1) != 0", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:184: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:186: cond_false: Condition "socketpair(1, SOCK_STREAM, 0, sockfds)", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:190: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:193: cond_false: Condition "child_pid == -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:200: else_branch: Reached else branch. +curl-7.60.0/lib/curl_ntlm_wb.c:200: cond_true: Condition "!child_pid", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:207: cond_false: Condition "dup2(sockfds[1], 0) == -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:211: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:213: cond_false: Condition "dup2(sockfds[1], 1) == -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:217: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:219: cond_true: Condition "domain", taking true branch. curl-7.60.0/lib/curl_ntlm_wb.c:220: tainted_string: Passing tainted string "domain" to "execl", which cannot accept tainted data. -# 218| -# 219| if(domain) -# 220|-> execl(ntlm_auth, ntlm_auth, -# 221| "--helper-protocol", "ntlmssp-client-1", -# 222| "--use-cached-creds", +# 218| +# 219| if(domain) +# 220|-> execl(ntlm_auth, ntlm_auth, +# 221| "--helper-protocol", "ntlmssp-client-1", +# 222| "--use-cached-creds", -Error: TAINTED_STRING (CWE-20): [#def12] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_socket != -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_pid", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:131: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:142: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:144: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:146: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:147: tainted_string_return_content: "getenv" returns tainted string content. -curl-7.60.0/lib/curl_ntlm_wb.c:147: var_assign: Assigning: "username" = "getenv("USER")", which taints "username". -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_false: Condition "!username", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_false: Condition "!username[0]", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:153: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_false: Condition "!username", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_false: Condition "!username[0]", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:156: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:159: cond_true: Condition "slash", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:161: cond_false: Condition "!domain", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:162: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:165: var_assign_var: Assigning: "username" = "username + (slash - domain) + 1". Both are now tainted. -curl-7.60.0/lib/curl_ntlm_wb.c:180: cond_false: Condition "access(ntlm_auth, 1) != 0", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:184: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:186: cond_false: Condition "socketpair(1, SOCK_STREAM, 0, sockfds)", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:190: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:193: cond_false: Condition "child_pid == -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:200: else_branch: Reached else branch. -curl-7.60.0/lib/curl_ntlm_wb.c:200: cond_true: Condition "!child_pid", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:207: cond_false: Condition "dup2(sockfds[1], 0) == -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:211: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:213: cond_false: Condition "dup2(sockfds[1], 1) == -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:217: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:219: cond_true: Condition "domain", taking true branch. +Error: TAINTED_STRING (CWE-20): [#def12] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_socket != -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_pid", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:131: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:142: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:144: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:146: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:147: tainted_string_return_content: "getenv" returns tainted string content. +curl-7.60.0/lib/curl_ntlm_wb.c:147: var_assign: Assigning: "username" = "getenv("USER")", which taints "username". +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_false: Condition "!username", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_false: Condition "!username[0]", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:153: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_false: Condition "!username", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_false: Condition "!username[0]", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:156: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:159: cond_true: Condition "slash", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:161: cond_false: Condition "!domain", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:162: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:165: var_assign_var: Assigning: "username" = "username + (slash - domain) + 1". Both are now tainted. +curl-7.60.0/lib/curl_ntlm_wb.c:180: cond_false: Condition "access(ntlm_auth, 1) != 0", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:184: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:186: cond_false: Condition "socketpair(1, SOCK_STREAM, 0, sockfds)", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:190: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:193: cond_false: Condition "child_pid == -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:200: else_branch: Reached else branch. +curl-7.60.0/lib/curl_ntlm_wb.c:200: cond_true: Condition "!child_pid", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:207: cond_false: Condition "dup2(sockfds[1], 0) == -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:211: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:213: cond_false: Condition "dup2(sockfds[1], 1) == -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:217: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:219: cond_true: Condition "domain", taking true branch. curl-7.60.0/lib/curl_ntlm_wb.c:220: tainted_string: Passing tainted string "username" to "execl", which cannot accept tainted data. -# 218| -# 219| if(domain) -# 220|-> execl(ntlm_auth, ntlm_auth, -# 221| "--helper-protocol", "ntlmssp-client-1", -# 222| "--use-cached-creds", +# 218| +# 219| if(domain) +# 220|-> execl(ntlm_auth, ntlm_auth, +# 221| "--helper-protocol", "ntlmssp-client-1", +# 222| "--use-cached-creds", -Error: TOCTOU (CWE-367): [#def13] -curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_socket != -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_pid", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:131: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:142: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:144: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:146: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "!getpwuid_r(geteuid(), &pw, pwbuf, 1024UL /* sizeof (pwbuf) */, &pw_res)", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "pw_res", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:159: cond_true: Condition "slash", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:161: cond_false: Condition "!domain", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:162: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:180: fs_check_call: Calling function "access" to perform check on "ntlm_auth". -curl-7.60.0/lib/curl_ntlm_wb.c:180: cond_false: Condition "access(ntlm_auth, 1) != 0", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:184: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:186: cond_false: Condition "socketpair(1, SOCK_STREAM, 0, sockfds)", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:190: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:193: cond_false: Condition "child_pid == -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:200: else_branch: Reached else branch. -curl-7.60.0/lib/curl_ntlm_wb.c:200: cond_true: Condition "!child_pid", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:207: cond_true: Condition "dup2(sockfds[1], 0) == -1", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:213: cond_true: Condition "dup2(sockfds[1], 1) == -1", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:219: cond_true: Condition "domain", taking true branch. +Error: TOCTOU (CWE-367): [#def13] +curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_socket != -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_pid", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:131: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:142: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:144: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:146: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "!getpwuid_r(geteuid(), &pw, pwbuf, 1024UL /* sizeof (pwbuf) */, &pw_res)", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "pw_res", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:159: cond_true: Condition "slash", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:161: cond_false: Condition "!domain", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:162: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:180: fs_check_call: Calling function "access" to perform check on "ntlm_auth". +curl-7.60.0/lib/curl_ntlm_wb.c:180: cond_false: Condition "access(ntlm_auth, 1) != 0", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:184: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:186: cond_false: Condition "socketpair(1, SOCK_STREAM, 0, sockfds)", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:190: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:193: cond_false: Condition "child_pid == -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:200: else_branch: Reached else branch. +curl-7.60.0/lib/curl_ntlm_wb.c:200: cond_true: Condition "!child_pid", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:207: cond_true: Condition "dup2(sockfds[1], 0) == -1", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:213: cond_true: Condition "dup2(sockfds[1], 1) == -1", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:219: cond_true: Condition "domain", taking true branch. curl-7.60.0/lib/curl_ntlm_wb.c:220: toctou: Calling function "execl" that uses "ntlm_auth" after a check function. This can cause a time-of-check, time-of-use race condition. -# 218| -# 219| if(domain) -# 220|-> execl(ntlm_auth, ntlm_auth, -# 221| "--helper-protocol", "ntlmssp-client-1", -# 222| "--use-cached-creds", +# 218| +# 219| if(domain) +# 220|-> execl(ntlm_auth, ntlm_auth, +# 221| "--helper-protocol", "ntlmssp-client-1", +# 222| "--use-cached-creds", -Error: TOCTOU (CWE-367): [#def14] -curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_socket != -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_pid", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:131: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:142: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:144: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:146: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "!getpwuid_r(geteuid(), &pw, pwbuf, 1024UL /* sizeof (pwbuf) */, &pw_res)", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "pw_res", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:159: cond_false: Condition "slash", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:166: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:180: fs_check_call: Calling function "access" to perform check on "ntlm_auth". -curl-7.60.0/lib/curl_ntlm_wb.c:180: cond_false: Condition "access(ntlm_auth, 1) != 0", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:184: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:186: cond_false: Condition "socketpair(1, SOCK_STREAM, 0, sockfds)", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:190: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:193: cond_false: Condition "child_pid == -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:200: else_branch: Reached else branch. -curl-7.60.0/lib/curl_ntlm_wb.c:200: cond_true: Condition "!child_pid", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:207: cond_true: Condition "dup2(sockfds[1], 0) == -1", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:213: cond_true: Condition "dup2(sockfds[1], 1) == -1", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:219: cond_false: Condition "domain", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:227: else_branch: Reached else branch. +Error: TOCTOU (CWE-367): [#def14] +curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_socket != -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_pid", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:131: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:142: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:144: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:146: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "!getpwuid_r(geteuid(), &pw, pwbuf, 1024UL /* sizeof (pwbuf) */, &pw_res)", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "pw_res", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:159: cond_false: Condition "slash", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:166: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:180: fs_check_call: Calling function "access" to perform check on "ntlm_auth". +curl-7.60.0/lib/curl_ntlm_wb.c:180: cond_false: Condition "access(ntlm_auth, 1) != 0", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:184: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:186: cond_false: Condition "socketpair(1, SOCK_STREAM, 0, sockfds)", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:190: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:193: cond_false: Condition "child_pid == -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:200: else_branch: Reached else branch. +curl-7.60.0/lib/curl_ntlm_wb.c:200: cond_true: Condition "!child_pid", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:207: cond_true: Condition "dup2(sockfds[1], 0) == -1", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:213: cond_true: Condition "dup2(sockfds[1], 1) == -1", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:219: cond_false: Condition "domain", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:227: else_branch: Reached else branch. curl-7.60.0/lib/curl_ntlm_wb.c:227: toctou: Calling function "execl" that uses "ntlm_auth" after a check function. This can cause a time-of-check, time-of-use race condition. -# 225| NULL); -# 226| else -# 227|-> execl(ntlm_auth, ntlm_auth, -# 228| "--helper-protocol", "ntlmssp-client-1", -# 229| "--use-cached-creds", +# 225| NULL); +# 226| else +# 227|-> execl(ntlm_auth, ntlm_auth, +# 228| "--helper-protocol", "ntlmssp-client-1", +# 229| "--use-cached-creds", -Error: CLANG_WARNING: [#def15] [warning: defect not occurring in curl-7.29.0-46.el7] +Error: CLANG_WARNING: [#def15] [warning: defect not occurring in curl-7.29.0-46.el7] curl-7.60.0/lib/formdata.c: internal warning: child 19175 timed out after 30s -Error: CLANG_WARNING: [#def16] [warning: defect not occurring in curl-7.29.0-46.el7] +Error: CLANG_WARNING: [#def16] [warning: defect not occurring in curl-7.29.0-46.el7] curl-7.60.0/lib/formdata.c: internal warning: child 31044 timed out after 30s -Error: CLANG_WARNING: [#def17] [warning: defect not occurring in curl-7.29.0-46.el7] +Error: CLANG_WARNING: [#def17] [warning: defect not occurring in curl-7.29.0-46.el7] curl-7.60.0/lib/ftp.c: internal warning: child 31022 timed out after 30s -Error: DEADCODE (CWE-561): [#def18] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/lib/ftp.c:3975: assignment: Assigning: "result" = "((void)conn->data) , CURLE_OK". -curl-7.60.0/lib/ftp.c:3977: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/ftp.c:3977: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def18] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/lib/ftp.c:3975: assignment: Assigning: "result" = "((void)conn->data) , CURLE_OK". +curl-7.60.0/lib/ftp.c:3977: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/ftp.c:3977: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/ftp.c:3978: dead_error_line: Execution cannot reach this statement: "return result;". -# 3976| /* Curl_convert_to_network calls failf if unsuccessful */ -# 3977| if(result) -# 3978|-> return result; -# 3979| -# 3980| for(;;) { +# 3976| /* Curl_convert_to_network calls failf if unsuccessful */ +# 3977| if(result) +# 3978|-> return result; +# 3979| +# 3980| for(;;) { -Error: CONSTANT_EXPRESSION_RESULT (CWE-398): [#def19] [warning: defect not occurring in curl-7.29.0-46.el7] +Error: CONSTANT_EXPRESSION_RESULT (CWE-398): [#def19] [warning: defect not occurring in curl-7.29.0-46.el7] curl-7.60.0/lib/getinfo.c:159: result_independent_of_operands: "data->info.filetime > 9223372036854775807L" is always false regardless of the values of its operands. This occurs as the logical operand of "if". -# 157| break; -# 158| case CURLINFO_FILETIME: -# 159|-> if(data->info.filetime > LONG_MAX) -# 160| *param_longp = LONG_MAX; -# 161| else if(data->info.filetime < LONG_MIN) +# 157| break; +# 158| case CURLINFO_FILETIME: +# 159|-> if(data->info.filetime > LONG_MAX) +# 160| *param_longp = LONG_MAX; +# 161| else if(data->info.filetime < LONG_MIN) -Error: CONSTANT_EXPRESSION_RESULT (CWE-398): [#def20] [warning: defect not occurring in curl-7.29.0-46.el7] +Error: CONSTANT_EXPRESSION_RESULT (CWE-398): [#def20] [warning: defect not occurring in curl-7.29.0-46.el7] curl-7.60.0/lib/getinfo.c:161: result_independent_of_operands: "data->info.filetime < -9223372036854775808L /* -9223372036854775807L - 1L */" is always false regardless of the values of its operands. This occurs as the logical operand of "if". -# 159| if(data->info.filetime > LONG_MAX) -# 160| *param_longp = LONG_MAX; -# 161|-> else if(data->info.filetime < LONG_MIN) -# 162| *param_longp = LONG_MIN; -# 163| else +# 159| if(data->info.filetime > LONG_MAX) +# 160| *param_longp = LONG_MAX; +# 161|-> else if(data->info.filetime < LONG_MIN) +# 162| *param_longp = LONG_MIN; +# 163| else -Error: DEADCODE (CWE-561): [#def21] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/lib/http.c:1086: assignment: Assigning: "result" = "((void)conn->data) , CURLE_OK". -curl-7.60.0/lib/http.c:1088: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/http.c:1088: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def21] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/lib/http.c:1086: assignment: Assigning: "result" = "((void)conn->data) , CURLE_OK". +curl-7.60.0/lib/http.c:1088: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/http.c:1088: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/http.c:1090: dead_error_begin: Execution cannot reach this statement: "Curl_add_buffer_free(in);". -# 1088| if(result) { -# 1089| /* conversion failed, free memory and return to the caller */ -# 1090|-> Curl_add_buffer_free(in); -# 1091| return result; -# 1092| } +# 1088| if(result) { +# 1089| /* conversion failed, free memory and return to the caller */ +# 1090|-> Curl_add_buffer_free(in); +# 1091| return result; +# 1092| } -Error: DEADCODE (CWE-561): [#def22] -curl-7.60.0/lib/http.c:3566: assignment: Assigning: "result" = "((void)data) , CURLE_OK". -curl-7.60.0/lib/http.c:3568: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/http.c:3568: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def22] +curl-7.60.0/lib/http.c:3566: assignment: Assigning: "result" = "((void)data) , CURLE_OK". +curl-7.60.0/lib/http.c:3568: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/http.c:3568: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/http.c:3569: dead_error_line: Execution cannot reach this statement: "return result;". -# 3567| /* Curl_convert_from_network calls failf if unsuccessful */ -# 3568| if(result) -# 3569|-> return result; -# 3570| -# 3571| /* Check for Content-Length: header lines to get size */ +# 3567| /* Curl_convert_from_network calls failf if unsuccessful */ +# 3568| if(result) +# 3569|-> return result; +# 3570| +# 3571| /* Check for Content-Length: header lines to get size */ -Error: DEADCODE (CWE-561): [#def23] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/lib/http_chunks.c:157: assignment: Assigning: "result" = "((void)conn->data) , CURLE_OK". -curl-7.60.0/lib/http_chunks.c:159: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/http_chunks.c:159: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def23] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/lib/http_chunks.c:157: assignment: Assigning: "result" = "((void)conn->data) , CURLE_OK". +curl-7.60.0/lib/http_chunks.c:159: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/http_chunks.c:159: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/http_chunks.c:162: dead_error_line: Execution cannot reach this statement: "return CHUNKE_ILLEGAL_HEX;". -# 160| /* Curl_convert_from_network calls failf if unsuccessful */ -# 161| /* Treat it as a bad hex character */ -# 162|-> return CHUNKE_ILLEGAL_HEX; -# 163| } -# 164| +# 160| /* Curl_convert_from_network calls failf if unsuccessful */ +# 161| /* Treat it as a bad hex character */ +# 162|-> return CHUNKE_ILLEGAL_HEX; +# 163| } +# 164| -Error: DEADCODE (CWE-561): [#def24] -curl-7.60.0/lib/http_chunks.c:237: assignment: Assigning: "result" = "((void)conn->data) , CURLE_OK". -curl-7.60.0/lib/http_chunks.c:239: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/http_chunks.c:239: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def24] +curl-7.60.0/lib/http_chunks.c:237: assignment: Assigning: "result" = "((void)conn->data) , CURLE_OK". +curl-7.60.0/lib/http_chunks.c:239: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/http_chunks.c:239: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/http_chunks.c:242: dead_error_line: Execution cannot reach this statement: "return CHUNKE_BAD_CHUNK;". -# 240| /* Curl_convert_from_network calls failf if unsuccessful */ -# 241| /* Treat it as a bad chunk */ -# 242|-> return CHUNKE_BAD_CHUNK; -# 243| -# 244| if(!data->set.http_te_skip) { +# 240| /* Curl_convert_from_network calls failf if unsuccessful */ +# 241| /* Treat it as a bad chunk */ +# 242|-> return CHUNKE_BAD_CHUNK; +# 243| +# 244| if(!data->set.http_te_skip) { -Error: DEADCODE (CWE-561): [#def25] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/lib/http_proxy.c:413: assignment: Assigning: "result" = "((void)data) , CURLE_OK". -curl-7.60.0/lib/http_proxy.c:416: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/http_proxy.c:416: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def25] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/lib/http_proxy.c:413: assignment: Assigning: "result" = "((void)data) , CURLE_OK". +curl-7.60.0/lib/http_proxy.c:416: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/http_proxy.c:416: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/http_proxy.c:417: dead_error_line: Execution cannot reach this statement: "return result;". -# 415| /* Curl_convert_from_network calls failf if unsuccessful */ -# 416| if(result) -# 417|-> return result; -# 418| -# 419| /* output debug if that is requested */ +# 415| /* Curl_convert_from_network calls failf if unsuccessful */ +# 416| if(result) +# 417|-> return result; +# 418| +# 419| /* output debug if that is requested */ -Error: CLANG_WARNING: [#def26] [warning: defect not occurring in curl-7.29.0-46.el7] +Error: CLANG_WARNING: [#def26] [warning: defect not occurring in curl-7.29.0-46.el7] curl-7.60.0/lib/multi.c: internal warning: child 32119 timed out after 30s -Error: FORWARD_NULL (CWE-476): [#def27] -curl-7.60.0/lib/multi.c:959: assign_zero: Assigning: "ufds" = "NULL". -curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi", taking true branch. -curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi->type == 764702", taking true branch. -curl-7.60.0/lib/multi.c:966: if_end: End of if statement. -curl-7.60.0/lib/multi.c:968: cond_false: Condition "multi->in_callback", taking false branch. -curl-7.60.0/lib/multi.c:969: if_end: End of if statement. -curl-7.60.0/lib/multi.c:975: cond_false: Condition "timeout_internal >= 0", taking false branch. -curl-7.60.0/lib/multi.c:976: if_end: End of if statement. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:993: if_end: End of if statement. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. -curl-7.60.0/lib/multi.c:989: if_end: End of if statement. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:993: if_end: End of if statement. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. -curl-7.60.0/lib/multi.c:989: if_end: End of if statement. -curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:993: if_end: End of if statement. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_false: Condition "data", taking false branch. -curl-7.60.0/lib/multi.c:1000: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1005: cond_false: Condition "nfds", taking false branch. -curl-7.60.0/lib/multi.c:1018: if_end: End of if statement. -curl-7.60.0/lib/multi.c:1024: cond_true: Condition "curlfds", taking true branch. -curl-7.60.0/lib/multi.c:1027: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:1030: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:1033: cond_true: Condition "bitmap & (1 << i)", taking true branch. +Error: FORWARD_NULL (CWE-476): [#def27] +curl-7.60.0/lib/multi.c:959: assign_zero: Assigning: "ufds" = "NULL". +curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi", taking true branch. +curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi->type == 764702", taking true branch. +curl-7.60.0/lib/multi.c:966: if_end: End of if statement. +curl-7.60.0/lib/multi.c:968: cond_false: Condition "multi->in_callback", taking false branch. +curl-7.60.0/lib/multi.c:969: if_end: End of if statement. +curl-7.60.0/lib/multi.c:975: cond_false: Condition "timeout_internal >= 0", taking false branch. +curl-7.60.0/lib/multi.c:976: if_end: End of if statement. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:993: if_end: End of if statement. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. +curl-7.60.0/lib/multi.c:989: if_end: End of if statement. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:993: if_end: End of if statement. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. +curl-7.60.0/lib/multi.c:989: if_end: End of if statement. +curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:993: if_end: End of if statement. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_false: Condition "data", taking false branch. +curl-7.60.0/lib/multi.c:1000: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1005: cond_false: Condition "nfds", taking false branch. +curl-7.60.0/lib/multi.c:1018: if_end: End of if statement. +curl-7.60.0/lib/multi.c:1024: cond_true: Condition "curlfds", taking true branch. +curl-7.60.0/lib/multi.c:1027: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:1030: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:1033: cond_true: Condition "bitmap & (1 << i)", taking true branch. curl-7.60.0/lib/multi.c:1034: var_deref_op: Dereferencing null pointer "ufds". -# 1032| -# 1033| if(bitmap & GETSOCK_READSOCK(i)) { -# 1034|-> ufds[nfds].fd = sockbunch[i]; -# 1035| ufds[nfds].events = POLLIN; -# 1036| ++nfds; +# 1032| +# 1033| if(bitmap & GETSOCK_READSOCK(i)) { +# 1034|-> ufds[nfds].fd = sockbunch[i]; +# 1035| ufds[nfds].events = POLLIN; +# 1036| ++nfds; -Error: FORWARD_NULL (CWE-476): [#def28] -curl-7.60.0/lib/multi.c:959: assign_zero: Assigning: "ufds" = "NULL". -curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi", taking true branch. -curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi->type == 764702", taking true branch. -curl-7.60.0/lib/multi.c:966: if_end: End of if statement. -curl-7.60.0/lib/multi.c:968: cond_false: Condition "multi->in_callback", taking false branch. -curl-7.60.0/lib/multi.c:969: if_end: End of if statement. -curl-7.60.0/lib/multi.c:975: cond_false: Condition "timeout_internal >= 0", taking false branch. -curl-7.60.0/lib/multi.c:976: if_end: End of if statement. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:993: if_end: End of if statement. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. -curl-7.60.0/lib/multi.c:989: if_end: End of if statement. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:993: if_end: End of if statement. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. -curl-7.60.0/lib/multi.c:989: if_end: End of if statement. -curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:993: if_end: End of if statement. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_false: Condition "data", taking false branch. -curl-7.60.0/lib/multi.c:1000: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1005: cond_false: Condition "nfds", taking false branch. -curl-7.60.0/lib/multi.c:1018: if_end: End of if statement. -curl-7.60.0/lib/multi.c:1024: cond_true: Condition "curlfds", taking true branch. -curl-7.60.0/lib/multi.c:1027: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:1030: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:1033: cond_false: Condition "bitmap & (1 << i)", taking false branch. -curl-7.60.0/lib/multi.c:1038: if_end: End of if statement. -curl-7.60.0/lib/multi.c:1039: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +Error: FORWARD_NULL (CWE-476): [#def28] +curl-7.60.0/lib/multi.c:959: assign_zero: Assigning: "ufds" = "NULL". +curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi", taking true branch. +curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi->type == 764702", taking true branch. +curl-7.60.0/lib/multi.c:966: if_end: End of if statement. +curl-7.60.0/lib/multi.c:968: cond_false: Condition "multi->in_callback", taking false branch. +curl-7.60.0/lib/multi.c:969: if_end: End of if statement. +curl-7.60.0/lib/multi.c:975: cond_false: Condition "timeout_internal >= 0", taking false branch. +curl-7.60.0/lib/multi.c:976: if_end: End of if statement. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:993: if_end: End of if statement. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. +curl-7.60.0/lib/multi.c:989: if_end: End of if statement. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:993: if_end: End of if statement. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. +curl-7.60.0/lib/multi.c:989: if_end: End of if statement. +curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:993: if_end: End of if statement. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_false: Condition "data", taking false branch. +curl-7.60.0/lib/multi.c:1000: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1005: cond_false: Condition "nfds", taking false branch. +curl-7.60.0/lib/multi.c:1018: if_end: End of if statement. +curl-7.60.0/lib/multi.c:1024: cond_true: Condition "curlfds", taking true branch. +curl-7.60.0/lib/multi.c:1027: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:1030: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:1033: cond_false: Condition "bitmap & (1 << i)", taking false branch. +curl-7.60.0/lib/multi.c:1038: if_end: End of if statement. +curl-7.60.0/lib/multi.c:1039: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. curl-7.60.0/lib/multi.c:1040: var_deref_op: Dereferencing null pointer "ufds". -# 1038| } -# 1039| if(bitmap & GETSOCK_WRITESOCK(i)) { -# 1040|-> ufds[nfds].fd = sockbunch[i]; -# 1041| ufds[nfds].events = POLLOUT; -# 1042| ++nfds; +# 1038| } +# 1039| if(bitmap & GETSOCK_WRITESOCK(i)) { +# 1040|-> ufds[nfds].fd = sockbunch[i]; +# 1041| ufds[nfds].events = POLLOUT; +# 1042| ++nfds; -Error: FORWARD_NULL (CWE-476): [#def29] -curl-7.60.0/lib/multi.c:959: assign_zero: Assigning: "ufds" = "NULL". -curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi", taking true branch. -curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi->type == 764702", taking true branch. -curl-7.60.0/lib/multi.c:966: if_end: End of if statement. -curl-7.60.0/lib/multi.c:968: cond_false: Condition "multi->in_callback", taking false branch. -curl-7.60.0/lib/multi.c:969: if_end: End of if statement. -curl-7.60.0/lib/multi.c:975: cond_false: Condition "timeout_internal >= 0", taking false branch. -curl-7.60.0/lib/multi.c:976: if_end: End of if statement. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:993: if_end: End of if statement. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. -curl-7.60.0/lib/multi.c:989: if_end: End of if statement. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:993: if_end: End of if statement. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. -curl-7.60.0/lib/multi.c:989: if_end: End of if statement. -curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:993: if_end: End of if statement. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_false: Condition "data", taking false branch. -curl-7.60.0/lib/multi.c:1000: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1005: cond_false: Condition "nfds", taking false branch. -curl-7.60.0/lib/multi.c:1018: if_end: End of if statement. -curl-7.60.0/lib/multi.c:1024: cond_true: Condition "curlfds", taking true branch. -curl-7.60.0/lib/multi.c:1027: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:1030: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:1033: cond_false: Condition "bitmap & (1 << i)", taking false branch. -curl-7.60.0/lib/multi.c:1038: if_end: End of if statement. -curl-7.60.0/lib/multi.c:1039: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:1044: if_end: End of if statement. -curl-7.60.0/lib/multi.c:1045: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:1046: break: Breaking from loop. -curl-7.60.0/lib/multi.c:1048: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1051: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:1027: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:1027: cond_false: Condition "data", taking false branch. -curl-7.60.0/lib/multi.c:1051: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1055: cond_true: Condition "i < extra_nfds", taking true branch. +Error: FORWARD_NULL (CWE-476): [#def29] +curl-7.60.0/lib/multi.c:959: assign_zero: Assigning: "ufds" = "NULL". +curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi", taking true branch. +curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi->type == 764702", taking true branch. +curl-7.60.0/lib/multi.c:966: if_end: End of if statement. +curl-7.60.0/lib/multi.c:968: cond_false: Condition "multi->in_callback", taking false branch. +curl-7.60.0/lib/multi.c:969: if_end: End of if statement. +curl-7.60.0/lib/multi.c:975: cond_false: Condition "timeout_internal >= 0", taking false branch. +curl-7.60.0/lib/multi.c:976: if_end: End of if statement. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:993: if_end: End of if statement. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. +curl-7.60.0/lib/multi.c:989: if_end: End of if statement. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:993: if_end: End of if statement. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. +curl-7.60.0/lib/multi.c:989: if_end: End of if statement. +curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:993: if_end: End of if statement. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_false: Condition "data", taking false branch. +curl-7.60.0/lib/multi.c:1000: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1005: cond_false: Condition "nfds", taking false branch. +curl-7.60.0/lib/multi.c:1018: if_end: End of if statement. +curl-7.60.0/lib/multi.c:1024: cond_true: Condition "curlfds", taking true branch. +curl-7.60.0/lib/multi.c:1027: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:1030: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:1033: cond_false: Condition "bitmap & (1 << i)", taking false branch. +curl-7.60.0/lib/multi.c:1038: if_end: End of if statement. +curl-7.60.0/lib/multi.c:1039: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:1044: if_end: End of if statement. +curl-7.60.0/lib/multi.c:1045: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:1046: break: Breaking from loop. +curl-7.60.0/lib/multi.c:1048: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1051: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:1027: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:1027: cond_false: Condition "data", taking false branch. +curl-7.60.0/lib/multi.c:1051: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1055: cond_true: Condition "i < extra_nfds", taking true branch. curl-7.60.0/lib/multi.c:1056: var_deref_op: Dereferencing null pointer "ufds". -# 1054| /* Add external file descriptions from poll-like struct curl_waitfd */ -# 1055| for(i = 0; i < extra_nfds; i++) { -# 1056|-> ufds[nfds].fd = extra_fds[i].fd; -# 1057| ufds[nfds].events = 0; -# 1058| if(extra_fds[i].events & CURL_WAIT_POLLIN) +# 1054| /* Add external file descriptions from poll-like struct curl_waitfd */ +# 1055| for(i = 0; i < extra_nfds; i++) { +# 1056|-> ufds[nfds].fd = extra_fds[i].fd; +# 1057| ufds[nfds].events = 0; +# 1058| if(extra_fds[i].events & CURL_WAIT_POLLIN) -Error: DEADCODE (CWE-561): [#def30] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/lib/sendf.c:441: assignment: Assigning: "nread" = "0L". -curl-7.60.0/lib/sendf.c:442: const: At condition "nread > 0L", the value of "nread" must be equal to 0. -curl-7.60.0/lib/sendf.c:442: dead_error_condition: The condition "nread > 0L" cannot be true. +Error: DEADCODE (CWE-561): [#def30] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/lib/sendf.c:441: assignment: Assigning: "nread" = "0L". +curl-7.60.0/lib/sendf.c:442: const: At condition "nread > 0L", the value of "nread" must be equal to 0. +curl-7.60.0/lib/sendf.c:442: dead_error_condition: The condition "nread > 0L" cannot be true. curl-7.60.0/lib/sendf.c:443: dead_error_begin: Execution cannot reach this statement: "*code = CURLE_OK;". -# 441| nread = get_pre_recved(conn, num, buf, len); -# 442| if(nread > 0) { -# 443|-> *code = CURLE_OK; -# 444| return nread; -# 445| } +# 441| nread = get_pre_recved(conn, num, buf, len); +# 442| if(nread > 0) { +# 443|-> *code = CURLE_OK; +# 444| return nread; +# 445| } -Error: DEADCODE (CWE-561): [#def31] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/lib/sendf.c:657: assignment: Assigning: "result" = "((void)data) , CURLE_OK". -curl-7.60.0/lib/sendf.c:659: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/sendf.c:659: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def31] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/lib/sendf.c:657: assignment: Assigning: "result" = "((void)data) , CURLE_OK". +curl-7.60.0/lib/sendf.c:659: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/sendf.c:659: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/sendf.c:660: dead_error_line: Execution cannot reach this statement: "return result;". -# 658| /* Curl_convert_from_network calls failf if unsuccessful */ -# 659| if(result) -# 660|-> return result; -# 661| -# 662| #ifdef CURL_DO_LINEEND_CONV +# 658| /* Curl_convert_from_network calls failf if unsuccessful */ +# 659| if(result) +# 660|-> return result; +# 661| +# 662| #ifdef CURL_DO_LINEEND_CONV -Error: DEADCODE (CWE-561): [#def32] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/lib/smb.c:734: assignment: Assigning: "next_state" = "SMB_DONE". -curl-7.60.0/lib/smb.c:773: assignment: Assigning: "next_state" = "SMB_OPEN". -curl-7.60.0/lib/smb.c:779: assignment: Assigning: "next_state" = "SMB_TREE_DISCONNECT". -curl-7.60.0/lib/smb.c:788: assignment: Assigning: "next_state" = "SMB_UPLOAD". -curl-7.60.0/lib/smb.c:795: assignment: Assigning: "next_state" = "SMB_CLOSE". -curl-7.60.0/lib/smb.c:801: assignment: Assigning: "next_state" = "SMB_DOWNLOAD". -curl-7.60.0/lib/smb.c:827: assignment: Assigning: "next_state" = "SMB_CLOSE". -curl-7.60.0/lib/smb.c:834: assignment: Assigning: "next_state" = "(len < 32768) ? SMB_CLOSE : SMB_DOWNLOAD". -curl-7.60.0/lib/smb.c:870: between: When switching on "next_state", the value of "next_state" must be between 2 and 7. -curl-7.60.0/lib/smb.c:870: dead_error_condition: The switch value "next_state" cannot reach the default case. +Error: DEADCODE (CWE-561): [#def32] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/lib/smb.c:734: assignment: Assigning: "next_state" = "SMB_DONE". +curl-7.60.0/lib/smb.c:773: assignment: Assigning: "next_state" = "SMB_OPEN". +curl-7.60.0/lib/smb.c:779: assignment: Assigning: "next_state" = "SMB_TREE_DISCONNECT". +curl-7.60.0/lib/smb.c:788: assignment: Assigning: "next_state" = "SMB_UPLOAD". +curl-7.60.0/lib/smb.c:795: assignment: Assigning: "next_state" = "SMB_CLOSE". +curl-7.60.0/lib/smb.c:801: assignment: Assigning: "next_state" = "SMB_DOWNLOAD". +curl-7.60.0/lib/smb.c:827: assignment: Assigning: "next_state" = "SMB_CLOSE". +curl-7.60.0/lib/smb.c:834: assignment: Assigning: "next_state" = "(len < 32768) ? SMB_CLOSE : SMB_DOWNLOAD". +curl-7.60.0/lib/smb.c:870: between: When switching on "next_state", the value of "next_state" must be between 2 and 7. +curl-7.60.0/lib/smb.c:870: dead_error_condition: The switch value "next_state" cannot reach the default case. curl-7.60.0/lib/smb.c:896: dead_error_begin: Execution cannot reach this statement: "default:". -# 894| break; -# 895| -# 896|-> default: -# 897| break; -# 898| } +# 894| break; +# 895| +# 896|-> default: +# 897| break; +# 898| } -Error: STRING_OVERFLOW (CWE-120): [#def33] -curl-7.60.0/lib/socks_gssapi.c:51: cond_true: Condition "major_status & (4294901760U /* ((OM_uint32)255UL << 24) | ((OM_uint32)255UL << 16) */)", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:60: cond_true: Condition "!msg_ctx", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:66: cond_true: Condition "maj_stat == 0", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:67: cond_true: Condition "1024UL /* sizeof (buf) */ > len + status_string.length + 1", taking true branch. +Error: STRING_OVERFLOW (CWE-120): [#def33] +curl-7.60.0/lib/socks_gssapi.c:51: cond_true: Condition "major_status & (4294901760U /* ((OM_uint32)255UL << 24) | ((OM_uint32)255UL << 16) */)", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:60: cond_true: Condition "!msg_ctx", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:66: cond_true: Condition "maj_stat == 0", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:67: cond_true: Condition "1024UL /* sizeof (buf) */ > len + status_string.length + 1", taking true branch. curl-7.60.0/lib/socks_gssapi.c:68: fixed_size_dest: You might overrun the 1024-character fixed-size string "buf + len" by copying "status_string.value" without checking the length. -# 66| if(maj_stat == GSS_S_COMPLETE) { -# 67| if(sizeof(buf) > len + status_string.length + 1) { -# 68|-> strcpy(buf + len, (char *) status_string.value); -# 69| len += status_string.length; -# 70| } +# 66| if(maj_stat == GSS_S_COMPLETE) { +# 67| if(sizeof(buf) > len + status_string.length + 1) { +# 68|-> strcpy(buf + len, (char *) status_string.value); +# 69| len += status_string.length; +# 70| } -Error: STRING_OVERFLOW (CWE-120): [#def34] -curl-7.60.0/lib/socks_gssapi.c:51: cond_true: Condition "major_status & (4294901760U /* ((OM_uint32)255UL << 24) | ((OM_uint32)255UL << 16) */)", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:60: cond_true: Condition "!msg_ctx", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:66: cond_true: Condition "maj_stat == 0", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:67: cond_true: Condition "1024UL /* sizeof (buf) */ > len + status_string.length + 1", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:72: break: Breaking from loop. -curl-7.60.0/lib/socks_gssapi.c:75: loop_end: Reached end of loop. -curl-7.60.0/lib/socks_gssapi.c:76: cond_true: Condition "1024UL /* sizeof (buf) */ > len + 3", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:81: cond_true: Condition "!msg_ctx", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:87: cond_true: Condition "maj_stat == 0", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:88: cond_true: Condition "1024UL /* sizeof (buf) */ > len + status_string.length", taking true branch. +Error: STRING_OVERFLOW (CWE-120): [#def34] +curl-7.60.0/lib/socks_gssapi.c:51: cond_true: Condition "major_status & (4294901760U /* ((OM_uint32)255UL << 24) | ((OM_uint32)255UL << 16) */)", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:60: cond_true: Condition "!msg_ctx", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:66: cond_true: Condition "maj_stat == 0", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:67: cond_true: Condition "1024UL /* sizeof (buf) */ > len + status_string.length + 1", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:72: break: Breaking from loop. +curl-7.60.0/lib/socks_gssapi.c:75: loop_end: Reached end of loop. +curl-7.60.0/lib/socks_gssapi.c:76: cond_true: Condition "1024UL /* sizeof (buf) */ > len + 3", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:81: cond_true: Condition "!msg_ctx", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:87: cond_true: Condition "maj_stat == 0", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:88: cond_true: Condition "1024UL /* sizeof (buf) */ > len + status_string.length", taking true branch. curl-7.60.0/lib/socks_gssapi.c:89: fixed_size_dest: You might overrun the 1024-character fixed-size string "buf + len" by copying "status_string.value" without checking the length. -# 87| if(maj_stat == GSS_S_COMPLETE) { -# 88| if(sizeof(buf) > len + status_string.length) -# 89|-> strcpy(buf + len, (char *) status_string.value); -# 90| gss_release_buffer(&min_stat, &status_string); -# 91| break; +# 87| if(maj_stat == GSS_S_COMPLETE) { +# 88| if(sizeof(buf) > len + status_string.length) +# 89|-> strcpy(buf + len, (char *) status_string.value); +# 90| gss_release_buffer(&min_stat, &status_string); +# 91| break; -Error: CLANG_WARNING: [#def35] [warning: defect not occurring in curl-7.29.0-46.el7] +Error: CLANG_WARNING: [#def35] [warning: defect not occurring in curl-7.29.0-46.el7] curl-7.60.0/lib/ssh-libssh.c:1116:15: warning: Null pointer passed as an argument to a 'nonnull' parameter -# (strlen(protop->path) > 1))) { -# ^ ~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_CLOSE:' at line 1615 -# switch(sshc->state) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1616:7: note: Taking false branch -# if(sshc->sftp_file) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1620:7: note: Null pointer value stored to field 'path' -# Curl_safefree(protop->path); -# ^~~~~~~~~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/memdebug.h:184:21: note: expanded from macro 'Curl_safefree' -# do { free((ptr)); (ptr) = NULL;} WHILE_FALSE -# ^~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1620:7: note: Loop condition is false. Exiting loop -curl-7.60.0/lib/memdebug.h:184:3: note: expanded from macro 'Curl_safefree' -# do { free((ptr)); (ptr) = NULL;} WHILE_FALSE -# ^ -curl-7.60.0/lib/ssh-libssh.c:1627:10: note: Left side of '&&' is true -# if(sshc->nextstate != SSH_NO_STATE && -# ^ -curl-7.60.0/lib/ssh-libssh.c:1627:7: note: Taking true branch -# if(sshc->nextstate != SSH_NO_STATE && -# ^ -curl-7.60.0/lib/ssh-libssh.c:1636:7: note: Execution continues on line 1887 -# break; -# ^ -curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true -# } while(!rc && (sshc->state != SSH_STOP)); -# ^ -curl-7.60.0/lib/ssh-libssh.c:1887:19: note: Assuming the condition is true -# } while(!rc && (sshc->state != SSH_STOP)); -# ^~~~~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 -# do { -# ^ -curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_READDIR_BOTTOM:' at line 1412 -# switch(sshc->state) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1421:10: note: Assuming 'result' is 0 -# if(!result) { -# ^~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1421:7: note: Taking true branch -# if(!result) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1424:12: note: Assuming the condition is false -# if(data->set.verbose) { -# ^~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1424:9: note: Taking false branch -# if(data->set.verbose) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1434:7: note: Taking false branch -# if(result) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1439:7: note: Execution continues on line 1887 -# break; -# ^ -curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true -# } while(!rc && (sshc->state != SSH_STOP)); -# ^ -curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 -# do { -# ^ -curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_READDIR:' at line 1273 -# switch(sshc->state) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1275:7: note: Taking false branch -# if(sshc->readdir_attrs) -# ^ -curl-7.60.0/lib/ssh-libssh.c:1279:10: note: Assuming the condition is true -# if(sshc->readdir_attrs) { -# ^~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1279:7: note: Taking true branch -# if(sshc->readdir_attrs) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1284:12: note: Assuming the condition is true -# if(data->set.ftp_list_only) { -# ^~~~~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1284:9: note: Taking true branch -# if(data->set.ftp_list_only) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1288:14: note: Assuming 'tmpLine' is not equal to NULL -# if(tmpLine == NULL) { -# ^~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1288:11: note: Taking false branch -# if(tmpLine == NULL) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1297:14: note: Assuming 'result' is 0 -# if(result) { -# ^~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1297:11: note: Taking false branch -# if(result) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1306:11: note: Taking false branch -# if(data->set.verbose) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1354:7: note: Execution continues on line 1887 -# break; -# ^ -curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true -# } while(!rc && (sshc->state != SSH_STOP)); -# ^ -curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 -# do { -# ^ -curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_UPLOAD_INIT:' at line 1070 -# switch(sshc->state) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1074:10: note: Assuming the condition is false -# if(data->state.resume_from != 0) { -# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1074:7: note: Taking false branch -# if(data->state.resume_from != 0) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1095:10: note: Assuming the condition is true -# if(data->set.ftp_append) -# ^~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1095:7: note: Taking true branch -# if(data->set.ftp_append) -# ^ -curl-7.60.0/lib/ssh-libssh.c:1105:7: note: Taking false branch -# if(sshc->sftp_file) -# ^ -curl-7.60.0/lib/ssh-libssh.c:1110:10: note: Assuming the condition is true -# if(!sshc->sftp_file) { -# ^~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1110:7: note: Taking true branch -# if(!sshc->sftp_file) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1113:14: note: Assuming 'err' is equal to SSH_FX_NO_SUCH_FILE -# if(((err == SSH_FX_NO_SUCH_FILE || err == SSH_FX_FAILURE || -# ^~~~~~~~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1113:41: note: Left side of '||' is true -# if(((err == SSH_FX_NO_SUCH_FILE || err == SSH_FX_FAILURE || -# ^ -curl-7.60.0/lib/ssh-libssh.c:1115:15: note: Assuming the condition is true -# (data->set.ftp_create_missing_dirs && -# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1115:15: note: Left side of '&&' is true -curl-7.60.0/lib/ssh-libssh.c:1116:15: note: Null pointer passed as an argument to a 'nonnull' parameter -# (strlen(protop->path) > 1))) { -# ^ ~~~~~~~~~~~~ -# 1114| err == SSH_FX_NO_SUCH_PATH)) && -# 1115| (data->set.ftp_create_missing_dirs && -# 1116|-> (strlen(protop->path) > 1))) { -# 1117| /* try to create the path remotely */ -# 1118| rc = 0; +# (strlen(protop->path) > 1))) { +# ^ ~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_CLOSE:' at line 1615 +# switch(sshc->state) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1616:7: note: Taking false branch +# if(sshc->sftp_file) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1620:7: note: Null pointer value stored to field 'path' +# Curl_safefree(protop->path); +# ^~~~~~~~~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/memdebug.h:184:21: note: expanded from macro 'Curl_safefree' +# do { free((ptr)); (ptr) = NULL;} WHILE_FALSE +# ^~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1620:7: note: Loop condition is false. Exiting loop +curl-7.60.0/lib/memdebug.h:184:3: note: expanded from macro 'Curl_safefree' +# do { free((ptr)); (ptr) = NULL;} WHILE_FALSE +# ^ +curl-7.60.0/lib/ssh-libssh.c:1627:10: note: Left side of '&&' is true +# if(sshc->nextstate != SSH_NO_STATE && +# ^ +curl-7.60.0/lib/ssh-libssh.c:1627:7: note: Taking true branch +# if(sshc->nextstate != SSH_NO_STATE && +# ^ +curl-7.60.0/lib/ssh-libssh.c:1636:7: note: Execution continues on line 1887 +# break; +# ^ +curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true +# } while(!rc && (sshc->state != SSH_STOP)); +# ^ +curl-7.60.0/lib/ssh-libssh.c:1887:19: note: Assuming the condition is true +# } while(!rc && (sshc->state != SSH_STOP)); +# ^~~~~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 +# do { +# ^ +curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_READDIR_BOTTOM:' at line 1412 +# switch(sshc->state) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1421:10: note: Assuming 'result' is 0 +# if(!result) { +# ^~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1421:7: note: Taking true branch +# if(!result) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1424:12: note: Assuming the condition is false +# if(data->set.verbose) { +# ^~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1424:9: note: Taking false branch +# if(data->set.verbose) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1434:7: note: Taking false branch +# if(result) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1439:7: note: Execution continues on line 1887 +# break; +# ^ +curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true +# } while(!rc && (sshc->state != SSH_STOP)); +# ^ +curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 +# do { +# ^ +curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_READDIR:' at line 1273 +# switch(sshc->state) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1275:7: note: Taking false branch +# if(sshc->readdir_attrs) +# ^ +curl-7.60.0/lib/ssh-libssh.c:1279:10: note: Assuming the condition is true +# if(sshc->readdir_attrs) { +# ^~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1279:7: note: Taking true branch +# if(sshc->readdir_attrs) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1284:12: note: Assuming the condition is true +# if(data->set.ftp_list_only) { +# ^~~~~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1284:9: note: Taking true branch +# if(data->set.ftp_list_only) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1288:14: note: Assuming 'tmpLine' is not equal to NULL +# if(tmpLine == NULL) { +# ^~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1288:11: note: Taking false branch +# if(tmpLine == NULL) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1297:14: note: Assuming 'result' is 0 +# if(result) { +# ^~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1297:11: note: Taking false branch +# if(result) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1306:11: note: Taking false branch +# if(data->set.verbose) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1354:7: note: Execution continues on line 1887 +# break; +# ^ +curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true +# } while(!rc && (sshc->state != SSH_STOP)); +# ^ +curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 +# do { +# ^ +curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_UPLOAD_INIT:' at line 1070 +# switch(sshc->state) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1074:10: note: Assuming the condition is false +# if(data->state.resume_from != 0) { +# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1074:7: note: Taking false branch +# if(data->state.resume_from != 0) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1095:10: note: Assuming the condition is true +# if(data->set.ftp_append) +# ^~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1095:7: note: Taking true branch +# if(data->set.ftp_append) +# ^ +curl-7.60.0/lib/ssh-libssh.c:1105:7: note: Taking false branch +# if(sshc->sftp_file) +# ^ +curl-7.60.0/lib/ssh-libssh.c:1110:10: note: Assuming the condition is true +# if(!sshc->sftp_file) { +# ^~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1110:7: note: Taking true branch +# if(!sshc->sftp_file) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1113:14: note: Assuming 'err' is equal to SSH_FX_NO_SUCH_FILE +# if(((err == SSH_FX_NO_SUCH_FILE || err == SSH_FX_FAILURE || +# ^~~~~~~~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1113:41: note: Left side of '||' is true +# if(((err == SSH_FX_NO_SUCH_FILE || err == SSH_FX_FAILURE || +# ^ +curl-7.60.0/lib/ssh-libssh.c:1115:15: note: Assuming the condition is true +# (data->set.ftp_create_missing_dirs && +# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1115:15: note: Left side of '&&' is true +curl-7.60.0/lib/ssh-libssh.c:1116:15: note: Null pointer passed as an argument to a 'nonnull' parameter +# (strlen(protop->path) > 1))) { +# ^ ~~~~~~~~~~~~ +# 1114| err == SSH_FX_NO_SUCH_PATH)) && +# 1115| (data->set.ftp_create_missing_dirs && +# 1116|-> (strlen(protop->path) > 1))) { +# 1117| /* try to create the path remotely */ +# 1118| rc = 0; -Error: CLANG_WARNING: [#def36] [warning: defect not occurring in curl-7.29.0-46.el7] +Error: CLANG_WARNING: [#def36] [warning: defect not occurring in curl-7.29.0-46.el7] curl-7.60.0/lib/ssh-libssh.c:1208:10: warning: Null pointer passed as an argument to a 'nonnull' parameter -# if(strlen(protop->path) > 1) { -# ^ ~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_CLOSE:' at line 1615 -# switch(sshc->state) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1616:7: note: Taking false branch -# if(sshc->sftp_file) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1620:7: note: Null pointer value stored to field 'path' -# Curl_safefree(protop->path); -# ^~~~~~~~~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/memdebug.h:184:21: note: expanded from macro 'Curl_safefree' -# do { free((ptr)); (ptr) = NULL;} WHILE_FALSE -# ^~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1620:7: note: Loop condition is false. Exiting loop -curl-7.60.0/lib/memdebug.h:184:3: note: expanded from macro 'Curl_safefree' -# do { free((ptr)); (ptr) = NULL;} WHILE_FALSE -# ^ -curl-7.60.0/lib/ssh-libssh.c:1627:10: note: Left side of '&&' is true -# if(sshc->nextstate != SSH_NO_STATE && -# ^ -curl-7.60.0/lib/ssh-libssh.c:1627:7: note: Taking true branch -# if(sshc->nextstate != SSH_NO_STATE && -# ^ -curl-7.60.0/lib/ssh-libssh.c:1636:7: note: Execution continues on line 1887 -# break; -# ^ -curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true -# } while(!rc && (sshc->state != SSH_STOP)); -# ^ -curl-7.60.0/lib/ssh-libssh.c:1887:19: note: Assuming the condition is true -# } while(!rc && (sshc->state != SSH_STOP)); -# ^~~~~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 -# do { -# ^ -curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_READDIR_BOTTOM:' at line 1412 -# switch(sshc->state) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1421:10: note: Assuming 'result' is 0 -# if(!result) { -# ^~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1421:7: note: Taking true branch -# if(!result) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1424:12: note: Assuming the condition is false -# if(data->set.verbose) { -# ^~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1424:9: note: Taking false branch -# if(data->set.verbose) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1434:7: note: Taking false branch -# if(result) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1439:7: note: Execution continues on line 1887 -# break; -# ^ -curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true -# } while(!rc && (sshc->state != SSH_STOP)); -# ^ -curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 -# do { -# ^ -curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_READDIR:' at line 1273 -# switch(sshc->state) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1275:7: note: Taking false branch -# if(sshc->readdir_attrs) -# ^ -curl-7.60.0/lib/ssh-libssh.c:1279:10: note: Assuming the condition is true -# if(sshc->readdir_attrs) { -# ^~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1279:7: note: Taking true branch -# if(sshc->readdir_attrs) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1284:12: note: Assuming the condition is true -# if(data->set.ftp_list_only) { -# ^~~~~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1284:9: note: Taking true branch -# if(data->set.ftp_list_only) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1288:14: note: Assuming 'tmpLine' is not equal to NULL -# if(tmpLine == NULL) { -# ^~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1288:11: note: Taking false branch -# if(tmpLine == NULL) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1297:14: note: Assuming 'result' is 0 -# if(result) { -# ^~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1297:11: note: Taking false branch -# if(result) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1306:11: note: Taking false branch -# if(data->set.verbose) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1354:7: note: Execution continues on line 1887 -# break; -# ^ -curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true -# } while(!rc && (sshc->state != SSH_STOP)); -# ^ -curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 -# do { -# ^ -curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_CREATE_DIRS_INIT:' at line 1207 -# switch(sshc->state) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1208:10: note: Null pointer passed as an argument to a 'nonnull' parameter -# if(strlen(protop->path) > 1) { -# ^ ~~~~~~~~~~~~ -# 1206| -# 1207| case SSH_SFTP_CREATE_DIRS_INIT: -# 1208|-> if(strlen(protop->path) > 1) { -# 1209| sshc->slash_pos = protop->path + 1; /* ignore the leading '/' */ -# 1210| state(conn, SSH_SFTP_CREATE_DIRS); +# if(strlen(protop->path) > 1) { +# ^ ~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_CLOSE:' at line 1615 +# switch(sshc->state) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1616:7: note: Taking false branch +# if(sshc->sftp_file) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1620:7: note: Null pointer value stored to field 'path' +# Curl_safefree(protop->path); +# ^~~~~~~~~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/memdebug.h:184:21: note: expanded from macro 'Curl_safefree' +# do { free((ptr)); (ptr) = NULL;} WHILE_FALSE +# ^~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1620:7: note: Loop condition is false. Exiting loop +curl-7.60.0/lib/memdebug.h:184:3: note: expanded from macro 'Curl_safefree' +# do { free((ptr)); (ptr) = NULL;} WHILE_FALSE +# ^ +curl-7.60.0/lib/ssh-libssh.c:1627:10: note: Left side of '&&' is true +# if(sshc->nextstate != SSH_NO_STATE && +# ^ +curl-7.60.0/lib/ssh-libssh.c:1627:7: note: Taking true branch +# if(sshc->nextstate != SSH_NO_STATE && +# ^ +curl-7.60.0/lib/ssh-libssh.c:1636:7: note: Execution continues on line 1887 +# break; +# ^ +curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true +# } while(!rc && (sshc->state != SSH_STOP)); +# ^ +curl-7.60.0/lib/ssh-libssh.c:1887:19: note: Assuming the condition is true +# } while(!rc && (sshc->state != SSH_STOP)); +# ^~~~~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 +# do { +# ^ +curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_READDIR_BOTTOM:' at line 1412 +# switch(sshc->state) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1421:10: note: Assuming 'result' is 0 +# if(!result) { +# ^~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1421:7: note: Taking true branch +# if(!result) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1424:12: note: Assuming the condition is false +# if(data->set.verbose) { +# ^~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1424:9: note: Taking false branch +# if(data->set.verbose) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1434:7: note: Taking false branch +# if(result) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1439:7: note: Execution continues on line 1887 +# break; +# ^ +curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true +# } while(!rc && (sshc->state != SSH_STOP)); +# ^ +curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 +# do { +# ^ +curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_READDIR:' at line 1273 +# switch(sshc->state) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1275:7: note: Taking false branch +# if(sshc->readdir_attrs) +# ^ +curl-7.60.0/lib/ssh-libssh.c:1279:10: note: Assuming the condition is true +# if(sshc->readdir_attrs) { +# ^~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1279:7: note: Taking true branch +# if(sshc->readdir_attrs) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1284:12: note: Assuming the condition is true +# if(data->set.ftp_list_only) { +# ^~~~~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1284:9: note: Taking true branch +# if(data->set.ftp_list_only) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1288:14: note: Assuming 'tmpLine' is not equal to NULL +# if(tmpLine == NULL) { +# ^~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1288:11: note: Taking false branch +# if(tmpLine == NULL) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1297:14: note: Assuming 'result' is 0 +# if(result) { +# ^~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1297:11: note: Taking false branch +# if(result) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1306:11: note: Taking false branch +# if(data->set.verbose) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1354:7: note: Execution continues on line 1887 +# break; +# ^ +curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true +# } while(!rc && (sshc->state != SSH_STOP)); +# ^ +curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 +# do { +# ^ +curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_CREATE_DIRS_INIT:' at line 1207 +# switch(sshc->state) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1208:10: note: Null pointer passed as an argument to a 'nonnull' parameter +# if(strlen(protop->path) > 1) { +# ^ ~~~~~~~~~~~~ +# 1206| +# 1207| case SSH_SFTP_CREATE_DIRS_INIT: +# 1208|-> if(strlen(protop->path) > 1) { +# 1209| sshc->slash_pos = protop->path + 1; /* ignore the leading '/' */ +# 1210| state(conn, SSH_SFTP_CREATE_DIRS); -Error: FORWARD_NULL (CWE-476): [#def37] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. -curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. -curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. -curl-7.60.0/src/tool_getparam.c:2153: cond_true: Condition "i < argc - 1", taking true branch. -curl-7.60.0/src/tool_getparam.c:2156: cond_false: Condition "result == PARAM_NEXT_OPERATION", taking false branch. -curl-7.60.0/src/tool_getparam.c:2185: else_branch: Reached else branch. -curl-7.60.0/src/tool_getparam.c:2185: cond_true: Condition "!result", taking true branch. -curl-7.60.0/src/tool_getparam.c:2185: cond_true: Condition "passarg", taking true branch. -curl-7.60.0/src/tool_getparam.c:2188: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/src/tool_getparam.c:2195: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:2196: loop: Jumping back to the beginning of the loop. -curl-7.60.0/src/tool_getparam.c:2140: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. -curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. -curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. -curl-7.60.0/src/tool_getparam.c:2153: cond_true: Condition "i < argc - 1", taking true branch. -curl-7.60.0/src/tool_getparam.c:2156: cond_true: Condition "result == PARAM_NEXT_OPERATION", taking true branch. -curl-7.60.0/src/tool_getparam.c:2161: cond_true: Condition "operation->url_list", taking true branch. -curl-7.60.0/src/tool_getparam.c:2161: cond_true: Condition "operation->url_list->url", taking true branch. -curl-7.60.0/src/tool_getparam.c:2164: cond_true: Condition "operation->next", taking true branch. -curl-7.60.0/src/tool_getparam.c:2180: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/src/tool_getparam.c:2182: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:2184: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/src/tool_getparam.c:2186: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:2188: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/src/tool_getparam.c:2195: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:2196: loop: Jumping back to the beginning of the loop. -curl-7.60.0/src/tool_getparam.c:2140: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. -curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. -curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. -curl-7.60.0/src/tool_getparam.c:2153: cond_true: Condition "i < argc - 1", taking true branch. -curl-7.60.0/src/tool_getparam.c:2156: cond_true: Condition "result == PARAM_NEXT_OPERATION", taking true branch. -curl-7.60.0/src/tool_getparam.c:2161: cond_false: Condition "operation->url_list", taking false branch. -curl-7.60.0/src/tool_getparam.c:2183: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:2184: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/src/tool_getparam.c:2186: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:2188: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/src/tool_getparam.c:2195: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:2196: loop: Jumping back to the beginning of the loop. -curl-7.60.0/src/tool_getparam.c:2140: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. -curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. -curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. -curl-7.60.0/src/tool_getparam.c:2153: cond_false: Condition "i < argc - 1", taking false branch. -curl-7.60.0/src/tool_getparam.c:2156: cond_false: Condition "result == PARAM_NEXT_OPERATION", taking false branch. -curl-7.60.0/src/tool_getparam.c:2185: else_branch: Reached else branch. -curl-7.60.0/src/tool_getparam.c:2185: cond_true: Condition "!result", taking true branch. -curl-7.60.0/src/tool_getparam.c:2185: cond_false: Condition "passarg", taking false branch. -curl-7.60.0/src/tool_getparam.c:2186: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:2188: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/src/tool_getparam.c:2195: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:2196: loop: Jumping back to the beginning of the loop. -curl-7.60.0/src/tool_getparam.c:2140: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. -curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. -curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. -curl-7.60.0/src/tool_getparam.c:2153: cond_false: Condition "i < argc - 1", taking false branch. -curl-7.60.0/src/tool_getparam.c:2153: assign_zero: Assigning: "nextarg" = "NULL". -curl-7.60.0/src/tool_getparam.c:2155: var_deref_model: Passing null pointer "nextarg" to "getparameter", which dereferences it. -curl-7.60.0/src/tool_getparam.c:505:3: cond_true: Condition "'-' != flag[0]", taking true branch. -curl-7.60.0/src/tool_getparam.c:512:5: cond_true: Condition "!strncmp(word, "no-", 3)", taking true branch. -curl-7.60.0/src/tool_getparam.c:518:5: cond_true: Condition "j < 221UL /* sizeof (aliases) / sizeof (aliases[0]) */", taking true branch. -curl-7.60.0/src/tool_getparam.c:519:7: cond_true: Condition "curl_strnequal(aliases[j].lname, word, fnam)", taking true branch. -curl-7.60.0/src/tool_getparam.c:522:9: cond_false: Condition "curl_strequal(aliases[j].lname, word)", taking false branch. -curl-7.60.0/src/tool_getparam.c:527:9: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:531:5: loop: Jumping back to the beginning of the loop. -curl-7.60.0/src/tool_getparam.c:518:5: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/src/tool_getparam.c:518:5: cond_true: Condition "j < 221UL /* sizeof (aliases) / sizeof (aliases[0]) */", taking true branch. -curl-7.60.0/src/tool_getparam.c:519:7: cond_true: Condition "curl_strnequal(aliases[j].lname, word, fnam)", taking true branch. -curl-7.60.0/src/tool_getparam.c:522:9: cond_false: Condition "curl_strequal(aliases[j].lname, word)", taking false branch. -curl-7.60.0/src/tool_getparam.c:527:9: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:531:5: loop: Jumping back to the beginning of the loop. -curl-7.60.0/src/tool_getparam.c:518:5: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/src/tool_getparam.c:518:5: cond_true: Condition "j < 221UL /* sizeof (aliases) / sizeof (aliases[0]) */", taking true branch. -curl-7.60.0/src/tool_getparam.c:519:7: cond_true: Condition "curl_strnequal(aliases[j].lname, word, fnam)", taking true branch. -curl-7.60.0/src/tool_getparam.c:522:9: cond_false: Condition "curl_strequal(aliases[j].lname, word)", taking false branch. -curl-7.60.0/src/tool_getparam.c:527:9: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:531:5: loop: Jumping back to the beginning of the loop. -curl-7.60.0/src/tool_getparam.c:518:5: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/src/tool_getparam.c:518:5: cond_true: Condition "j < 221UL /* sizeof (aliases) / sizeof (aliases[0]) */", taking true branch. -curl-7.60.0/src/tool_getparam.c:519:7: cond_true: Condition "curl_strnequal(aliases[j].lname, word, fnam)", taking true branch. -curl-7.60.0/src/tool_getparam.c:522:9: cond_true: Condition "curl_strequal(aliases[j].lname, word)", taking true branch. -curl-7.60.0/src/tool_getparam.c:526:11: break: Breaking from loop. -curl-7.60.0/src/tool_getparam.c:531:5: loop_end: Reached end of loop. -curl-7.60.0/src/tool_getparam.c:532:5: cond_false: Condition "numhits > 1", taking false branch. -curl-7.60.0/src/tool_getparam.c:535:5: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:536:5: cond_false: Condition "hit < 0", taking false branch. -curl-7.60.0/src/tool_getparam.c:538:5: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:539:3: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/src/tool_getparam.c:544:3: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:549:5: cond_false: Condition "!longopt", taking false branch. -curl-7.60.0/src/tool_getparam.c:553:10: else_branch: Reached else branch. -curl-7.60.0/src/tool_getparam.c:558:5: cond_false: Condition "hit < 0", taking false branch. -curl-7.60.0/src/tool_getparam.c:568:5: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:570:5: cond_false: Condition "aliases[hit].desc == ARG_STRING", taking false branch. -curl-7.60.0/src/tool_getparam.c:581:10: else_branch: Reached else branch. -curl-7.60.0/src/tool_getparam.c:581:10: cond_false: Condition "aliases[hit].desc == ARG_NONE", taking false branch. -curl-7.60.0/src/tool_getparam.c:582:7: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:584:5: switch: Switch case value "'*'". -curl-7.60.0/src/tool_getparam.c:585:10: switch_case: Reached case "'*'". -curl-7.60.0/src/tool_getparam.c:586:7: switch: Switch case value "'i'". -curl-7.60.0/src/tool_getparam.c:646:12: switch_case: Reached case "'i'". -curl-7.60.0/src/tool_getparam.c:649:27: deref_parm_in_call: Function "GetSizeParameter" dereferences "nextarg". -curl-7.60.0/src/tool_getparam.c:442:3: deref_parm_in_call: Function "curlx_strtoofft" dereferences "arg". +Error: FORWARD_NULL (CWE-476): [#def37] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. +curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. +curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. +curl-7.60.0/src/tool_getparam.c:2153: cond_true: Condition "i < argc - 1", taking true branch. +curl-7.60.0/src/tool_getparam.c:2156: cond_false: Condition "result == PARAM_NEXT_OPERATION", taking false branch. +curl-7.60.0/src/tool_getparam.c:2185: else_branch: Reached else branch. +curl-7.60.0/src/tool_getparam.c:2185: cond_true: Condition "!result", taking true branch. +curl-7.60.0/src/tool_getparam.c:2185: cond_true: Condition "passarg", taking true branch. +curl-7.60.0/src/tool_getparam.c:2188: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/src/tool_getparam.c:2195: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:2196: loop: Jumping back to the beginning of the loop. +curl-7.60.0/src/tool_getparam.c:2140: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. +curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. +curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. +curl-7.60.0/src/tool_getparam.c:2153: cond_true: Condition "i < argc - 1", taking true branch. +curl-7.60.0/src/tool_getparam.c:2156: cond_true: Condition "result == PARAM_NEXT_OPERATION", taking true branch. +curl-7.60.0/src/tool_getparam.c:2161: cond_true: Condition "operation->url_list", taking true branch. +curl-7.60.0/src/tool_getparam.c:2161: cond_true: Condition "operation->url_list->url", taking true branch. +curl-7.60.0/src/tool_getparam.c:2164: cond_true: Condition "operation->next", taking true branch. +curl-7.60.0/src/tool_getparam.c:2180: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/src/tool_getparam.c:2182: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:2184: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/src/tool_getparam.c:2186: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:2188: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/src/tool_getparam.c:2195: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:2196: loop: Jumping back to the beginning of the loop. +curl-7.60.0/src/tool_getparam.c:2140: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. +curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. +curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. +curl-7.60.0/src/tool_getparam.c:2153: cond_true: Condition "i < argc - 1", taking true branch. +curl-7.60.0/src/tool_getparam.c:2156: cond_true: Condition "result == PARAM_NEXT_OPERATION", taking true branch. +curl-7.60.0/src/tool_getparam.c:2161: cond_false: Condition "operation->url_list", taking false branch. +curl-7.60.0/src/tool_getparam.c:2183: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:2184: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/src/tool_getparam.c:2186: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:2188: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/src/tool_getparam.c:2195: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:2196: loop: Jumping back to the beginning of the loop. +curl-7.60.0/src/tool_getparam.c:2140: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. +curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. +curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. +curl-7.60.0/src/tool_getparam.c:2153: cond_false: Condition "i < argc - 1", taking false branch. +curl-7.60.0/src/tool_getparam.c:2156: cond_false: Condition "result == PARAM_NEXT_OPERATION", taking false branch. +curl-7.60.0/src/tool_getparam.c:2185: else_branch: Reached else branch. +curl-7.60.0/src/tool_getparam.c:2185: cond_true: Condition "!result", taking true branch. +curl-7.60.0/src/tool_getparam.c:2185: cond_false: Condition "passarg", taking false branch. +curl-7.60.0/src/tool_getparam.c:2186: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:2188: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/src/tool_getparam.c:2195: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:2196: loop: Jumping back to the beginning of the loop. +curl-7.60.0/src/tool_getparam.c:2140: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. +curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. +curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. +curl-7.60.0/src/tool_getparam.c:2153: cond_false: Condition "i < argc - 1", taking false branch. +curl-7.60.0/src/tool_getparam.c:2153: assign_zero: Assigning: "nextarg" = "NULL". +curl-7.60.0/src/tool_getparam.c:2155: var_deref_model: Passing null pointer "nextarg" to "getparameter", which dereferences it. +curl-7.60.0/src/tool_getparam.c:505:3: cond_true: Condition "'-' != flag[0]", taking true branch. +curl-7.60.0/src/tool_getparam.c:512:5: cond_true: Condition "!strncmp(word, "no-", 3)", taking true branch. +curl-7.60.0/src/tool_getparam.c:518:5: cond_true: Condition "j < 221UL /* sizeof (aliases) / sizeof (aliases[0]) */", taking true branch. +curl-7.60.0/src/tool_getparam.c:519:7: cond_true: Condition "curl_strnequal(aliases[j].lname, word, fnam)", taking true branch. +curl-7.60.0/src/tool_getparam.c:522:9: cond_false: Condition "curl_strequal(aliases[j].lname, word)", taking false branch. +curl-7.60.0/src/tool_getparam.c:527:9: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:531:5: loop: Jumping back to the beginning of the loop. +curl-7.60.0/src/tool_getparam.c:518:5: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/src/tool_getparam.c:518:5: cond_true: Condition "j < 221UL /* sizeof (aliases) / sizeof (aliases[0]) */", taking true branch. +curl-7.60.0/src/tool_getparam.c:519:7: cond_true: Condition "curl_strnequal(aliases[j].lname, word, fnam)", taking true branch. +curl-7.60.0/src/tool_getparam.c:522:9: cond_false: Condition "curl_strequal(aliases[j].lname, word)", taking false branch. +curl-7.60.0/src/tool_getparam.c:527:9: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:531:5: loop: Jumping back to the beginning of the loop. +curl-7.60.0/src/tool_getparam.c:518:5: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/src/tool_getparam.c:518:5: cond_true: Condition "j < 221UL /* sizeof (aliases) / sizeof (aliases[0]) */", taking true branch. +curl-7.60.0/src/tool_getparam.c:519:7: cond_true: Condition "curl_strnequal(aliases[j].lname, word, fnam)", taking true branch. +curl-7.60.0/src/tool_getparam.c:522:9: cond_false: Condition "curl_strequal(aliases[j].lname, word)", taking false branch. +curl-7.60.0/src/tool_getparam.c:527:9: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:531:5: loop: Jumping back to the beginning of the loop. +curl-7.60.0/src/tool_getparam.c:518:5: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/src/tool_getparam.c:518:5: cond_true: Condition "j < 221UL /* sizeof (aliases) / sizeof (aliases[0]) */", taking true branch. +curl-7.60.0/src/tool_getparam.c:519:7: cond_true: Condition "curl_strnequal(aliases[j].lname, word, fnam)", taking true branch. +curl-7.60.0/src/tool_getparam.c:522:9: cond_true: Condition "curl_strequal(aliases[j].lname, word)", taking true branch. +curl-7.60.0/src/tool_getparam.c:526:11: break: Breaking from loop. +curl-7.60.0/src/tool_getparam.c:531:5: loop_end: Reached end of loop. +curl-7.60.0/src/tool_getparam.c:532:5: cond_false: Condition "numhits > 1", taking false branch. +curl-7.60.0/src/tool_getparam.c:535:5: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:536:5: cond_false: Condition "hit < 0", taking false branch. +curl-7.60.0/src/tool_getparam.c:538:5: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:539:3: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/src/tool_getparam.c:544:3: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:549:5: cond_false: Condition "!longopt", taking false branch. +curl-7.60.0/src/tool_getparam.c:553:10: else_branch: Reached else branch. +curl-7.60.0/src/tool_getparam.c:558:5: cond_false: Condition "hit < 0", taking false branch. +curl-7.60.0/src/tool_getparam.c:568:5: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:570:5: cond_false: Condition "aliases[hit].desc == ARG_STRING", taking false branch. +curl-7.60.0/src/tool_getparam.c:581:10: else_branch: Reached else branch. +curl-7.60.0/src/tool_getparam.c:581:10: cond_false: Condition "aliases[hit].desc == ARG_NONE", taking false branch. +curl-7.60.0/src/tool_getparam.c:582:7: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:584:5: switch: Switch case value "'*'". +curl-7.60.0/src/tool_getparam.c:585:10: switch_case: Reached case "'*'". +curl-7.60.0/src/tool_getparam.c:586:7: switch: Switch case value "'i'". +curl-7.60.0/src/tool_getparam.c:646:12: switch_case: Reached case "'i'". +curl-7.60.0/src/tool_getparam.c:649:27: deref_parm_in_call: Function "GetSizeParameter" dereferences "nextarg". +curl-7.60.0/src/tool_getparam.c:442:3: deref_parm_in_call: Function "curlx_strtoofft" dereferences "arg". curl-7.60.0/lib/strtoofft.c:223:3: deref_parm: Directly dereferencing parameter "str". -# 221| *num = 0; /* clear by default */ -# 222| -# 223|-> while(*str && ISSPACE(*str)) -# 224| str++; -# 225| if('-' == *str) { +# 221| *num = 0; /* clear by default */ +# 222| +# 223|-> while(*str && ISSPACE(*str)) +# 224| str++; +# 225| if('-' == *str) { -Error: STRING_NULL (CWE-170): [#def38] -curl-7.60.0/lib/tftp.c:1110: string_null_argument: Function "recvfrom" does not terminate string "*state->rpacket.data". [Note: The source code implementation of the function has been overridden by a builtin model.] -curl-7.60.0/lib/tftp.c:1116: cond_true: Condition "state->remote_addrlen == 0", taking true branch. -curl-7.60.0/lib/tftp.c:1122: cond_false: Condition "state->rbytes < 4", taking false branch. -curl-7.60.0/lib/tftp.c:1127: else_branch: Reached else branch. -curl-7.60.0/lib/tftp.c:1132: switch: Switch case value "TFTP_EVENT_OACK". -curl-7.60.0/lib/tftp.c:1157: switch_case: Reached case "TFTP_EVENT_OACK". +Error: STRING_NULL (CWE-170): [#def38] +curl-7.60.0/lib/tftp.c:1110: string_null_argument: Function "recvfrom" does not terminate string "*state->rpacket.data". [Note: The source code implementation of the function has been overridden by a builtin model.] +curl-7.60.0/lib/tftp.c:1116: cond_true: Condition "state->remote_addrlen == 0", taking true branch. +curl-7.60.0/lib/tftp.c:1122: cond_false: Condition "state->rbytes < 4", taking false branch. +curl-7.60.0/lib/tftp.c:1127: else_branch: Reached else branch. +curl-7.60.0/lib/tftp.c:1132: switch: Switch case value "TFTP_EVENT_OACK". +curl-7.60.0/lib/tftp.c:1157: switch_case: Reached case "TFTP_EVENT_OACK". curl-7.60.0/lib/tftp.c:1158: string_null: Passing unterminated string "(char const *)state->rpacket.data + 2" to "tftp_parse_option_ack", which expects a null-terminated string. -curl-7.60.0/lib/tftp.c:337:19: var_assign_parm: Assigning: "tmp" = "ptr". They now point to the same thing. -curl-7.60.0/lib/tftp.c:343:3: cond_true: Condition "tmp < ptr + len", taking true branch. -curl-7.60.0/lib/tftp.c:346:5: string_null_sink_lv_call: Passing local "tmp", that points to a parameter, to "tftp_option_get", which expects a null-terminated string. -curl-7.60.0/lib/tftp.c:320:3: cond_false: Condition "loc >= len", taking false branch. -curl-7.60.0/lib/tftp.c:321:5: if_end: End of if statement. -curl-7.60.0/lib/tftp.c:322:3: var_assign_parm: Assigning: "*option" = "buf". -curl-7.60.0/lib/tftp.c:327:3: cond_false: Condition "loc > len", taking false branch. -curl-7.60.0/lib/tftp.c:328:5: if_end: End of if statement. -curl-7.60.0/lib/tftp.c:329:3: string_null_sink_parm_call: Passing parameter "*option" to "strlen" which expects a null-terminated string. -# 1156| break; -# 1157| case TFTP_EVENT_OACK: -# 1158|-> result = tftp_parse_option_ack(state, -# 1159| (const char *)state->rpacket.data + 2, -# 1160| state->rbytes-2); +curl-7.60.0/lib/tftp.c:337:19: var_assign_parm: Assigning: "tmp" = "ptr". They now point to the same thing. +curl-7.60.0/lib/tftp.c:343:3: cond_true: Condition "tmp < ptr + len", taking true branch. +curl-7.60.0/lib/tftp.c:346:5: string_null_sink_lv_call: Passing local "tmp", that points to a parameter, to "tftp_option_get", which expects a null-terminated string. +curl-7.60.0/lib/tftp.c:320:3: cond_false: Condition "loc >= len", taking false branch. +curl-7.60.0/lib/tftp.c:321:5: if_end: End of if statement. +curl-7.60.0/lib/tftp.c:322:3: var_assign_parm: Assigning: "*option" = "buf". +curl-7.60.0/lib/tftp.c:327:3: cond_false: Condition "loc > len", taking false branch. +curl-7.60.0/lib/tftp.c:328:5: if_end: End of if statement. +curl-7.60.0/lib/tftp.c:329:3: string_null_sink_parm_call: Passing parameter "*option" to "strlen" which expects a null-terminated string. +# 1156| break; +# 1157| case TFTP_EVENT_OACK: +# 1158|-> result = tftp_parse_option_ack(state, +# 1159| (const char *)state->rpacket.data + 2, +# 1160| state->rbytes-2); -Error: NEGATIVE_RETURNS (CWE-394): [#def39] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/lib/transfer.c:131: cond_true: Condition "data->req.upload_chunky", taking true branch. -curl-7.60.0/lib/transfer.c:144: cond_false: Condition "nread == 268435456", taking false branch. -curl-7.60.0/lib/transfer.c:148: if_end: End of if statement. -curl-7.60.0/lib/transfer.c:149: cond_false: Condition "nread == 268435457", taking false branch. -curl-7.60.0/lib/transfer.c:170: else_branch: Reached else branch. -curl-7.60.0/lib/transfer.c:170: cond_false: Condition "(size_t)nread > buffersize", taking false branch. -curl-7.60.0/lib/transfer.c:175: if_end: End of if statement. -curl-7.60.0/lib/transfer.c:177: cond_true: Condition "!data->req.forbidchunk", taking true branch. -curl-7.60.0/lib/transfer.c:177: cond_true: Condition "data->req.upload_chunky", taking true branch. -curl-7.60.0/lib/transfer.c:198: cond_true: Condition "data->set.prefer_ascii", taking true branch. -curl-7.60.0/lib/transfer.c:206: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/lib/transfer.c:210: if_end: End of if statement. -curl-7.60.0/lib/transfer.c:211: negative_return_fn: Function "curl_msnprintf(hexbuffer, 11UL, "%x%s", nread, endofline_native)" returns a negative number. -curl-7.60.0/lib/mprintf.c:1023:3: negative_return: Calling "curl_mvsnprintf", which might return a negative value. -curl-7.60.0/lib/mprintf.c:1007:3: cond_false: Condition "retcode != -1", taking false branch. -curl-7.60.0/lib/mprintf.c:1014:3: if_end: End of if statement. -curl-7.60.0/lib/mprintf.c:1007:3: var_tested_neg: Variable "retcode" is negative. -curl-7.60.0/lib/mprintf.c:1015:3: return_negative_variable: Explicitly returning negative variable "retcode". -curl-7.60.0/lib/mprintf.c:1023:3: var_assign: Assigning: "retcode" = "curl_mvsnprintf(buffer, maxlength, format, ap_save)", which might be negative. -curl-7.60.0/lib/mprintf.c:1025:3: return_negative_variable: Explicitly returning negative variable "retcode". -curl-7.60.0/lib/transfer.c:211: var_assign: Assigning: signed variable "hexlen" = "curl_msnprintf". +Error: NEGATIVE_RETURNS (CWE-394): [#def39] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/lib/transfer.c:131: cond_true: Condition "data->req.upload_chunky", taking true branch. +curl-7.60.0/lib/transfer.c:144: cond_false: Condition "nread == 268435456", taking false branch. +curl-7.60.0/lib/transfer.c:148: if_end: End of if statement. +curl-7.60.0/lib/transfer.c:149: cond_false: Condition "nread == 268435457", taking false branch. +curl-7.60.0/lib/transfer.c:170: else_branch: Reached else branch. +curl-7.60.0/lib/transfer.c:170: cond_false: Condition "(size_t)nread > buffersize", taking false branch. +curl-7.60.0/lib/transfer.c:175: if_end: End of if statement. +curl-7.60.0/lib/transfer.c:177: cond_true: Condition "!data->req.forbidchunk", taking true branch. +curl-7.60.0/lib/transfer.c:177: cond_true: Condition "data->req.upload_chunky", taking true branch. +curl-7.60.0/lib/transfer.c:198: cond_true: Condition "data->set.prefer_ascii", taking true branch. +curl-7.60.0/lib/transfer.c:206: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/lib/transfer.c:210: if_end: End of if statement. +curl-7.60.0/lib/transfer.c:211: negative_return_fn: Function "curl_msnprintf(hexbuffer, 11UL, "%x%s", nread, endofline_native)" returns a negative number. +curl-7.60.0/lib/mprintf.c:1023:3: negative_return: Calling "curl_mvsnprintf", which might return a negative value. +curl-7.60.0/lib/mprintf.c:1007:3: cond_false: Condition "retcode != -1", taking false branch. +curl-7.60.0/lib/mprintf.c:1014:3: if_end: End of if statement. +curl-7.60.0/lib/mprintf.c:1007:3: var_tested_neg: Variable "retcode" is negative. +curl-7.60.0/lib/mprintf.c:1015:3: return_negative_variable: Explicitly returning negative variable "retcode". +curl-7.60.0/lib/mprintf.c:1023:3: var_assign: Assigning: "retcode" = "curl_mvsnprintf(buffer, maxlength, format, ap_save)", which might be negative. +curl-7.60.0/lib/mprintf.c:1025:3: return_negative_variable: Explicitly returning negative variable "retcode". +curl-7.60.0/lib/transfer.c:211: var_assign: Assigning: signed variable "hexlen" = "curl_msnprintf". curl-7.60.0/lib/transfer.c:219: negative_returns: "hexlen" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.] -# 217| -# 218| /* copy the prefix to the buffer, leaving out the NUL */ -# 219|-> memcpy(data->req.upload_fromhere, hexbuffer, hexlen); -# 220| -# 221| /* always append ASCII CRLF to the data */ +# 217| +# 218| /* copy the prefix to the buffer, leaving out the NUL */ +# 219|-> memcpy(data->req.upload_fromhere, hexbuffer, hexlen); +# 220| +# 221| /* always append ASCII CRLF to the data */ -Error: CLANG_WARNING: [#def40] [warning: defect not occurring in curl-7.29.0-46.el7] +Error: CLANG_WARNING: [#def40] [warning: defect not occurring in curl-7.29.0-46.el7] curl-7.60.0/lib/url.c: internal warning: child 19172 timed out after 30s -Error: CLANG_WARNING: [#def41] [warning: defect not occurring in curl-7.29.0-46.el7] +Error: CLANG_WARNING: [#def41] [warning: defect not occurring in curl-7.29.0-46.el7] curl-7.60.0/lib/url.c: internal warning: child 31100 timed out after 30s -Error: NEGATIVE_RETURNS (CWE-394): [#def42] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/lib/vauth/ntlm.c:541: cond_true: Condition "!user", taking true branch. -curl-7.60.0/lib/vauth/ntlm.c:544: cond_false: Condition "user", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:550: else_branch: Reached else branch. -curl-7.60.0/lib/vauth/ntlm.c:556: cond_false: Condition "Curl_gethostname(host, 1025UL /* sizeof (host) */)", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:560: else_branch: Reached else branch. -curl-7.60.0/lib/vauth/ntlm.c:565: cond_true: Condition "ntlm->target_info_len", taking true branch. -curl-7.60.0/lib/vauth/ntlm.c:571: cond_false: Condition "result", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:572: if_end: End of if statement. -curl-7.60.0/lib/vauth/ntlm.c:575: cond_false: Condition "result", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:576: if_end: End of if statement. -curl-7.60.0/lib/vauth/ntlm.c:580: cond_false: Condition "result", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:581: if_end: End of if statement. -curl-7.60.0/lib/vauth/ntlm.c:586: cond_false: Condition "result", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:587: if_end: End of if statement. -curl-7.60.0/lib/vauth/ntlm.c:592: cond_false: Condition "result", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:593: if_end: End of if statement. -curl-7.60.0/lib/vauth/ntlm.c:596: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/lib/vauth/ntlm.c:662: if_end: End of if statement. -curl-7.60.0/lib/vauth/ntlm.c:664: cond_true: Condition "unicode", taking true branch. -curl-7.60.0/lib/vauth/ntlm.c:681: negative_return_fn: Function "curl_msnprintf((char *)ntlmbuf, 1024UL, "NTLMSSP%c\3%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c", 0, 0, 0, 0, 24, 0, 24, 0, (int)(lmrespoff & 0xff), (int)((lmrespoff >> 8) & 0xff), 0, 0, (int)(ntresplen & 0xffU), (int)((ntresplen >> 8) & 0xffU), (int)(ntresplen & 0xffU), (int)((ntresplen >> 8) & 0xffU), (int)(ntrespoff & 0xff), (int)((ntrespoff >> 8) & 0xff), 0, 0, (int)(domlen & 0xffUL), (int)((domlen >> 8) & 0xffUL), (int)(domlen & 0xffUL), (int)((domlen >> 8) & 0xffUL), (int)(domoff & 0xffUL), (int)((domoff >> 8) & 0xffUL), 0, 0, (int)(userlen & 0xffUL), (int)((userlen >> 8) & 0xffUL), (int)(userlen & 0xffUL), (int)((userlen >> 8) & 0xffUL), (int)(useroff & 0xffUL), (int)((useroff >> 8) & 0xffUL), 0, 0, (int)(hostlen & 0xffUL), (int)((hostlen >> 8) & 0xffUL), (int)(hostlen & 0xffUL), (int)((hostlen >> 8) & 0xffUL), (int)(hostoff & 0xffUL), (int)((hostoff >> 8) & 0xffUL), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, (int)(ntlm->flags & 0xffU), (int)((ntlm->flags >> 8) & 0xffU), (int)((ntlm->flags >> 16) & 0xffU), (int)((ntlm->flags >> 24) & 0xffU))" returns a negative number. -curl-7.60.0/lib/mprintf.c:1023:3: negative_return: Calling "curl_mvsnprintf", which might return a negative value. -curl-7.60.0/lib/mprintf.c:1007:3: cond_false: Condition "retcode != -1", taking false branch. -curl-7.60.0/lib/mprintf.c:1014:3: if_end: End of if statement. -curl-7.60.0/lib/mprintf.c:1007:3: var_tested_neg: Variable "retcode" is negative. -curl-7.60.0/lib/mprintf.c:1015:3: return_negative_variable: Explicitly returning negative variable "retcode". -curl-7.60.0/lib/mprintf.c:1023:3: var_assign: Assigning: "retcode" = "curl_mvsnprintf(buffer, maxlength, format, ap_save)", which might be negative. -curl-7.60.0/lib/mprintf.c:1025:3: return_negative_variable: Explicitly returning negative variable "retcode". -curl-7.60.0/lib/vauth/ntlm.c:681: var_assign: Assigning: unsigned variable "size" = "curl_msnprintf". -curl-7.60.0/lib/vauth/ntlm.c:768: cond_false: Condition "size < 1000UL /* 1024 - 24 */", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:771: if_end: End of if statement. -curl-7.60.0/lib/vauth/ntlm.c:779: cond_false: Condition "size < 1024 - ntresplen", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:783: if_end: End of if statement. -curl-7.60.0/lib/vauth/ntlm.c:803: cond_false: Condition "size + userlen + domlen + hostlen >= 1024", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:806: if_end: End of if statement. -curl-7.60.0/lib/vauth/ntlm.c:809: cond_true: Condition "unicode", taking true branch. +Error: NEGATIVE_RETURNS (CWE-394): [#def42] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/lib/vauth/ntlm.c:541: cond_true: Condition "!user", taking true branch. +curl-7.60.0/lib/vauth/ntlm.c:544: cond_false: Condition "user", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:550: else_branch: Reached else branch. +curl-7.60.0/lib/vauth/ntlm.c:556: cond_false: Condition "Curl_gethostname(host, 1025UL /* sizeof (host) */)", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:560: else_branch: Reached else branch. +curl-7.60.0/lib/vauth/ntlm.c:565: cond_true: Condition "ntlm->target_info_len", taking true branch. +curl-7.60.0/lib/vauth/ntlm.c:571: cond_false: Condition "result", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:572: if_end: End of if statement. +curl-7.60.0/lib/vauth/ntlm.c:575: cond_false: Condition "result", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:576: if_end: End of if statement. +curl-7.60.0/lib/vauth/ntlm.c:580: cond_false: Condition "result", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:581: if_end: End of if statement. +curl-7.60.0/lib/vauth/ntlm.c:586: cond_false: Condition "result", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:587: if_end: End of if statement. +curl-7.60.0/lib/vauth/ntlm.c:592: cond_false: Condition "result", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:593: if_end: End of if statement. +curl-7.60.0/lib/vauth/ntlm.c:596: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/lib/vauth/ntlm.c:662: if_end: End of if statement. +curl-7.60.0/lib/vauth/ntlm.c:664: cond_true: Condition "unicode", taking true branch. +curl-7.60.0/lib/vauth/ntlm.c:681: negative_return_fn: Function "curl_msnprintf((char *)ntlmbuf, 1024UL, "NTLMSSP%c\3%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c", 0, 0, 0, 0, 24, 0, 24, 0, (int)(lmrespoff & 0xff), (int)((lmrespoff >> 8) & 0xff), 0, 0, (int)(ntresplen & 0xffU), (int)((ntresplen >> 8) & 0xffU), (int)(ntresplen & 0xffU), (int)((ntresplen >> 8) & 0xffU), (int)(ntrespoff & 0xff), (int)((ntrespoff >> 8) & 0xff), 0, 0, (int)(domlen & 0xffUL), (int)((domlen >> 8) & 0xffUL), (int)(domlen & 0xffUL), (int)((domlen >> 8) & 0xffUL), (int)(domoff & 0xffUL), (int)((domoff >> 8) & 0xffUL), 0, 0, (int)(userlen & 0xffUL), (int)((userlen >> 8) & 0xffUL), (int)(userlen & 0xffUL), (int)((userlen >> 8) & 0xffUL), (int)(useroff & 0xffUL), (int)((useroff >> 8) & 0xffUL), 0, 0, (int)(hostlen & 0xffUL), (int)((hostlen >> 8) & 0xffUL), (int)(hostlen & 0xffUL), (int)((hostlen >> 8) & 0xffUL), (int)(hostoff & 0xffUL), (int)((hostoff >> 8) & 0xffUL), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, (int)(ntlm->flags & 0xffU), (int)((ntlm->flags >> 8) & 0xffU), (int)((ntlm->flags >> 16) & 0xffU), (int)((ntlm->flags >> 24) & 0xffU))" returns a negative number. +curl-7.60.0/lib/mprintf.c:1023:3: negative_return: Calling "curl_mvsnprintf", which might return a negative value. +curl-7.60.0/lib/mprintf.c:1007:3: cond_false: Condition "retcode != -1", taking false branch. +curl-7.60.0/lib/mprintf.c:1014:3: if_end: End of if statement. +curl-7.60.0/lib/mprintf.c:1007:3: var_tested_neg: Variable "retcode" is negative. +curl-7.60.0/lib/mprintf.c:1015:3: return_negative_variable: Explicitly returning negative variable "retcode". +curl-7.60.0/lib/mprintf.c:1023:3: var_assign: Assigning: "retcode" = "curl_mvsnprintf(buffer, maxlength, format, ap_save)", which might be negative. +curl-7.60.0/lib/mprintf.c:1025:3: return_negative_variable: Explicitly returning negative variable "retcode". +curl-7.60.0/lib/vauth/ntlm.c:681: var_assign: Assigning: unsigned variable "size" = "curl_msnprintf". +curl-7.60.0/lib/vauth/ntlm.c:768: cond_false: Condition "size < 1000UL /* 1024 - 24 */", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:771: if_end: End of if statement. +curl-7.60.0/lib/vauth/ntlm.c:779: cond_false: Condition "size < 1024 - ntresplen", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:783: if_end: End of if statement. +curl-7.60.0/lib/vauth/ntlm.c:803: cond_false: Condition "size + userlen + domlen + hostlen >= 1024", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:806: if_end: End of if statement. +curl-7.60.0/lib/vauth/ntlm.c:809: cond_true: Condition "unicode", taking true branch. curl-7.60.0/lib/vauth/ntlm.c:810: negative_returns: Using variable "size" as an index to array "ntlmbuf". -# 808| DEBUGASSERT(size == domoff); -# 809| if(unicode) -# 810|-> unicodecpy(&ntlmbuf[size], domain, domlen / 2); -# 811| else -# 812| memcpy(&ntlmbuf[size], domain, domlen); +# 808| DEBUGASSERT(size == domoff); +# 809| if(unicode) +# 810|-> unicodecpy(&ntlmbuf[size], domain, domlen / 2); +# 811| else +# 812| memcpy(&ntlmbuf[size], domain, domlen); -Error: DEADCODE (CWE-561): [#def43] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/lib/vauth/ntlm.c:833: assignment: Assigning: "result" = "((void)data) , CURLE_OK". -curl-7.60.0/lib/vauth/ntlm.c:835: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/vauth/ntlm.c:835: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def43] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/lib/vauth/ntlm.c:833: assignment: Assigning: "result" = "((void)data) , CURLE_OK". +curl-7.60.0/lib/vauth/ntlm.c:835: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/vauth/ntlm.c:835: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/vauth/ntlm.c:836: dead_error_line: Execution cannot reach this statement: "return CURLE_CONV_FAILED;". -# 834| size - domoff); -# 835| if(result) -# 836|-> return CURLE_CONV_FAILED; -# 837| -# 838| /* Return with binary blob encoded into base64 */ +# 834| size - domoff); +# 835| if(result) +# 836|-> return CURLE_CONV_FAILED; +# 837| +# 838| /* Return with binary blob encoded into base64 */ -Error: COMPILER_WARNING: [#def44] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/lib/vtls/openssl.c: scope_hint: In function 'ossl_connect_step1' +Error: COMPILER_WARNING: [#def44] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/lib/vtls/openssl.c: scope_hint: In function 'ossl_connect_step1' curl-7.60.0/lib/vtls/openssl.c:2217:5: warning[-Wdeprecated-declarations]: 'SSLv3_client_method' is deprecated -# req_method = SSLv3_client_method(); -# ^~~~~~~~~~ -/usr/include/openssl/opensslconf.h:42: included_from: Included from here. -/usr/include/openssl/ct.h:13: included_from: Included from here. -/usr/include/openssl/ssl.h:61: included_from: Included from here. -curl-7.60.0/lib/vtls/openssl.c:52: included_from: Included from here. -/usr/include/openssl/ssl.h:1619:1: note: declared here -# DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) /* SSLv3 */ -# ^~~~~~~~~~~~~~~~~~ -# 2215| return CURLE_SSL_CONNECT_ERROR; -# 2216| #endif -# 2217|-> req_method = SSLv3_client_method(); -# 2218| use_sni(FALSE); -# 2219| break; +# req_method = SSLv3_client_method(); +# ^~~~~~~~~~ +/usr/include/openssl/opensslconf.h:42: included_from: Included from here. +/usr/include/openssl/ct.h:13: included_from: Included from here. +/usr/include/openssl/ssl.h:61: included_from: Included from here. +curl-7.60.0/lib/vtls/openssl.c:52: included_from: Included from here. +/usr/include/openssl/ssl.h:1619:1: note: declared here +# DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) /* SSLv3 */ +# ^~~~~~~~~~~~~~~~~~ +# 2215| return CURLE_SSL_CONNECT_ERROR; +# 2216| #endif +# 2217|-> req_method = SSLv3_client_method(); +# 2218| use_sni(FALSE); +# 2219| break; -Error: DEADCODE (CWE-561): [#def45] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/lib/vtls/openssl.c:2214: cond_cannot_single: Condition "ssl_authtype == CURL_TLSAUTH_SRP", taking false branch. Now the value of "ssl_authtype" cannot be equal to 1. -curl-7.60.0/lib/vtls/openssl.c:2309: cannot_single: At condition "ssl_authtype == CURL_TLSAUTH_SRP", the value of "ssl_authtype" cannot be equal to 1. -curl-7.60.0/lib/vtls/openssl.c:2309: dead_error_condition: The condition "ssl_authtype == CURL_TLSAUTH_SRP" cannot be true. +Error: DEADCODE (CWE-561): [#def45] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/lib/vtls/openssl.c:2214: cond_cannot_single: Condition "ssl_authtype == CURL_TLSAUTH_SRP", taking false branch. Now the value of "ssl_authtype" cannot be equal to 1. +curl-7.60.0/lib/vtls/openssl.c:2309: cannot_single: At condition "ssl_authtype == CURL_TLSAUTH_SRP", the value of "ssl_authtype" cannot be equal to 1. +curl-7.60.0/lib/vtls/openssl.c:2309: dead_error_condition: The condition "ssl_authtype == CURL_TLSAUTH_SRP" cannot be true. curl-7.60.0/lib/vtls/openssl.c:2310: dead_error_line: Execution cannot reach this statement: "Curl_infof(data, "Set versi...". -# 2308| #ifdef USE_TLS_SRP -# 2309| if(ssl_authtype == CURL_TLSAUTH_SRP) { -# 2310|-> infof(data, "Set version TLSv1.x for SRP authorisation\n"); -# 2311| } -# 2312| #endif +# 2308| #ifdef USE_TLS_SRP +# 2309| if(ssl_authtype == CURL_TLSAUTH_SRP) { +# 2310|-> infof(data, "Set version TLSv1.x for SRP authorisation\n"); +# 2311| } +# 2312| #endif -Error: DEADCODE (CWE-561): [#def46] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/lib/vtls/openssl.c:2181: equality_cond: Jumping to case "CURL_SSLVERSION_DEFAULT". -curl-7.60.0/lib/vtls/openssl.c:2182: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1". -curl-7.60.0/lib/vtls/openssl.c:2183: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_0". -curl-7.60.0/lib/vtls/openssl.c:2184: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_1". -curl-7.60.0/lib/vtls/openssl.c:2185: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_2". -curl-7.60.0/lib/vtls/openssl.c:2186: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_3". -curl-7.60.0/lib/vtls/openssl.c:2208: equality_cond: Jumping to case "CURL_SSLVERSION_SSLv3". -curl-7.60.0/lib/vtls/openssl.c:2306: intervals: When switching on "ssl_version", the value of "ssl_version" must be in one of the following intervals: {[0,1], [3,7]}. -curl-7.60.0/lib/vtls/openssl.c:2339: dead_error_condition: The switch value "ssl_version" cannot be "CURL_SSLVERSION_SSLv2". +Error: DEADCODE (CWE-561): [#def46] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/lib/vtls/openssl.c:2181: equality_cond: Jumping to case "CURL_SSLVERSION_DEFAULT". +curl-7.60.0/lib/vtls/openssl.c:2182: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1". +curl-7.60.0/lib/vtls/openssl.c:2183: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_0". +curl-7.60.0/lib/vtls/openssl.c:2184: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_1". +curl-7.60.0/lib/vtls/openssl.c:2185: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_2". +curl-7.60.0/lib/vtls/openssl.c:2186: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_3". +curl-7.60.0/lib/vtls/openssl.c:2208: equality_cond: Jumping to case "CURL_SSLVERSION_SSLv3". +curl-7.60.0/lib/vtls/openssl.c:2306: intervals: When switching on "ssl_version", the value of "ssl_version" must be in one of the following intervals: {[0,1], [3,7]}. +curl-7.60.0/lib/vtls/openssl.c:2339: dead_error_condition: The switch value "ssl_version" cannot be "CURL_SSLVERSION_SSLv2". curl-7.60.0/lib/vtls/openssl.c:2339: dead_error_begin: Execution cannot reach this statement: "case CURL_SSLVERSION_SSLv2:". -# 2337| break; -# 2338| -# 2339|-> case CURL_SSLVERSION_SSLv2: -# 2340| #ifndef OPENSSL_NO_SSL2 -# 2341| ctx_options |= SSL_OP_NO_SSLv3; +# 2337| break; +# 2338| +# 2339|-> case CURL_SSLVERSION_SSLv2: +# 2340| #ifndef OPENSSL_NO_SSL2 +# 2341| ctx_options |= SSL_OP_NO_SSLv3; -Error: DEADCODE (CWE-561): [#def47] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/lib/vtls/openssl.c:2181: equality_cond: Jumping to case "CURL_SSLVERSION_DEFAULT". -curl-7.60.0/lib/vtls/openssl.c:2182: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1". -curl-7.60.0/lib/vtls/openssl.c:2183: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_0". -curl-7.60.0/lib/vtls/openssl.c:2184: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_1". -curl-7.60.0/lib/vtls/openssl.c:2185: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_2". -curl-7.60.0/lib/vtls/openssl.c:2186: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_3". -curl-7.60.0/lib/vtls/openssl.c:2208: equality_cond: Jumping to case "CURL_SSLVERSION_SSLv3". -curl-7.60.0/lib/vtls/openssl.c:2306: intervals: When switching on "ssl_version", the value of "ssl_version" must be in one of the following intervals: {[0,1], [3,7]}. -curl-7.60.0/lib/vtls/openssl.c:2306: dead_error_condition: The switch value "ssl_version" cannot reach the default case. +Error: DEADCODE (CWE-561): [#def47] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/lib/vtls/openssl.c:2181: equality_cond: Jumping to case "CURL_SSLVERSION_DEFAULT". +curl-7.60.0/lib/vtls/openssl.c:2182: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1". +curl-7.60.0/lib/vtls/openssl.c:2183: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_0". +curl-7.60.0/lib/vtls/openssl.c:2184: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_1". +curl-7.60.0/lib/vtls/openssl.c:2185: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_2". +curl-7.60.0/lib/vtls/openssl.c:2186: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_3". +curl-7.60.0/lib/vtls/openssl.c:2208: equality_cond: Jumping to case "CURL_SSLVERSION_SSLv3". +curl-7.60.0/lib/vtls/openssl.c:2306: intervals: When switching on "ssl_version", the value of "ssl_version" must be in one of the following intervals: {[0,1], [3,7]}. +curl-7.60.0/lib/vtls/openssl.c:2306: dead_error_condition: The switch value "ssl_version" cannot reach the default case. curl-7.60.0/lib/vtls/openssl.c:2356: dead_error_begin: Execution cannot reach this statement: "default:". -# 2354| #endif -# 2355| -# 2356|-> default: -# 2357| failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); -# 2358| return CURLE_SSL_CONNECT_ERROR; +# 2354| #endif +# 2355| +# 2356|-> default: +# 2357| failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); +# 2358| return CURLE_SSL_CONNECT_ERROR; -Error: TOCTOU (CWE-367): [#def48] -curl-7.60.0/src/tool_dirhie.c:113: cond_false: Condition "!outdup", taking false branch. -curl-7.60.0/src/tool_dirhie.c:114: if_end: End of if statement. -curl-7.60.0/src/tool_dirhie.c:117: cond_false: Condition "!dirbuildup", taking false branch. -curl-7.60.0/src/tool_dirhie.c:120: if_end: End of if statement. -curl-7.60.0/src/tool_dirhie.c:127: cond_true: Condition "tempdir != NULL", taking true branch. -curl-7.60.0/src/tool_dirhie.c:131: cond_true: Condition "tempdir2 != NULL", taking true branch. -curl-7.60.0/src/tool_dirhie.c:133: cond_true: Condition "dlen", taking true branch. -curl-7.60.0/src/tool_dirhie.c:134: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/src/tool_dirhie.c:141: if_end: End of if statement. -curl-7.60.0/src/tool_dirhie.c:142: fs_check_call: Calling function "access" to perform check on "dirbuildup". -curl-7.60.0/src/tool_dirhie.c:142: cond_true: Condition "access(dirbuildup, 0) == -1", taking true branch. +Error: TOCTOU (CWE-367): [#def48] +curl-7.60.0/src/tool_dirhie.c:113: cond_false: Condition "!outdup", taking false branch. +curl-7.60.0/src/tool_dirhie.c:114: if_end: End of if statement. +curl-7.60.0/src/tool_dirhie.c:117: cond_false: Condition "!dirbuildup", taking false branch. +curl-7.60.0/src/tool_dirhie.c:120: if_end: End of if statement. +curl-7.60.0/src/tool_dirhie.c:127: cond_true: Condition "tempdir != NULL", taking true branch. +curl-7.60.0/src/tool_dirhie.c:131: cond_true: Condition "tempdir2 != NULL", taking true branch. +curl-7.60.0/src/tool_dirhie.c:133: cond_true: Condition "dlen", taking true branch. +curl-7.60.0/src/tool_dirhie.c:134: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/src/tool_dirhie.c:141: if_end: End of if statement. +curl-7.60.0/src/tool_dirhie.c:142: fs_check_call: Calling function "access" to perform check on "dirbuildup". +curl-7.60.0/src/tool_dirhie.c:142: cond_true: Condition "access(dirbuildup, 0) == -1", taking true branch. curl-7.60.0/src/tool_dirhie.c:143: toctou: Calling function "mkdir" that uses "dirbuildup" after a check function. This can cause a time-of-check, time-of-use race condition. -# 141| } -# 142| if(access(dirbuildup, F_OK) == -1) { -# 143|-> if(-1 == mkdir(dirbuildup, (mode_t)0000750)) { -# 144| show_dir_errno(errors, dirbuildup); -# 145| result = CURLE_WRITE_ERROR; +# 141| } +# 142| if(access(dirbuildup, F_OK) == -1) { +# 143|-> if(-1 == mkdir(dirbuildup, (mode_t)0000750)) { +# 144| show_dir_errno(errors, dirbuildup); +# 145| result = CURLE_WRITE_ERROR; -Error: COPY_PASTE_ERROR (CWE-398): [#def49] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/tests/python_dependencies/impacket/ntlm.py:595: original: "user.decode" looks like the original copy. +Error: COPY_PASTE_ERROR (CWE-398): [#def49] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/tests/python_dependencies/impacket/ntlm.py:595: original: "user.decode" looks like the original copy. curl-7.60.0/tests/python_dependencies/impacket/ntlm.py:603: copy_paste_error: "user" in "user.decode" looks like a copy-paste error. -curl-7.60.0/tests/python_dependencies/impacket/ntlm.py:603: remediation: Should it say "domain" instead? -# 601| domain.encode('utf-16le') -# 602| except: -# 603|-> domain = user.decode(encoding) -# 604| -# 605| ntlmChallenge = NTLMAuthChallenge(type2) +curl-7.60.0/tests/python_dependencies/impacket/ntlm.py:603: remediation: Should it say "domain" instead? +# 601| domain.encode('utf-16le') +# 602| except: +# 603|-> domain = user.decode(encoding) +# 604| +# 605| ntlmChallenge = NTLMAuthChallenge(type2) -Error: FORWARD_NULL (CWE-476): [#def50] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3504: assign_undefined: Assigning: "readAndX" = "undefined". -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3504: cond_true: Condition "!max_size", taking true branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3505: cond_true: Condition "self._dialects_parameters["Capabilities"] & SMB.CAP_LARGE_READX", taking true branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3505: cond_true: Condition "self._SignatureEnabled === False", taking true branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3505: cond_true: Condition "(self._dialects_parameters["Capabilities"] & SMB.CAP_LARGE_READX) && (self._SignatureEnabled === False)", taking true branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3506: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3508: if_end: End of if statement. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3512: cond_false: Condition "smb_packet === None", taking false branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3523: else_branch: Reached else branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3525: cond_true: Condition "wait_answer", taking true branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3527: cond_true: Condition "1", taking true branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3531: cond_true: Condition "ans.isValidAnswer(SMB.SMB_COM_READ_ANDX)", taking true branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3539: cond_false: Condition "!ans.isMoreData()", taking false branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3540: if_end: End of if statement. +Error: FORWARD_NULL (CWE-476): [#def50] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3504: assign_undefined: Assigning: "readAndX" = "undefined". +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3504: cond_true: Condition "!max_size", taking true branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3505: cond_true: Condition "self._dialects_parameters["Capabilities"] & SMB.CAP_LARGE_READX", taking true branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3505: cond_true: Condition "self._SignatureEnabled === False", taking true branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3505: cond_true: Condition "(self._dialects_parameters["Capabilities"] & SMB.CAP_LARGE_READX) && (self._SignatureEnabled === False)", taking true branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3506: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3508: if_end: End of if statement. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3512: cond_false: Condition "smb_packet === None", taking false branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3523: else_branch: Reached else branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3525: cond_true: Condition "wait_answer", taking true branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3527: cond_true: Condition "1", taking true branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3531: cond_true: Condition "ans.isValidAnswer(SMB.SMB_COM_READ_ANDX)", taking true branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3539: cond_false: Condition "!ans.isMoreData()", taking false branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3540: if_end: End of if statement. curl-7.60.0/tests/python_dependencies/impacket/smb.py:3542: property_access: Accessing a property of null-like value "readAndX". -# 3540| return answer -# 3541| max_size = min(max_size, readAndXParameters['Remaining']) -# 3542|-> readAndX['Parameters']['Offset'] += count # XXX Offset is not important (apparently) -# 3543| else: -# 3544| self.sendSMB(smb) +# 3540| return answer +# 3541| max_size = min(max_size, readAndXParameters['Remaining']) +# 3542|-> readAndX['Parameters']['Offset'] += count # XXX Offset is not important (apparently) +# 3543| else: +# 3544| self.sendSMB(smb) -Error: IDENTICAL_BRANCHES: [#def51] [warning: defect not occurring in curl-7.29.0-46.el7] +Error: IDENTICAL_BRANCHES: [#def51] [warning: defect not occurring in curl-7.29.0-46.el7] curl-7.60.0/tests/python_dependencies/impacket/smb.py:3775: identical_branches: Ternary expression on condition "self.__flags2 & SMB.FLAGS2_UNICODE" has identical then and else expressions: """". Should one of the expressions be modified, or the entire ternary expression replaced? -# 3773| findFirstParameter['InformationLevel'] = SMB_FIND_FILE_BOTH_DIRECTORY_INFO -# 3774| findFirstParameter['SearchStorageType'] = 0 -# 3775|-> findFirstParameter['FileName'] = path + ('\x00\x00' if self.__flags2 & SMB.FLAGS2_UNICODE else '\x00') -# 3776| self.send_trans2(tid, SMB.TRANS2_FIND_FIRST2, '\x00', findFirstParameter, '') -# 3777| files = [ ] +# 3773| findFirstParameter['InformationLevel'] = SMB_FIND_FILE_BOTH_DIRECTORY_INFO +# 3774| findFirstParameter['SearchStorageType'] = 0 +# 3775|-> findFirstParameter['FileName'] = path + ('\x00\x00' if self.__flags2 & SMB.FLAGS2_UNICODE else '\x00') +# 3776| self.send_trans2(tid, SMB.TRANS2_FIND_FIRST2, '\x00', findFirstParameter, '') +# 3777| files = [ ] -Error: IDENTICAL_BRANCHES: [#def52] [warning: defect not occurring in curl-7.29.0-46.el7] +Error: IDENTICAL_BRANCHES: [#def52] [warning: defect not occurring in curl-7.29.0-46.el7] curl-7.60.0/tests/python_dependencies/impacket/smb.py:3818: identical_branches: Ternary expression on condition "self.__flags2 & SMB.FLAGS2_UNICODE" has identical then and else expressions: """". Should one of the expressions be modified, or the entire ternary expression replaced? -# 3816| findNextParameter['ResumeKey'] = 0 -# 3817| findNextParameter['Flags'] = SMB_FIND_RETURN_RESUME_KEYS | SMB_FIND_CLOSE_AT_EOS -# 3818|-> findNextParameter['FileName'] = resume_filename + ('\x00\x00' if self.__flags2 & SMB.FLAGS2_UNICODE else '\x00') -# 3819| self.send_trans2(tid, SMB.TRANS2_FIND_NEXT2, '\x00', findNextParameter, '') -# 3820| findData = '' +# 3816| findNextParameter['ResumeKey'] = 0 +# 3817| findNextParameter['Flags'] = SMB_FIND_RETURN_RESUME_KEYS | SMB_FIND_CLOSE_AT_EOS +# 3818|-> findNextParameter['FileName'] = resume_filename + ('\x00\x00' if self.__flags2 & SMB.FLAGS2_UNICODE else '\x00') +# 3819| self.send_trans2(tid, SMB.TRANS2_FIND_NEXT2, '\x00', findNextParameter, '') +# 3820| findData = '' -Error: FORWARD_NULL (CWE-476): [#def53] [warning: defect not occurring in curl-7.29.0-46.el7] -curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2066: assign_undefined: Assigning: "mode" = "undefined". -curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2077: cond_false: Condition "connData["ConnectedShares"].has_key(recvPacket["Tid"])", taking false branch. -curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2085: else_branch: Reached else branch. -curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2087: cond_true: Condition "errorCode == STATUS_SUCCESS", taking true branch. -curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2090: cond_true: Condition "len(connData["OpenedFiles"]) == 0", taking true branch. -curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2091: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2093: if_end: End of if statement. +Error: FORWARD_NULL (CWE-476): [#def53] [warning: defect not occurring in curl-7.29.0-46.el7] +curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2066: assign_undefined: Assigning: "mode" = "undefined". +curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2077: cond_false: Condition "connData["ConnectedShares"].has_key(recvPacket["Tid"])", taking false branch. +curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2085: else_branch: Reached else branch. +curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2087: cond_true: Condition "errorCode == STATUS_SUCCESS", taking true branch. +curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2090: cond_true: Condition "len(connData["OpenedFiles"]) == 0", taking true branch. +curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2091: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2093: if_end: End of if statement. curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2095: invalid_operation: Invalid operation on null-like value "mode". -# 2093| fid = connData['OpenedFiles'].keys()[-1] + 1 -# 2094| respParameters['Fid'] = fid -# 2095|-> if mode & os.O_CREAT: -# 2096| # File did not exist and was created -# 2097| respParameters['Action'] = 0x2 +# 2093| fid = connData['OpenedFiles'].keys()[-1] + 1 +# 2094| respParameters['Fid'] = fid +# 2095|-> if mode & os.O_CREAT: +# 2096| # File did not exist and was created +# 2097| respParameters['Action'] = 0x2Scan Properties
--
- analyzer-version-clang 6.0.0 - analyzer-version-coverity 2017.07-SP2 - analyzer-version-cppcheck 1.80 - analyzer-version-gcc 8.1.1 - analyzer-version-shellcheck 0.4.7 - cov-compilation-unit-count 193 - cov-compilation-unit-ratio 100 - cov-lines-processed 174359 - cov-time-elapsed-analysis 00:01:55 - diffbase-cov-compilation-unit-count 149 - diffbase-cov-compilation-unit-ratio 100 - exit-code 0 - host cov01.lab.eng.brq.redhat.com - mock-config rhel-8.0-x86_64 - project-name curl-7.60.0-1.el8+7 - store-results-to /tmp/tmpteasee/curl-7.60.0-1.el8+7.tar.xz - time-created 2018-06-28 01:26:37 - time-finished 2018-06-28 01:47:28 - tool csmock - tool-args '/usr/bin/csmock' '-t' 'cppcheck,gcc,shellcheck,clang,coverity' '-o' '/tmp/tmpteasee/curl-7.60.0-1.el8+7.tar.xz' '-r' 'rhel-8.0-x86_64' '--cov-analyze-java' '--cov-analyze-opts=--security --concurrency' '--cov-use-version' 'cov-sa-2017.07' '--cov-fs-capture' '--use-host-cppcheck' '/tmp/tmpteasee/curl-7.60.0-1.el8+7.src.rpm' + tool-version csmock-2.1.1.20180627.142826.g96a4a75-1.el6 +
diff --git a/tests/cshtml/0002-cwe-names/scan-results.html b/tests/cshtml/0002-cwe-names/scan-results.html index 318b77e1..6d07033f 100644 --- a/tests/cshtml/0002-cwe-names/scan-results.html +++ b/tests/cshtml/0002-cwe-names/scan-results.html @@ -1,1431 +1,1448 @@ -+ analyzer-version-clang 6.0.0 + analyzer-version-coverity 2017.07-SP2 + analyzer-version-cppcheck 1.80 + analyzer-version-gcc 8.1.1 + analyzer-version-shellcheck 0.4.7 + cov-compilation-unit-count 193 + cov-compilation-unit-ratio 100 + cov-lines-processed 174359 + cov-time-elapsed-analysis 00:01:55 + diffbase-cov-compilation-unit-count 149 + diffbase-cov-compilation-unit-ratio 100 + exit-code 0 + host cov01.lab.eng.brq.redhat.com + mock-config rhel-8.0-x86_64 + project-name curl-7.60.0-1.el8+7 + store-results-to /tmp/tmpteasee/curl-7.60.0-1.el8+7.tar.xz + time-created 2018-06-28 01:26:37 + time-finished 2018-06-28 01:47:28 + tool csmock + tool-args '/usr/bin/csmock' '-t' 'cppcheck,gcc,shellcheck,clang,coverity' '-o' '/tmp/tmpteasee/curl-7.60.0-1.el8+7.tar.xz' '-r' 'rhel-8.0-x86_64' '--cov-analyze-java' '--cov-analyze-opts=--security --concurrency' '--cov-use-version' 'cov-sa-2017.07' '--cov-fs-capture' '--use-host-cppcheck' '/tmp/tmpteasee/curl-7.60.0-1.el8+7.src.rpm' tool-version csmock-2.1.1.20180627.142826.g96a4a75-1.el6 curl-7.60.0-1.el8+7 - + +curl-7.60.0-1.el8+7 + + +curl-7.60.0-1.el8+7
List of Defects
--Error: SHELLCHECK_WARNING: [#def1] ++Error: SHELLCHECK_WARNING: [#def1] /usr/bin/curl-config:25:1: warning[SC2034]: exec_prefix appears unused. Verify it or export it. -# 23| -# 24| prefix=/usr -# 25|-> exec_prefix=/usr -# 26| includedir=/usr/include -# 27| cppflag_curl_staticlib= +# 23| +# 24| prefix=/usr +# 25|-> exec_prefix=/usr +# 26| includedir=/usr/include +# 27| cppflag_curl_staticlib= -Error: SHELLCHECK_WARNING: [#def2] +Error: SHELLCHECK_WARNING: [#def2] /usr/bin/curl-config:26:1: warning[SC2034]: includedir appears unused. Verify it or export it. -# 24| prefix=/usr -# 25| exec_prefix=/usr -# 26|-> includedir=/usr/include -# 27| cppflag_curl_staticlib= -# 28| +# 24| prefix=/usr +# 25| exec_prefix=/usr +# 26|-> includedir=/usr/include +# 27| cppflag_curl_staticlib= +# 28| -Error: SHELLCHECK_WARNING: [#def3] +Error: SHELLCHECK_WARNING: [#def3] /usr/bin/curl-config:66:8: warning[SC2034]: value appears unused. Verify it or export it. -# 64| # [not currently used] -# 65| -*=*) value=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; -# 66|-> *) value= ;; -# 67| esac -# 68| +# 64| # [not currently used] +# 65| -*=*) value=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; +# 66|-> *) value= ;; +# 67| esac +# 68| -Error: SHELLCHECK_WARNING: [#def4] +Error: SHELLCHECK_WARNING: [#def4] /usr/bin/curl-config:146:14: warning[SC2039]: In POSIX sh, echo flags are undefined. -# 144| -# 145| --libs) -# 146|-> echo -lcurl -# 147| ;; -# 148| --ssl-backends) +# 144| +# 145| --libs) +# 146|-> echo -lcurl +# 147| ;; +# 148| --ssl-backends) -Error: DEADCODE (CWE-561): [#def5] -curl-7.60.0/lib/base64.c:183: assignment: Assigning: "convbuf" = "NULL". -curl-7.60.0/lib/base64.c:213: null: At condition "convbuf", the value of "convbuf" must be "NULL". -curl-7.60.0/lib/base64.c:213: dead_error_condition: The condition "convbuf" cannot be true. -curl-7.60.0/lib/base64.c:214: dead_error_line: Execution cannot reach this statement: "indata = (char *)convbuf;". +Error: DEADCODE (CWE-561): [#def5] +curl-7.60.0/lib/base64.c:183: assignment: Assigning: "convbuf" = "NULL". +curl-7.60.0/lib/base64.c:213: null: At condition "convbuf", the value of "convbuf" must be "NULL". +curl-7.60.0/lib/base64.c:213: dead_error_condition: The condition "convbuf" cannot be true. +curl-7.60.0/lib/base64.c:214: dead_error_line: Execution cannot reach this statement: "indata = (char *)convbuf;". curl-7.60.0/lib/base64.c:214: effectively_constant: Local variable "convbuf" is assigned only once, to a constant value, making it effectively constant throughout its scope. If this is not the intent, examine the logic to see if there is a missing assignment that would make "convbuf" not remain constant. -# 212| -# 213| if(convbuf) -# 214|-> indata = (char *)convbuf; -# 215| -# 216| while(insize > 0) { +# 212| +# 213| if(convbuf) +# 214|-> indata = (char *)convbuf; +# 215| +# 216| while(insize > 0) { -Error: OVERRUN (CWE-119): [#def6] -curl-7.60.0/lib/connect.c:1353: cond_true: Condition "!addr", taking true branch. -curl-7.60.0/lib/connect.c:1367: cond_true: Condition "conn->socktype == SOCK_DGRAM", taking true branch. -curl-7.60.0/lib/connect.c:1370: cond_true: Condition "addr->addrlen > 128UL /* sizeof (struct Curl_sockaddr_storage) */", taking true branch. -curl-7.60.0/lib/connect.c:1371: assignment: Assigning: "addr->addrlen" = "128U". +Error: OVERRUN (CWE-119): [#def6] +curl-7.60.0/lib/connect.c:1353: cond_true: Condition "!addr", taking true branch. +curl-7.60.0/lib/connect.c:1367: cond_true: Condition "conn->socktype == SOCK_DGRAM", taking true branch. +curl-7.60.0/lib/connect.c:1370: cond_true: Condition "addr->addrlen > 128UL /* sizeof (struct Curl_sockaddr_storage) */", taking true branch. +curl-7.60.0/lib/connect.c:1371: assignment: Assigning: "addr->addrlen" = "128U". curl-7.60.0/lib/connect.c:1372: overrun-buffer-arg: Overrunning struct type sockaddr of 16 bytes by passing it to a function which accesses it at byte offset 127 using argument "addr->addrlen" (which evaluates to 128). [Note: The source code implementation of the function has been overridden by a builtin model.] -# 1370| if(addr->addrlen > sizeof(struct Curl_sockaddr_storage)) -# 1371| addr->addrlen = sizeof(struct Curl_sockaddr_storage); -# 1372|-> memcpy(&addr->sa_addr, ai->ai_addr, addr->addrlen); -# 1373| -# 1374| if(data->set.fopensocket) { +# 1370| if(addr->addrlen > sizeof(struct Curl_sockaddr_storage)) +# 1371| addr->addrlen = sizeof(struct Curl_sockaddr_storage); +# 1372|-> memcpy(&addr->sa_addr, ai->ai_addr, addr->addrlen); +# 1373| +# 1374| if(data->set.fopensocket) { -Error: CPPCHECK_WARNING (CWE-456): [#def7] +Error: CPPCHECK_WARNING (CWE-456): [#def7] curl-7.60.0/lib/curl_ntlm_core.c:414: error[uninitvar]: Uninitialized variable: ks -# 412| DES_key_schedule ks; -# 413| -# 414|-> setup_des_key(keys, DESKEY(ks)); -# 415| DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results, -# 416| DESKEY(ks), DES_ENCRYPT); +# 412| DES_key_schedule ks; +# 413| +# 414|-> setup_des_key(keys, DESKEY(ks)); +# 415| DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results, +# 416| DESKEY(ks), DES_ENCRYPT); -Error: DEADCODE (CWE-561): [#def8] -curl-7.60.0/lib/curl_ntlm_core.c:479: assignment: Assigning: "result" = "((void)data) , CURLE_OK". -curl-7.60.0/lib/curl_ntlm_core.c:480: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/curl_ntlm_core.c:480: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def8] +curl-7.60.0/lib/curl_ntlm_core.c:479: assignment: Assigning: "result" = "((void)data) , CURLE_OK". +curl-7.60.0/lib/curl_ntlm_core.c:480: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/curl_ntlm_core.c:480: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/curl_ntlm_core.c:481: dead_error_line: Execution cannot reach this statement: "return result;". -# 479| result = Curl_convert_to_network(data, (char *)pw, 14); -# 480| if(result) -# 481|-> return result; -# 482| -# 483| { +# 479| result = Curl_convert_to_network(data, (char *)pw, 14); +# 480| if(result) +# 481|-> return result; +# 482| +# 483| { -Error: CPPCHECK_WARNING (CWE-456): [#def9] +Error: CPPCHECK_WARNING (CWE-456): [#def9] curl-7.60.0/lib/curl_ntlm_core.c:489: error[uninitvar]: Uninitialized variable: ks -# 487| DES_key_schedule ks; -# 488| -# 489|-> setup_des_key(pw, DESKEY(ks)); -# 490| DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer, -# 491| DESKEY(ks), DES_ENCRYPT); +# 487| DES_key_schedule ks; +# 488| +# 489|-> setup_des_key(pw, DESKEY(ks)); +# 490| DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer, +# 491| DESKEY(ks), DES_ENCRYPT); -Error: DEADCODE (CWE-561): [#def10] -curl-7.60.0/lib/curl_ntlm_core.c:571: assignment: Assigning: "result" = "((void)data) , CURLE_OK". -curl-7.60.0/lib/curl_ntlm_core.c:572: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/curl_ntlm_core.c:572: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def10] +curl-7.60.0/lib/curl_ntlm_core.c:571: assignment: Assigning: "result" = "((void)data) , CURLE_OK". +curl-7.60.0/lib/curl_ntlm_core.c:572: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/curl_ntlm_core.c:572: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/curl_ntlm_core.c:573: dead_error_line: Execution cannot reach this statement: "return result;". -# 571| result = Curl_convert_to_network(data, (char *)pw, len * 2); -# 572| if(result) -# 573|-> return result; -# 574| -# 575| { +# 571| result = Curl_convert_to_network(data, (char *)pw, len * 2); +# 572| if(result) +# 573|-> return result; +# 574| +# 575| { -Error: TAINTED_STRING (CWE-20): [#def11] -curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_socket != -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_pid", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:131: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:142: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:144: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:146: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:147: tainted_string_return_content: "getenv" returns tainted string content. -curl-7.60.0/lib/curl_ntlm_wb.c:147: var_assign: Assigning: "username" = "getenv("USER")", which taints "username". -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_false: Condition "!username", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_false: Condition "!username[0]", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:153: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_false: Condition "!username", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_false: Condition "!username[0]", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:156: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:159: cond_true: Condition "slash", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:160: tainted_data_transitive: Call to function "strdup" with tainted argument "username" returns tainted data. -curl-7.60.0/lib/curl_ntlm_wb.c:160: var_assign: Assigning: "domain" = "strdup(username)", which taints "domain". -curl-7.60.0/lib/curl_ntlm_wb.c:161: cond_false: Condition "!domain", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:162: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:180: cond_false: Condition "access(ntlm_auth, 1) != 0", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:184: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:186: cond_false: Condition "socketpair(1, SOCK_STREAM, 0, sockfds)", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:190: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:193: cond_false: Condition "child_pid == -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:200: else_branch: Reached else branch. -curl-7.60.0/lib/curl_ntlm_wb.c:200: cond_true: Condition "!child_pid", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:207: cond_false: Condition "dup2(sockfds[1], 0) == -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:211: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:213: cond_false: Condition "dup2(sockfds[1], 1) == -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:217: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:219: cond_true: Condition "domain", taking true branch. +Error: TAINTED_STRING (CWE-20): [#def11] +curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_socket != -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_pid", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:131: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:142: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:144: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:146: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:147: tainted_string_return_content: "getenv" returns tainted string content. +curl-7.60.0/lib/curl_ntlm_wb.c:147: var_assign: Assigning: "username" = "getenv("USER")", which taints "username". +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_false: Condition "!username", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_false: Condition "!username[0]", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:153: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_false: Condition "!username", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_false: Condition "!username[0]", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:156: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:159: cond_true: Condition "slash", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:160: tainted_data_transitive: Call to function "strdup" with tainted argument "username" returns tainted data. +curl-7.60.0/lib/curl_ntlm_wb.c:160: var_assign: Assigning: "domain" = "strdup(username)", which taints "domain". +curl-7.60.0/lib/curl_ntlm_wb.c:161: cond_false: Condition "!domain", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:162: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:180: cond_false: Condition "access(ntlm_auth, 1) != 0", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:184: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:186: cond_false: Condition "socketpair(1, SOCK_STREAM, 0, sockfds)", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:190: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:193: cond_false: Condition "child_pid == -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:200: else_branch: Reached else branch. +curl-7.60.0/lib/curl_ntlm_wb.c:200: cond_true: Condition "!child_pid", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:207: cond_false: Condition "dup2(sockfds[1], 0) == -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:211: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:213: cond_false: Condition "dup2(sockfds[1], 1) == -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:217: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:219: cond_true: Condition "domain", taking true branch. curl-7.60.0/lib/curl_ntlm_wb.c:220: tainted_string: Passing tainted string "domain" to "execl", which cannot accept tainted data. -# 218| -# 219| if(domain) -# 220|-> execl(ntlm_auth, ntlm_auth, -# 221| "--helper-protocol", "ntlmssp-client-1", -# 222| "--use-cached-creds", +# 218| +# 219| if(domain) +# 220|-> execl(ntlm_auth, ntlm_auth, +# 221| "--helper-protocol", "ntlmssp-client-1", +# 222| "--use-cached-creds", -Error: TAINTED_STRING (CWE-20): [#def12] -curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_socket != -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_pid", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:131: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:142: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:144: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:146: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:147: tainted_string_return_content: "getenv" returns tainted string content. -curl-7.60.0/lib/curl_ntlm_wb.c:147: var_assign: Assigning: "username" = "getenv("USER")", which taints "username". -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_false: Condition "!username", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_false: Condition "!username[0]", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:153: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_false: Condition "!username", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_false: Condition "!username[0]", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:156: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:159: cond_true: Condition "slash", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:161: cond_false: Condition "!domain", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:162: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:165: var_assign_var: Assigning: "username" = "username + (slash - domain) + 1". Both are now tainted. -curl-7.60.0/lib/curl_ntlm_wb.c:180: cond_false: Condition "access(ntlm_auth, 1) != 0", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:184: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:186: cond_false: Condition "socketpair(1, SOCK_STREAM, 0, sockfds)", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:190: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:193: cond_false: Condition "child_pid == -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:200: else_branch: Reached else branch. -curl-7.60.0/lib/curl_ntlm_wb.c:200: cond_true: Condition "!child_pid", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:207: cond_false: Condition "dup2(sockfds[1], 0) == -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:211: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:213: cond_false: Condition "dup2(sockfds[1], 1) == -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:217: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:219: cond_true: Condition "domain", taking true branch. +Error: TAINTED_STRING (CWE-20): [#def12] +curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_socket != -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_pid", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:131: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:142: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:144: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:146: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:147: tainted_string_return_content: "getenv" returns tainted string content. +curl-7.60.0/lib/curl_ntlm_wb.c:147: var_assign: Assigning: "username" = "getenv("USER")", which taints "username". +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_false: Condition "!username", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_false: Condition "!username[0]", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:153: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_false: Condition "!username", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_false: Condition "!username[0]", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:156: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:159: cond_true: Condition "slash", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:161: cond_false: Condition "!domain", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:162: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:165: var_assign_var: Assigning: "username" = "username + (slash - domain) + 1". Both are now tainted. +curl-7.60.0/lib/curl_ntlm_wb.c:180: cond_false: Condition "access(ntlm_auth, 1) != 0", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:184: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:186: cond_false: Condition "socketpair(1, SOCK_STREAM, 0, sockfds)", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:190: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:193: cond_false: Condition "child_pid == -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:200: else_branch: Reached else branch. +curl-7.60.0/lib/curl_ntlm_wb.c:200: cond_true: Condition "!child_pid", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:207: cond_false: Condition "dup2(sockfds[1], 0) == -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:211: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:213: cond_false: Condition "dup2(sockfds[1], 1) == -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:217: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:219: cond_true: Condition "domain", taking true branch. curl-7.60.0/lib/curl_ntlm_wb.c:220: tainted_string: Passing tainted string "username" to "execl", which cannot accept tainted data. -# 218| -# 219| if(domain) -# 220|-> execl(ntlm_auth, ntlm_auth, -# 221| "--helper-protocol", "ntlmssp-client-1", -# 222| "--use-cached-creds", +# 218| +# 219| if(domain) +# 220|-> execl(ntlm_auth, ntlm_auth, +# 221| "--helper-protocol", "ntlmssp-client-1", +# 222| "--use-cached-creds", -Error: TOCTOU (CWE-367): [#def13] -curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_socket != -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_pid", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:131: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:142: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:144: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:146: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "!getpwuid_r(geteuid(), &pw, pwbuf, 1024UL /* sizeof (pwbuf) */, &pw_res)", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "pw_res", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:159: cond_true: Condition "slash", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:161: cond_false: Condition "!domain", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:162: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:180: fs_check_call: Calling function "access" to perform check on "ntlm_auth". -curl-7.60.0/lib/curl_ntlm_wb.c:180: cond_false: Condition "access(ntlm_auth, 1) != 0", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:184: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:186: cond_false: Condition "socketpair(1, SOCK_STREAM, 0, sockfds)", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:190: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:193: cond_false: Condition "child_pid == -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:200: else_branch: Reached else branch. -curl-7.60.0/lib/curl_ntlm_wb.c:200: cond_true: Condition "!child_pid", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:207: cond_true: Condition "dup2(sockfds[1], 0) == -1", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:213: cond_true: Condition "dup2(sockfds[1], 1) == -1", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:219: cond_true: Condition "domain", taking true branch. +Error: TOCTOU (CWE-367): [#def13] +curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_socket != -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_pid", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:131: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:142: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:144: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:146: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "!getpwuid_r(geteuid(), &pw, pwbuf, 1024UL /* sizeof (pwbuf) */, &pw_res)", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "pw_res", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:159: cond_true: Condition "slash", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:161: cond_false: Condition "!domain", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:162: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:180: fs_check_call: Calling function "access" to perform check on "ntlm_auth". +curl-7.60.0/lib/curl_ntlm_wb.c:180: cond_false: Condition "access(ntlm_auth, 1) != 0", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:184: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:186: cond_false: Condition "socketpair(1, SOCK_STREAM, 0, sockfds)", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:190: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:193: cond_false: Condition "child_pid == -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:200: else_branch: Reached else branch. +curl-7.60.0/lib/curl_ntlm_wb.c:200: cond_true: Condition "!child_pid", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:207: cond_true: Condition "dup2(sockfds[1], 0) == -1", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:213: cond_true: Condition "dup2(sockfds[1], 1) == -1", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:219: cond_true: Condition "domain", taking true branch. curl-7.60.0/lib/curl_ntlm_wb.c:220: toctou: Calling function "execl" that uses "ntlm_auth" after a check function. This can cause a time-of-check, time-of-use race condition. -# 218| -# 219| if(domain) -# 220|-> execl(ntlm_auth, ntlm_auth, -# 221| "--helper-protocol", "ntlmssp-client-1", -# 222| "--use-cached-creds", +# 218| +# 219| if(domain) +# 220|-> execl(ntlm_auth, ntlm_auth, +# 221| "--helper-protocol", "ntlmssp-client-1", +# 222| "--use-cached-creds", -Error: TOCTOU (CWE-367): [#def14] -curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_socket != -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_pid", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:131: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:142: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:144: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:146: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "!getpwuid_r(geteuid(), &pw, pwbuf, 1024UL /* sizeof (pwbuf) */, &pw_res)", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "pw_res", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_true: Condition "!username", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:159: cond_false: Condition "slash", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:166: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:180: fs_check_call: Calling function "access" to perform check on "ntlm_auth". -curl-7.60.0/lib/curl_ntlm_wb.c:180: cond_false: Condition "access(ntlm_auth, 1) != 0", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:184: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:186: cond_false: Condition "socketpair(1, SOCK_STREAM, 0, sockfds)", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:190: if_end: End of if statement. -curl-7.60.0/lib/curl_ntlm_wb.c:193: cond_false: Condition "child_pid == -1", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:200: else_branch: Reached else branch. -curl-7.60.0/lib/curl_ntlm_wb.c:200: cond_true: Condition "!child_pid", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:207: cond_true: Condition "dup2(sockfds[1], 0) == -1", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:213: cond_true: Condition "dup2(sockfds[1], 1) == -1", taking true branch. -curl-7.60.0/lib/curl_ntlm_wb.c:219: cond_false: Condition "domain", taking false branch. -curl-7.60.0/lib/curl_ntlm_wb.c:227: else_branch: Reached else branch. +Error: TOCTOU (CWE-367): [#def14] +curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_socket != -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:129: cond_false: Condition "conn->ntlm_auth_hlpr_pid", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:131: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:142: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:144: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:146: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "!getpwuid_r(geteuid(), &pw, pwbuf, 1024UL /* sizeof (pwbuf) */, &pw_res)", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:149: cond_true: Condition "pw_res", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:155: cond_true: Condition "!username", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:159: cond_false: Condition "slash", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:166: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:180: fs_check_call: Calling function "access" to perform check on "ntlm_auth". +curl-7.60.0/lib/curl_ntlm_wb.c:180: cond_false: Condition "access(ntlm_auth, 1) != 0", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:184: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:186: cond_false: Condition "socketpair(1, SOCK_STREAM, 0, sockfds)", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:190: if_end: End of if statement. +curl-7.60.0/lib/curl_ntlm_wb.c:193: cond_false: Condition "child_pid == -1", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:200: else_branch: Reached else branch. +curl-7.60.0/lib/curl_ntlm_wb.c:200: cond_true: Condition "!child_pid", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:207: cond_true: Condition "dup2(sockfds[1], 0) == -1", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:213: cond_true: Condition "dup2(sockfds[1], 1) == -1", taking true branch. +curl-7.60.0/lib/curl_ntlm_wb.c:219: cond_false: Condition "domain", taking false branch. +curl-7.60.0/lib/curl_ntlm_wb.c:227: else_branch: Reached else branch. curl-7.60.0/lib/curl_ntlm_wb.c:227: toctou: Calling function "execl" that uses "ntlm_auth" after a check function. This can cause a time-of-check, time-of-use race condition. -# 225| NULL); -# 226| else -# 227|-> execl(ntlm_auth, ntlm_auth, -# 228| "--helper-protocol", "ntlmssp-client-1", -# 229| "--use-cached-creds", +# 225| NULL); +# 226| else +# 227|-> execl(ntlm_auth, ntlm_auth, +# 228| "--helper-protocol", "ntlmssp-client-1", +# 229| "--use-cached-creds", -Error: CLANG_WARNING: [#def15] +Error: CLANG_WARNING: [#def15] curl-7.60.0/lib/formdata.c: internal warning: child 19175 timed out after 30s -Error: CLANG_WARNING: [#def16] +Error: CLANG_WARNING: [#def16] curl-7.60.0/lib/formdata.c: internal warning: child 31044 timed out after 30s -Error: CLANG_WARNING: [#def17] +Error: CLANG_WARNING: [#def17] curl-7.60.0/lib/ftp.c: internal warning: child 31022 timed out after 30s -Error: DEADCODE (CWE-561): [#def18] -curl-7.60.0/lib/ftp.c:3975: assignment: Assigning: "result" = "((void)conn->data) , CURLE_OK". -curl-7.60.0/lib/ftp.c:3977: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/ftp.c:3977: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def18] +curl-7.60.0/lib/ftp.c:3975: assignment: Assigning: "result" = "((void)conn->data) , CURLE_OK". +curl-7.60.0/lib/ftp.c:3977: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/ftp.c:3977: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/ftp.c:3978: dead_error_line: Execution cannot reach this statement: "return result;". -# 3976| /* Curl_convert_to_network calls failf if unsuccessful */ -# 3977| if(result) -# 3978|-> return result; -# 3979| -# 3980| for(;;) { +# 3976| /* Curl_convert_to_network calls failf if unsuccessful */ +# 3977| if(result) +# 3978|-> return result; +# 3979| +# 3980| for(;;) { -Error: CONSTANT_EXPRESSION_RESULT (CWE-398): [#def19] +Error: CONSTANT_EXPRESSION_RESULT (CWE-398): [#def19] curl-7.60.0/lib/getinfo.c:159: result_independent_of_operands: "data->info.filetime > 9223372036854775807L" is always false regardless of the values of its operands. This occurs as the logical operand of "if". -# 157| break; -# 158| case CURLINFO_FILETIME: -# 159|-> if(data->info.filetime > LONG_MAX) -# 160| *param_longp = LONG_MAX; -# 161| else if(data->info.filetime < LONG_MIN) +# 157| break; +# 158| case CURLINFO_FILETIME: +# 159|-> if(data->info.filetime > LONG_MAX) +# 160| *param_longp = LONG_MAX; +# 161| else if(data->info.filetime < LONG_MIN) -Error: CONSTANT_EXPRESSION_RESULT (CWE-398): [#def20] +Error: CONSTANT_EXPRESSION_RESULT (CWE-398): [#def20] curl-7.60.0/lib/getinfo.c:161: result_independent_of_operands: "data->info.filetime < -9223372036854775808L /* -9223372036854775807L - 1L */" is always false regardless of the values of its operands. This occurs as the logical operand of "if". -# 159| if(data->info.filetime > LONG_MAX) -# 160| *param_longp = LONG_MAX; -# 161|-> else if(data->info.filetime < LONG_MIN) -# 162| *param_longp = LONG_MIN; -# 163| else +# 159| if(data->info.filetime > LONG_MAX) +# 160| *param_longp = LONG_MAX; +# 161|-> else if(data->info.filetime < LONG_MIN) +# 162| *param_longp = LONG_MIN; +# 163| else -Error: DEADCODE (CWE-561): [#def21] -curl-7.60.0/lib/http.c:1086: assignment: Assigning: "result" = "((void)conn->data) , CURLE_OK". -curl-7.60.0/lib/http.c:1088: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/http.c:1088: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def21] +curl-7.60.0/lib/http.c:1086: assignment: Assigning: "result" = "((void)conn->data) , CURLE_OK". +curl-7.60.0/lib/http.c:1088: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/http.c:1088: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/http.c:1090: dead_error_begin: Execution cannot reach this statement: "Curl_add_buffer_free(in);". -# 1088| if(result) { -# 1089| /* conversion failed, free memory and return to the caller */ -# 1090|-> Curl_add_buffer_free(in); -# 1091| return result; -# 1092| } +# 1088| if(result) { +# 1089| /* conversion failed, free memory and return to the caller */ +# 1090|-> Curl_add_buffer_free(in); +# 1091| return result; +# 1092| } -Error: DEADCODE (CWE-561): [#def22] -curl-7.60.0/lib/http.c:3566: assignment: Assigning: "result" = "((void)data) , CURLE_OK". -curl-7.60.0/lib/http.c:3568: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/http.c:3568: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def22] +curl-7.60.0/lib/http.c:3566: assignment: Assigning: "result" = "((void)data) , CURLE_OK". +curl-7.60.0/lib/http.c:3568: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/http.c:3568: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/http.c:3569: dead_error_line: Execution cannot reach this statement: "return result;". -# 3567| /* Curl_convert_from_network calls failf if unsuccessful */ -# 3568| if(result) -# 3569|-> return result; -# 3570| -# 3571| /* Check for Content-Length: header lines to get size */ +# 3567| /* Curl_convert_from_network calls failf if unsuccessful */ +# 3568| if(result) +# 3569|-> return result; +# 3570| +# 3571| /* Check for Content-Length: header lines to get size */ -Error: DEADCODE (CWE-561): [#def23] -curl-7.60.0/lib/http_chunks.c:157: assignment: Assigning: "result" = "((void)conn->data) , CURLE_OK". -curl-7.60.0/lib/http_chunks.c:159: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/http_chunks.c:159: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def23] +curl-7.60.0/lib/http_chunks.c:157: assignment: Assigning: "result" = "((void)conn->data) , CURLE_OK". +curl-7.60.0/lib/http_chunks.c:159: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/http_chunks.c:159: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/http_chunks.c:162: dead_error_line: Execution cannot reach this statement: "return CHUNKE_ILLEGAL_HEX;". -# 160| /* Curl_convert_from_network calls failf if unsuccessful */ -# 161| /* Treat it as a bad hex character */ -# 162|-> return CHUNKE_ILLEGAL_HEX; -# 163| } -# 164| +# 160| /* Curl_convert_from_network calls failf if unsuccessful */ +# 161| /* Treat it as a bad hex character */ +# 162|-> return CHUNKE_ILLEGAL_HEX; +# 163| } +# 164| -Error: DEADCODE (CWE-561): [#def24] -curl-7.60.0/lib/http_chunks.c:237: assignment: Assigning: "result" = "((void)conn->data) , CURLE_OK". -curl-7.60.0/lib/http_chunks.c:239: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/http_chunks.c:239: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def24] +curl-7.60.0/lib/http_chunks.c:237: assignment: Assigning: "result" = "((void)conn->data) , CURLE_OK". +curl-7.60.0/lib/http_chunks.c:239: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/http_chunks.c:239: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/http_chunks.c:242: dead_error_line: Execution cannot reach this statement: "return CHUNKE_BAD_CHUNK;". -# 240| /* Curl_convert_from_network calls failf if unsuccessful */ -# 241| /* Treat it as a bad chunk */ -# 242|-> return CHUNKE_BAD_CHUNK; -# 243| -# 244| if(!data->set.http_te_skip) { +# 240| /* Curl_convert_from_network calls failf if unsuccessful */ +# 241| /* Treat it as a bad chunk */ +# 242|-> return CHUNKE_BAD_CHUNK; +# 243| +# 244| if(!data->set.http_te_skip) { -Error: DEADCODE (CWE-561): [#def25] -curl-7.60.0/lib/http_proxy.c:413: assignment: Assigning: "result" = "((void)data) , CURLE_OK". -curl-7.60.0/lib/http_proxy.c:416: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/http_proxy.c:416: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def25] +curl-7.60.0/lib/http_proxy.c:413: assignment: Assigning: "result" = "((void)data) , CURLE_OK". +curl-7.60.0/lib/http_proxy.c:416: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/http_proxy.c:416: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/http_proxy.c:417: dead_error_line: Execution cannot reach this statement: "return result;". -# 415| /* Curl_convert_from_network calls failf if unsuccessful */ -# 416| if(result) -# 417|-> return result; -# 418| -# 419| /* output debug if that is requested */ +# 415| /* Curl_convert_from_network calls failf if unsuccessful */ +# 416| if(result) +# 417|-> return result; +# 418| +# 419| /* output debug if that is requested */ -Error: CLANG_WARNING: [#def26] +Error: CLANG_WARNING: [#def26] curl-7.60.0/lib/multi.c: internal warning: child 32119 timed out after 30s -Error: FORWARD_NULL (CWE-476): [#def27] -curl-7.60.0/lib/multi.c:959: assign_zero: Assigning: "ufds" = "NULL". -curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi", taking true branch. -curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi->type == 764702", taking true branch. -curl-7.60.0/lib/multi.c:966: if_end: End of if statement. -curl-7.60.0/lib/multi.c:968: cond_false: Condition "multi->in_callback", taking false branch. -curl-7.60.0/lib/multi.c:969: if_end: End of if statement. -curl-7.60.0/lib/multi.c:975: cond_false: Condition "timeout_internal >= 0", taking false branch. -curl-7.60.0/lib/multi.c:976: if_end: End of if statement. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:993: if_end: End of if statement. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. -curl-7.60.0/lib/multi.c:989: if_end: End of if statement. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:993: if_end: End of if statement. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. -curl-7.60.0/lib/multi.c:989: if_end: End of if statement. -curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:993: if_end: End of if statement. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_false: Condition "data", taking false branch. -curl-7.60.0/lib/multi.c:1000: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1005: cond_false: Condition "nfds", taking false branch. -curl-7.60.0/lib/multi.c:1018: if_end: End of if statement. -curl-7.60.0/lib/multi.c:1024: cond_true: Condition "curlfds", taking true branch. -curl-7.60.0/lib/multi.c:1027: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:1030: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:1033: cond_true: Condition "bitmap & (1 << i)", taking true branch. +Error: FORWARD_NULL (CWE-476): [#def27] +curl-7.60.0/lib/multi.c:959: assign_zero: Assigning: "ufds" = "NULL". +curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi", taking true branch. +curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi->type == 764702", taking true branch. +curl-7.60.0/lib/multi.c:966: if_end: End of if statement. +curl-7.60.0/lib/multi.c:968: cond_false: Condition "multi->in_callback", taking false branch. +curl-7.60.0/lib/multi.c:969: if_end: End of if statement. +curl-7.60.0/lib/multi.c:975: cond_false: Condition "timeout_internal >= 0", taking false branch. +curl-7.60.0/lib/multi.c:976: if_end: End of if statement. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:993: if_end: End of if statement. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. +curl-7.60.0/lib/multi.c:989: if_end: End of if statement. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:993: if_end: End of if statement. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. +curl-7.60.0/lib/multi.c:989: if_end: End of if statement. +curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:993: if_end: End of if statement. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_false: Condition "data", taking false branch. +curl-7.60.0/lib/multi.c:1000: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1005: cond_false: Condition "nfds", taking false branch. +curl-7.60.0/lib/multi.c:1018: if_end: End of if statement. +curl-7.60.0/lib/multi.c:1024: cond_true: Condition "curlfds", taking true branch. +curl-7.60.0/lib/multi.c:1027: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:1030: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:1033: cond_true: Condition "bitmap & (1 << i)", taking true branch. curl-7.60.0/lib/multi.c:1034: var_deref_op: Dereferencing null pointer "ufds". -# 1032| -# 1033| if(bitmap & GETSOCK_READSOCK(i)) { -# 1034|-> ufds[nfds].fd = sockbunch[i]; -# 1035| ufds[nfds].events = POLLIN; -# 1036| ++nfds; +# 1032| +# 1033| if(bitmap & GETSOCK_READSOCK(i)) { +# 1034|-> ufds[nfds].fd = sockbunch[i]; +# 1035| ufds[nfds].events = POLLIN; +# 1036| ++nfds; -Error: FORWARD_NULL (CWE-476): [#def28] -curl-7.60.0/lib/multi.c:959: assign_zero: Assigning: "ufds" = "NULL". -curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi", taking true branch. -curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi->type == 764702", taking true branch. -curl-7.60.0/lib/multi.c:966: if_end: End of if statement. -curl-7.60.0/lib/multi.c:968: cond_false: Condition "multi->in_callback", taking false branch. -curl-7.60.0/lib/multi.c:969: if_end: End of if statement. -curl-7.60.0/lib/multi.c:975: cond_false: Condition "timeout_internal >= 0", taking false branch. -curl-7.60.0/lib/multi.c:976: if_end: End of if statement. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:993: if_end: End of if statement. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. -curl-7.60.0/lib/multi.c:989: if_end: End of if statement. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:993: if_end: End of if statement. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. -curl-7.60.0/lib/multi.c:989: if_end: End of if statement. -curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:993: if_end: End of if statement. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_false: Condition "data", taking false branch. -curl-7.60.0/lib/multi.c:1000: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1005: cond_false: Condition "nfds", taking false branch. -curl-7.60.0/lib/multi.c:1018: if_end: End of if statement. -curl-7.60.0/lib/multi.c:1024: cond_true: Condition "curlfds", taking true branch. -curl-7.60.0/lib/multi.c:1027: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:1030: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:1033: cond_false: Condition "bitmap & (1 << i)", taking false branch. -curl-7.60.0/lib/multi.c:1038: if_end: End of if statement. -curl-7.60.0/lib/multi.c:1039: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +Error: FORWARD_NULL (CWE-476): [#def28] +curl-7.60.0/lib/multi.c:959: assign_zero: Assigning: "ufds" = "NULL". +curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi", taking true branch. +curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi->type == 764702", taking true branch. +curl-7.60.0/lib/multi.c:966: if_end: End of if statement. +curl-7.60.0/lib/multi.c:968: cond_false: Condition "multi->in_callback", taking false branch. +curl-7.60.0/lib/multi.c:969: if_end: End of if statement. +curl-7.60.0/lib/multi.c:975: cond_false: Condition "timeout_internal >= 0", taking false branch. +curl-7.60.0/lib/multi.c:976: if_end: End of if statement. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:993: if_end: End of if statement. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. +curl-7.60.0/lib/multi.c:989: if_end: End of if statement. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:993: if_end: End of if statement. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. +curl-7.60.0/lib/multi.c:989: if_end: End of if statement. +curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:993: if_end: End of if statement. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_false: Condition "data", taking false branch. +curl-7.60.0/lib/multi.c:1000: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1005: cond_false: Condition "nfds", taking false branch. +curl-7.60.0/lib/multi.c:1018: if_end: End of if statement. +curl-7.60.0/lib/multi.c:1024: cond_true: Condition "curlfds", taking true branch. +curl-7.60.0/lib/multi.c:1027: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:1030: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:1033: cond_false: Condition "bitmap & (1 << i)", taking false branch. +curl-7.60.0/lib/multi.c:1038: if_end: End of if statement. +curl-7.60.0/lib/multi.c:1039: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. curl-7.60.0/lib/multi.c:1040: var_deref_op: Dereferencing null pointer "ufds". -# 1038| } -# 1039| if(bitmap & GETSOCK_WRITESOCK(i)) { -# 1040|-> ufds[nfds].fd = sockbunch[i]; -# 1041| ufds[nfds].events = POLLOUT; -# 1042| ++nfds; +# 1038| } +# 1039| if(bitmap & GETSOCK_WRITESOCK(i)) { +# 1040|-> ufds[nfds].fd = sockbunch[i]; +# 1041| ufds[nfds].events = POLLOUT; +# 1042| ++nfds; -Error: FORWARD_NULL (CWE-476): [#def29] -curl-7.60.0/lib/multi.c:959: assign_zero: Assigning: "ufds" = "NULL". -curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi", taking true branch. -curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi->type == 764702", taking true branch. -curl-7.60.0/lib/multi.c:966: if_end: End of if statement. -curl-7.60.0/lib/multi.c:968: cond_false: Condition "multi->in_callback", taking false branch. -curl-7.60.0/lib/multi.c:969: if_end: End of if statement. -curl-7.60.0/lib/multi.c:975: cond_false: Condition "timeout_internal >= 0", taking false branch. -curl-7.60.0/lib/multi.c:976: if_end: End of if statement. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:993: if_end: End of if statement. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. -curl-7.60.0/lib/multi.c:989: if_end: End of if statement. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:993: if_end: End of if statement. -curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. -curl-7.60.0/lib/multi.c:996: if_end: End of if statement. -curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. -curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. -curl-7.60.0/lib/multi.c:989: if_end: End of if statement. -curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:993: if_end: End of if statement. -curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:995: break: Breaking from loop. -curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:980: cond_false: Condition "data", taking false branch. -curl-7.60.0/lib/multi.c:1000: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1005: cond_false: Condition "nfds", taking false branch. -curl-7.60.0/lib/multi.c:1018: if_end: End of if statement. -curl-7.60.0/lib/multi.c:1024: cond_true: Condition "curlfds", taking true branch. -curl-7.60.0/lib/multi.c:1027: cond_true: Condition "data", taking true branch. -curl-7.60.0/lib/multi.c:1030: cond_true: Condition "i < 5", taking true branch. -curl-7.60.0/lib/multi.c:1033: cond_false: Condition "bitmap & (1 << i)", taking false branch. -curl-7.60.0/lib/multi.c:1038: if_end: End of if statement. -curl-7.60.0/lib/multi.c:1039: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. -curl-7.60.0/lib/multi.c:1044: if_end: End of if statement. -curl-7.60.0/lib/multi.c:1045: cond_true: Condition "s == -1", taking true branch. -curl-7.60.0/lib/multi.c:1046: break: Breaking from loop. -curl-7.60.0/lib/multi.c:1048: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1051: loop: Jumping back to the beginning of the loop. -curl-7.60.0/lib/multi.c:1027: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/lib/multi.c:1027: cond_false: Condition "data", taking false branch. -curl-7.60.0/lib/multi.c:1051: loop_end: Reached end of loop. -curl-7.60.0/lib/multi.c:1055: cond_true: Condition "i < extra_nfds", taking true branch. +Error: FORWARD_NULL (CWE-476): [#def29] +curl-7.60.0/lib/multi.c:959: assign_zero: Assigning: "ufds" = "NULL". +curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi", taking true branch. +curl-7.60.0/lib/multi.c:965: cond_true: Condition "multi->type == 764702", taking true branch. +curl-7.60.0/lib/multi.c:966: if_end: End of if statement. +curl-7.60.0/lib/multi.c:968: cond_false: Condition "multi->in_callback", taking false branch. +curl-7.60.0/lib/multi.c:969: if_end: End of if statement. +curl-7.60.0/lib/multi.c:975: cond_false: Condition "timeout_internal >= 0", taking false branch. +curl-7.60.0/lib/multi.c:976: if_end: End of if statement. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:993: if_end: End of if statement. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. +curl-7.60.0/lib/multi.c:989: if_end: End of if statement. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:993: if_end: End of if statement. +curl-7.60.0/lib/multi.c:994: cond_false: Condition "s == -1", taking false branch. +curl-7.60.0/lib/multi.c:996: if_end: End of if statement. +curl-7.60.0/lib/multi.c:997: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:983: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_true: Condition "bitmap & (1 << i)", taking true branch. +curl-7.60.0/lib/multi.c:990: cond_true: Condition "bitmap & (1 << 16 + i)", taking true branch. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:983: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:986: cond_false: Condition "bitmap & (1 << i)", taking false branch. +curl-7.60.0/lib/multi.c:989: if_end: End of if statement. +curl-7.60.0/lib/multi.c:990: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:993: if_end: End of if statement. +curl-7.60.0/lib/multi.c:994: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:995: break: Breaking from loop. +curl-7.60.0/lib/multi.c:997: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1000: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:980: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:980: cond_false: Condition "data", taking false branch. +curl-7.60.0/lib/multi.c:1000: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1005: cond_false: Condition "nfds", taking false branch. +curl-7.60.0/lib/multi.c:1018: if_end: End of if statement. +curl-7.60.0/lib/multi.c:1024: cond_true: Condition "curlfds", taking true branch. +curl-7.60.0/lib/multi.c:1027: cond_true: Condition "data", taking true branch. +curl-7.60.0/lib/multi.c:1030: cond_true: Condition "i < 5", taking true branch. +curl-7.60.0/lib/multi.c:1033: cond_false: Condition "bitmap & (1 << i)", taking false branch. +curl-7.60.0/lib/multi.c:1038: if_end: End of if statement. +curl-7.60.0/lib/multi.c:1039: cond_false: Condition "bitmap & (1 << 16 + i)", taking false branch. +curl-7.60.0/lib/multi.c:1044: if_end: End of if statement. +curl-7.60.0/lib/multi.c:1045: cond_true: Condition "s == -1", taking true branch. +curl-7.60.0/lib/multi.c:1046: break: Breaking from loop. +curl-7.60.0/lib/multi.c:1048: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1051: loop: Jumping back to the beginning of the loop. +curl-7.60.0/lib/multi.c:1027: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/lib/multi.c:1027: cond_false: Condition "data", taking false branch. +curl-7.60.0/lib/multi.c:1051: loop_end: Reached end of loop. +curl-7.60.0/lib/multi.c:1055: cond_true: Condition "i < extra_nfds", taking true branch. curl-7.60.0/lib/multi.c:1056: var_deref_op: Dereferencing null pointer "ufds". -# 1054| /* Add external file descriptions from poll-like struct curl_waitfd */ -# 1055| for(i = 0; i < extra_nfds; i++) { -# 1056|-> ufds[nfds].fd = extra_fds[i].fd; -# 1057| ufds[nfds].events = 0; -# 1058| if(extra_fds[i].events & CURL_WAIT_POLLIN) +# 1054| /* Add external file descriptions from poll-like struct curl_waitfd */ +# 1055| for(i = 0; i < extra_nfds; i++) { +# 1056|-> ufds[nfds].fd = extra_fds[i].fd; +# 1057| ufds[nfds].events = 0; +# 1058| if(extra_fds[i].events & CURL_WAIT_POLLIN) -Error: DEADCODE (CWE-561): [#def30] -curl-7.60.0/lib/sendf.c:441: assignment: Assigning: "nread" = "0L". -curl-7.60.0/lib/sendf.c:442: const: At condition "nread > 0L", the value of "nread" must be equal to 0. -curl-7.60.0/lib/sendf.c:442: dead_error_condition: The condition "nread > 0L" cannot be true. +Error: DEADCODE (CWE-561): [#def30] +curl-7.60.0/lib/sendf.c:441: assignment: Assigning: "nread" = "0L". +curl-7.60.0/lib/sendf.c:442: const: At condition "nread > 0L", the value of "nread" must be equal to 0. +curl-7.60.0/lib/sendf.c:442: dead_error_condition: The condition "nread > 0L" cannot be true. curl-7.60.0/lib/sendf.c:443: dead_error_begin: Execution cannot reach this statement: "*code = CURLE_OK;". -# 441| nread = get_pre_recved(conn, num, buf, len); -# 442| if(nread > 0) { -# 443|-> *code = CURLE_OK; -# 444| return nread; -# 445| } +# 441| nread = get_pre_recved(conn, num, buf, len); +# 442| if(nread > 0) { +# 443|-> *code = CURLE_OK; +# 444| return nread; +# 445| } -Error: DEADCODE (CWE-561): [#def31] -curl-7.60.0/lib/sendf.c:657: assignment: Assigning: "result" = "((void)data) , CURLE_OK". -curl-7.60.0/lib/sendf.c:659: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/sendf.c:659: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def31] +curl-7.60.0/lib/sendf.c:657: assignment: Assigning: "result" = "((void)data) , CURLE_OK". +curl-7.60.0/lib/sendf.c:659: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/sendf.c:659: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/sendf.c:660: dead_error_line: Execution cannot reach this statement: "return result;". -# 658| /* Curl_convert_from_network calls failf if unsuccessful */ -# 659| if(result) -# 660|-> return result; -# 661| -# 662| #ifdef CURL_DO_LINEEND_CONV +# 658| /* Curl_convert_from_network calls failf if unsuccessful */ +# 659| if(result) +# 660|-> return result; +# 661| +# 662| #ifdef CURL_DO_LINEEND_CONV -Error: DEADCODE (CWE-561): [#def32] -curl-7.60.0/lib/smb.c:734: assignment: Assigning: "next_state" = "SMB_DONE". -curl-7.60.0/lib/smb.c:773: assignment: Assigning: "next_state" = "SMB_OPEN". -curl-7.60.0/lib/smb.c:779: assignment: Assigning: "next_state" = "SMB_TREE_DISCONNECT". -curl-7.60.0/lib/smb.c:788: assignment: Assigning: "next_state" = "SMB_UPLOAD". -curl-7.60.0/lib/smb.c:795: assignment: Assigning: "next_state" = "SMB_CLOSE". -curl-7.60.0/lib/smb.c:801: assignment: Assigning: "next_state" = "SMB_DOWNLOAD". -curl-7.60.0/lib/smb.c:827: assignment: Assigning: "next_state" = "SMB_CLOSE". -curl-7.60.0/lib/smb.c:834: assignment: Assigning: "next_state" = "(len < 32768) ? SMB_CLOSE : SMB_DOWNLOAD". -curl-7.60.0/lib/smb.c:870: between: When switching on "next_state", the value of "next_state" must be between 2 and 7. -curl-7.60.0/lib/smb.c:870: dead_error_condition: The switch value "next_state" cannot reach the default case. +Error: DEADCODE (CWE-561): [#def32] +curl-7.60.0/lib/smb.c:734: assignment: Assigning: "next_state" = "SMB_DONE". +curl-7.60.0/lib/smb.c:773: assignment: Assigning: "next_state" = "SMB_OPEN". +curl-7.60.0/lib/smb.c:779: assignment: Assigning: "next_state" = "SMB_TREE_DISCONNECT". +curl-7.60.0/lib/smb.c:788: assignment: Assigning: "next_state" = "SMB_UPLOAD". +curl-7.60.0/lib/smb.c:795: assignment: Assigning: "next_state" = "SMB_CLOSE". +curl-7.60.0/lib/smb.c:801: assignment: Assigning: "next_state" = "SMB_DOWNLOAD". +curl-7.60.0/lib/smb.c:827: assignment: Assigning: "next_state" = "SMB_CLOSE". +curl-7.60.0/lib/smb.c:834: assignment: Assigning: "next_state" = "(len < 32768) ? SMB_CLOSE : SMB_DOWNLOAD". +curl-7.60.0/lib/smb.c:870: between: When switching on "next_state", the value of "next_state" must be between 2 and 7. +curl-7.60.0/lib/smb.c:870: dead_error_condition: The switch value "next_state" cannot reach the default case. curl-7.60.0/lib/smb.c:896: dead_error_begin: Execution cannot reach this statement: "default:". -# 894| break; -# 895| -# 896|-> default: -# 897| break; -# 898| } +# 894| break; +# 895| +# 896|-> default: +# 897| break; +# 898| } -Error: STRING_OVERFLOW (CWE-120): [#def33] -curl-7.60.0/lib/socks_gssapi.c:51: cond_true: Condition "major_status & (4294901760U /* ((OM_uint32)255UL << 24) | ((OM_uint32)255UL << 16) */)", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:60: cond_true: Condition "!msg_ctx", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:66: cond_true: Condition "maj_stat == 0", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:67: cond_true: Condition "1024UL /* sizeof (buf) */ > len + status_string.length + 1", taking true branch. +Error: STRING_OVERFLOW (CWE-120): [#def33] +curl-7.60.0/lib/socks_gssapi.c:51: cond_true: Condition "major_status & (4294901760U /* ((OM_uint32)255UL << 24) | ((OM_uint32)255UL << 16) */)", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:60: cond_true: Condition "!msg_ctx", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:66: cond_true: Condition "maj_stat == 0", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:67: cond_true: Condition "1024UL /* sizeof (buf) */ > len + status_string.length + 1", taking true branch. curl-7.60.0/lib/socks_gssapi.c:68: fixed_size_dest: You might overrun the 1024-character fixed-size string "buf + len" by copying "status_string.value" without checking the length. -# 66| if(maj_stat == GSS_S_COMPLETE) { -# 67| if(sizeof(buf) > len + status_string.length + 1) { -# 68|-> strcpy(buf + len, (char *) status_string.value); -# 69| len += status_string.length; -# 70| } +# 66| if(maj_stat == GSS_S_COMPLETE) { +# 67| if(sizeof(buf) > len + status_string.length + 1) { +# 68|-> strcpy(buf + len, (char *) status_string.value); +# 69| len += status_string.length; +# 70| } -Error: STRING_OVERFLOW (CWE-120): [#def34] -curl-7.60.0/lib/socks_gssapi.c:51: cond_true: Condition "major_status & (4294901760U /* ((OM_uint32)255UL << 24) | ((OM_uint32)255UL << 16) */)", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:60: cond_true: Condition "!msg_ctx", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:66: cond_true: Condition "maj_stat == 0", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:67: cond_true: Condition "1024UL /* sizeof (buf) */ > len + status_string.length + 1", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:72: break: Breaking from loop. -curl-7.60.0/lib/socks_gssapi.c:75: loop_end: Reached end of loop. -curl-7.60.0/lib/socks_gssapi.c:76: cond_true: Condition "1024UL /* sizeof (buf) */ > len + 3", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:81: cond_true: Condition "!msg_ctx", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:87: cond_true: Condition "maj_stat == 0", taking true branch. -curl-7.60.0/lib/socks_gssapi.c:88: cond_true: Condition "1024UL /* sizeof (buf) */ > len + status_string.length", taking true branch. +Error: STRING_OVERFLOW (CWE-120): [#def34] +curl-7.60.0/lib/socks_gssapi.c:51: cond_true: Condition "major_status & (4294901760U /* ((OM_uint32)255UL << 24) | ((OM_uint32)255UL << 16) */)", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:60: cond_true: Condition "!msg_ctx", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:66: cond_true: Condition "maj_stat == 0", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:67: cond_true: Condition "1024UL /* sizeof (buf) */ > len + status_string.length + 1", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:72: break: Breaking from loop. +curl-7.60.0/lib/socks_gssapi.c:75: loop_end: Reached end of loop. +curl-7.60.0/lib/socks_gssapi.c:76: cond_true: Condition "1024UL /* sizeof (buf) */ > len + 3", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:81: cond_true: Condition "!msg_ctx", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:87: cond_true: Condition "maj_stat == 0", taking true branch. +curl-7.60.0/lib/socks_gssapi.c:88: cond_true: Condition "1024UL /* sizeof (buf) */ > len + status_string.length", taking true branch. curl-7.60.0/lib/socks_gssapi.c:89: fixed_size_dest: You might overrun the 1024-character fixed-size string "buf + len" by copying "status_string.value" without checking the length. -# 87| if(maj_stat == GSS_S_COMPLETE) { -# 88| if(sizeof(buf) > len + status_string.length) -# 89|-> strcpy(buf + len, (char *) status_string.value); -# 90| gss_release_buffer(&min_stat, &status_string); -# 91| break; +# 87| if(maj_stat == GSS_S_COMPLETE) { +# 88| if(sizeof(buf) > len + status_string.length) +# 89|-> strcpy(buf + len, (char *) status_string.value); +# 90| gss_release_buffer(&min_stat, &status_string); +# 91| break; -Error: CLANG_WARNING: [#def35] +Error: CLANG_WARNING: [#def35] curl-7.60.0/lib/ssh-libssh.c:1116:15: warning: Null pointer passed as an argument to a 'nonnull' parameter -# (strlen(protop->path) > 1))) { -# ^ ~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_CLOSE:' at line 1615 -# switch(sshc->state) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1616:7: note: Taking false branch -# if(sshc->sftp_file) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1620:7: note: Null pointer value stored to field 'path' -# Curl_safefree(protop->path); -# ^~~~~~~~~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/memdebug.h:184:21: note: expanded from macro 'Curl_safefree' -# do { free((ptr)); (ptr) = NULL;} WHILE_FALSE -# ^~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1620:7: note: Loop condition is false. Exiting loop -curl-7.60.0/lib/memdebug.h:184:3: note: expanded from macro 'Curl_safefree' -# do { free((ptr)); (ptr) = NULL;} WHILE_FALSE -# ^ -curl-7.60.0/lib/ssh-libssh.c:1627:10: note: Left side of '&&' is true -# if(sshc->nextstate != SSH_NO_STATE && -# ^ -curl-7.60.0/lib/ssh-libssh.c:1627:7: note: Taking true branch -# if(sshc->nextstate != SSH_NO_STATE && -# ^ -curl-7.60.0/lib/ssh-libssh.c:1636:7: note: Execution continues on line 1887 -# break; -# ^ -curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true -# } while(!rc && (sshc->state != SSH_STOP)); -# ^ -curl-7.60.0/lib/ssh-libssh.c:1887:19: note: Assuming the condition is true -# } while(!rc && (sshc->state != SSH_STOP)); -# ^~~~~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 -# do { -# ^ -curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_READDIR_BOTTOM:' at line 1412 -# switch(sshc->state) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1421:10: note: Assuming 'result' is 0 -# if(!result) { -# ^~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1421:7: note: Taking true branch -# if(!result) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1424:12: note: Assuming the condition is false -# if(data->set.verbose) { -# ^~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1424:9: note: Taking false branch -# if(data->set.verbose) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1434:7: note: Taking false branch -# if(result) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1439:7: note: Execution continues on line 1887 -# break; -# ^ -curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true -# } while(!rc && (sshc->state != SSH_STOP)); -# ^ -curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 -# do { -# ^ -curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_READDIR:' at line 1273 -# switch(sshc->state) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1275:7: note: Taking false branch -# if(sshc->readdir_attrs) -# ^ -curl-7.60.0/lib/ssh-libssh.c:1279:10: note: Assuming the condition is true -# if(sshc->readdir_attrs) { -# ^~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1279:7: note: Taking true branch -# if(sshc->readdir_attrs) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1284:12: note: Assuming the condition is true -# if(data->set.ftp_list_only) { -# ^~~~~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1284:9: note: Taking true branch -# if(data->set.ftp_list_only) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1288:14: note: Assuming 'tmpLine' is not equal to NULL -# if(tmpLine == NULL) { -# ^~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1288:11: note: Taking false branch -# if(tmpLine == NULL) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1297:14: note: Assuming 'result' is 0 -# if(result) { -# ^~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1297:11: note: Taking false branch -# if(result) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1306:11: note: Taking false branch -# if(data->set.verbose) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1354:7: note: Execution continues on line 1887 -# break; -# ^ -curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true -# } while(!rc && (sshc->state != SSH_STOP)); -# ^ -curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 -# do { -# ^ -curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_UPLOAD_INIT:' at line 1070 -# switch(sshc->state) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1074:10: note: Assuming the condition is false -# if(data->state.resume_from != 0) { -# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1074:7: note: Taking false branch -# if(data->state.resume_from != 0) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1095:10: note: Assuming the condition is true -# if(data->set.ftp_append) -# ^~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1095:7: note: Taking true branch -# if(data->set.ftp_append) -# ^ -curl-7.60.0/lib/ssh-libssh.c:1105:7: note: Taking false branch -# if(sshc->sftp_file) -# ^ -curl-7.60.0/lib/ssh-libssh.c:1110:10: note: Assuming the condition is true -# if(!sshc->sftp_file) { -# ^~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1110:7: note: Taking true branch -# if(!sshc->sftp_file) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1113:14: note: Assuming 'err' is equal to SSH_FX_NO_SUCH_FILE -# if(((err == SSH_FX_NO_SUCH_FILE || err == SSH_FX_FAILURE || -# ^~~~~~~~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1113:41: note: Left side of '||' is true -# if(((err == SSH_FX_NO_SUCH_FILE || err == SSH_FX_FAILURE || -# ^ -curl-7.60.0/lib/ssh-libssh.c:1115:15: note: Assuming the condition is true -# (data->set.ftp_create_missing_dirs && -# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1115:15: note: Left side of '&&' is true -curl-7.60.0/lib/ssh-libssh.c:1116:15: note: Null pointer passed as an argument to a 'nonnull' parameter -# (strlen(protop->path) > 1))) { -# ^ ~~~~~~~~~~~~ -# 1114| err == SSH_FX_NO_SUCH_PATH)) && -# 1115| (data->set.ftp_create_missing_dirs && -# 1116|-> (strlen(protop->path) > 1))) { -# 1117| /* try to create the path remotely */ -# 1118| rc = 0; +# (strlen(protop->path) > 1))) { +# ^ ~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_CLOSE:' at line 1615 +# switch(sshc->state) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1616:7: note: Taking false branch +# if(sshc->sftp_file) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1620:7: note: Null pointer value stored to field 'path' +# Curl_safefree(protop->path); +# ^~~~~~~~~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/memdebug.h:184:21: note: expanded from macro 'Curl_safefree' +# do { free((ptr)); (ptr) = NULL;} WHILE_FALSE +# ^~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1620:7: note: Loop condition is false. Exiting loop +curl-7.60.0/lib/memdebug.h:184:3: note: expanded from macro 'Curl_safefree' +# do { free((ptr)); (ptr) = NULL;} WHILE_FALSE +# ^ +curl-7.60.0/lib/ssh-libssh.c:1627:10: note: Left side of '&&' is true +# if(sshc->nextstate != SSH_NO_STATE && +# ^ +curl-7.60.0/lib/ssh-libssh.c:1627:7: note: Taking true branch +# if(sshc->nextstate != SSH_NO_STATE && +# ^ +curl-7.60.0/lib/ssh-libssh.c:1636:7: note: Execution continues on line 1887 +# break; +# ^ +curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true +# } while(!rc && (sshc->state != SSH_STOP)); +# ^ +curl-7.60.0/lib/ssh-libssh.c:1887:19: note: Assuming the condition is true +# } while(!rc && (sshc->state != SSH_STOP)); +# ^~~~~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 +# do { +# ^ +curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_READDIR_BOTTOM:' at line 1412 +# switch(sshc->state) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1421:10: note: Assuming 'result' is 0 +# if(!result) { +# ^~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1421:7: note: Taking true branch +# if(!result) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1424:12: note: Assuming the condition is false +# if(data->set.verbose) { +# ^~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1424:9: note: Taking false branch +# if(data->set.verbose) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1434:7: note: Taking false branch +# if(result) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1439:7: note: Execution continues on line 1887 +# break; +# ^ +curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true +# } while(!rc && (sshc->state != SSH_STOP)); +# ^ +curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 +# do { +# ^ +curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_READDIR:' at line 1273 +# switch(sshc->state) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1275:7: note: Taking false branch +# if(sshc->readdir_attrs) +# ^ +curl-7.60.0/lib/ssh-libssh.c:1279:10: note: Assuming the condition is true +# if(sshc->readdir_attrs) { +# ^~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1279:7: note: Taking true branch +# if(sshc->readdir_attrs) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1284:12: note: Assuming the condition is true +# if(data->set.ftp_list_only) { +# ^~~~~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1284:9: note: Taking true branch +# if(data->set.ftp_list_only) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1288:14: note: Assuming 'tmpLine' is not equal to NULL +# if(tmpLine == NULL) { +# ^~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1288:11: note: Taking false branch +# if(tmpLine == NULL) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1297:14: note: Assuming 'result' is 0 +# if(result) { +# ^~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1297:11: note: Taking false branch +# if(result) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1306:11: note: Taking false branch +# if(data->set.verbose) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1354:7: note: Execution continues on line 1887 +# break; +# ^ +curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true +# } while(!rc && (sshc->state != SSH_STOP)); +# ^ +curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 +# do { +# ^ +curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_UPLOAD_INIT:' at line 1070 +# switch(sshc->state) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1074:10: note: Assuming the condition is false +# if(data->state.resume_from != 0) { +# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1074:7: note: Taking false branch +# if(data->state.resume_from != 0) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1095:10: note: Assuming the condition is true +# if(data->set.ftp_append) +# ^~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1095:7: note: Taking true branch +# if(data->set.ftp_append) +# ^ +curl-7.60.0/lib/ssh-libssh.c:1105:7: note: Taking false branch +# if(sshc->sftp_file) +# ^ +curl-7.60.0/lib/ssh-libssh.c:1110:10: note: Assuming the condition is true +# if(!sshc->sftp_file) { +# ^~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1110:7: note: Taking true branch +# if(!sshc->sftp_file) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1113:14: note: Assuming 'err' is equal to SSH_FX_NO_SUCH_FILE +# if(((err == SSH_FX_NO_SUCH_FILE || err == SSH_FX_FAILURE || +# ^~~~~~~~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1113:41: note: Left side of '||' is true +# if(((err == SSH_FX_NO_SUCH_FILE || err == SSH_FX_FAILURE || +# ^ +curl-7.60.0/lib/ssh-libssh.c:1115:15: note: Assuming the condition is true +# (data->set.ftp_create_missing_dirs && +# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1115:15: note: Left side of '&&' is true +curl-7.60.0/lib/ssh-libssh.c:1116:15: note: Null pointer passed as an argument to a 'nonnull' parameter +# (strlen(protop->path) > 1))) { +# ^ ~~~~~~~~~~~~ +# 1114| err == SSH_FX_NO_SUCH_PATH)) && +# 1115| (data->set.ftp_create_missing_dirs && +# 1116|-> (strlen(protop->path) > 1))) { +# 1117| /* try to create the path remotely */ +# 1118| rc = 0; -Error: CLANG_WARNING: [#def36] +Error: CLANG_WARNING: [#def36] curl-7.60.0/lib/ssh-libssh.c:1208:10: warning: Null pointer passed as an argument to a 'nonnull' parameter -# if(strlen(protop->path) > 1) { -# ^ ~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_CLOSE:' at line 1615 -# switch(sshc->state) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1616:7: note: Taking false branch -# if(sshc->sftp_file) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1620:7: note: Null pointer value stored to field 'path' -# Curl_safefree(protop->path); -# ^~~~~~~~~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/memdebug.h:184:21: note: expanded from macro 'Curl_safefree' -# do { free((ptr)); (ptr) = NULL;} WHILE_FALSE -# ^~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1620:7: note: Loop condition is false. Exiting loop -curl-7.60.0/lib/memdebug.h:184:3: note: expanded from macro 'Curl_safefree' -# do { free((ptr)); (ptr) = NULL;} WHILE_FALSE -# ^ -curl-7.60.0/lib/ssh-libssh.c:1627:10: note: Left side of '&&' is true -# if(sshc->nextstate != SSH_NO_STATE && -# ^ -curl-7.60.0/lib/ssh-libssh.c:1627:7: note: Taking true branch -# if(sshc->nextstate != SSH_NO_STATE && -# ^ -curl-7.60.0/lib/ssh-libssh.c:1636:7: note: Execution continues on line 1887 -# break; -# ^ -curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true -# } while(!rc && (sshc->state != SSH_STOP)); -# ^ -curl-7.60.0/lib/ssh-libssh.c:1887:19: note: Assuming the condition is true -# } while(!rc && (sshc->state != SSH_STOP)); -# ^~~~~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 -# do { -# ^ -curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_READDIR_BOTTOM:' at line 1412 -# switch(sshc->state) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1421:10: note: Assuming 'result' is 0 -# if(!result) { -# ^~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1421:7: note: Taking true branch -# if(!result) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1424:12: note: Assuming the condition is false -# if(data->set.verbose) { -# ^~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1424:9: note: Taking false branch -# if(data->set.verbose) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1434:7: note: Taking false branch -# if(result) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1439:7: note: Execution continues on line 1887 -# break; -# ^ -curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true -# } while(!rc && (sshc->state != SSH_STOP)); -# ^ -curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 -# do { -# ^ -curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_READDIR:' at line 1273 -# switch(sshc->state) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1275:7: note: Taking false branch -# if(sshc->readdir_attrs) -# ^ -curl-7.60.0/lib/ssh-libssh.c:1279:10: note: Assuming the condition is true -# if(sshc->readdir_attrs) { -# ^~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1279:7: note: Taking true branch -# if(sshc->readdir_attrs) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1284:12: note: Assuming the condition is true -# if(data->set.ftp_list_only) { -# ^~~~~~~~~~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1284:9: note: Taking true branch -# if(data->set.ftp_list_only) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1288:14: note: Assuming 'tmpLine' is not equal to NULL -# if(tmpLine == NULL) { -# ^~~~~~~~~~~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1288:11: note: Taking false branch -# if(tmpLine == NULL) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1297:14: note: Assuming 'result' is 0 -# if(result) { -# ^~~~~~ -curl-7.60.0/lib/ssh-libssh.c:1297:11: note: Taking false branch -# if(result) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1306:11: note: Taking false branch -# if(data->set.verbose) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1354:7: note: Execution continues on line 1887 -# break; -# ^ -curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true -# } while(!rc && (sshc->state != SSH_STOP)); -# ^ -curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 -# do { -# ^ -curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_CREATE_DIRS_INIT:' at line 1207 -# switch(sshc->state) { -# ^ -curl-7.60.0/lib/ssh-libssh.c:1208:10: note: Null pointer passed as an argument to a 'nonnull' parameter -# if(strlen(protop->path) > 1) { -# ^ ~~~~~~~~~~~~ -# 1206| -# 1207| case SSH_SFTP_CREATE_DIRS_INIT: -# 1208|-> if(strlen(protop->path) > 1) { -# 1209| sshc->slash_pos = protop->path + 1; /* ignore the leading '/' */ -# 1210| state(conn, SSH_SFTP_CREATE_DIRS); +# if(strlen(protop->path) > 1) { +# ^ ~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_CLOSE:' at line 1615 +# switch(sshc->state) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1616:7: note: Taking false branch +# if(sshc->sftp_file) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1620:7: note: Null pointer value stored to field 'path' +# Curl_safefree(protop->path); +# ^~~~~~~~~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/memdebug.h:184:21: note: expanded from macro 'Curl_safefree' +# do { free((ptr)); (ptr) = NULL;} WHILE_FALSE +# ^~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1620:7: note: Loop condition is false. Exiting loop +curl-7.60.0/lib/memdebug.h:184:3: note: expanded from macro 'Curl_safefree' +# do { free((ptr)); (ptr) = NULL;} WHILE_FALSE +# ^ +curl-7.60.0/lib/ssh-libssh.c:1627:10: note: Left side of '&&' is true +# if(sshc->nextstate != SSH_NO_STATE && +# ^ +curl-7.60.0/lib/ssh-libssh.c:1627:7: note: Taking true branch +# if(sshc->nextstate != SSH_NO_STATE && +# ^ +curl-7.60.0/lib/ssh-libssh.c:1636:7: note: Execution continues on line 1887 +# break; +# ^ +curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true +# } while(!rc && (sshc->state != SSH_STOP)); +# ^ +curl-7.60.0/lib/ssh-libssh.c:1887:19: note: Assuming the condition is true +# } while(!rc && (sshc->state != SSH_STOP)); +# ^~~~~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 +# do { +# ^ +curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_READDIR_BOTTOM:' at line 1412 +# switch(sshc->state) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1421:10: note: Assuming 'result' is 0 +# if(!result) { +# ^~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1421:7: note: Taking true branch +# if(!result) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1424:12: note: Assuming the condition is false +# if(data->set.verbose) { +# ^~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1424:9: note: Taking false branch +# if(data->set.verbose) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1434:7: note: Taking false branch +# if(result) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1439:7: note: Execution continues on line 1887 +# break; +# ^ +curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true +# } while(!rc && (sshc->state != SSH_STOP)); +# ^ +curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 +# do { +# ^ +curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_READDIR:' at line 1273 +# switch(sshc->state) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1275:7: note: Taking false branch +# if(sshc->readdir_attrs) +# ^ +curl-7.60.0/lib/ssh-libssh.c:1279:10: note: Assuming the condition is true +# if(sshc->readdir_attrs) { +# ^~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1279:7: note: Taking true branch +# if(sshc->readdir_attrs) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1284:12: note: Assuming the condition is true +# if(data->set.ftp_list_only) { +# ^~~~~~~~~~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1284:9: note: Taking true branch +# if(data->set.ftp_list_only) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1288:14: note: Assuming 'tmpLine' is not equal to NULL +# if(tmpLine == NULL) { +# ^~~~~~~~~~~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1288:11: note: Taking false branch +# if(tmpLine == NULL) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1297:14: note: Assuming 'result' is 0 +# if(result) { +# ^~~~~~ +curl-7.60.0/lib/ssh-libssh.c:1297:11: note: Taking false branch +# if(result) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1306:11: note: Taking false branch +# if(data->set.verbose) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1354:7: note: Execution continues on line 1887 +# break; +# ^ +curl-7.60.0/lib/ssh-libssh.c:1887:11: note: Left side of '&&' is true +# } while(!rc && (sshc->state != SSH_STOP)); +# ^ +curl-7.60.0/lib/ssh-libssh.c:547:3: note: Loop condition is true. Execution continues on line 549 +# do { +# ^ +curl-7.60.0/lib/ssh-libssh.c:549:5: note: Control jumps to 'case SSH_SFTP_CREATE_DIRS_INIT:' at line 1207 +# switch(sshc->state) { +# ^ +curl-7.60.0/lib/ssh-libssh.c:1208:10: note: Null pointer passed as an argument to a 'nonnull' parameter +# if(strlen(protop->path) > 1) { +# ^ ~~~~~~~~~~~~ +# 1206| +# 1207| case SSH_SFTP_CREATE_DIRS_INIT: +# 1208|-> if(strlen(protop->path) > 1) { +# 1209| sshc->slash_pos = protop->path + 1; /* ignore the leading '/' */ +# 1210| state(conn, SSH_SFTP_CREATE_DIRS); -Error: FORWARD_NULL (CWE-476): [#def37] -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. -curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. -curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. -curl-7.60.0/src/tool_getparam.c:2153: cond_true: Condition "i < argc - 1", taking true branch. -curl-7.60.0/src/tool_getparam.c:2156: cond_false: Condition "result == PARAM_NEXT_OPERATION", taking false branch. -curl-7.60.0/src/tool_getparam.c:2185: else_branch: Reached else branch. -curl-7.60.0/src/tool_getparam.c:2185: cond_true: Condition "!result", taking true branch. -curl-7.60.0/src/tool_getparam.c:2185: cond_true: Condition "passarg", taking true branch. -curl-7.60.0/src/tool_getparam.c:2188: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/src/tool_getparam.c:2195: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:2196: loop: Jumping back to the beginning of the loop. -curl-7.60.0/src/tool_getparam.c:2140: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. -curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. -curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. -curl-7.60.0/src/tool_getparam.c:2153: cond_true: Condition "i < argc - 1", taking true branch. -curl-7.60.0/src/tool_getparam.c:2156: cond_true: Condition "result == PARAM_NEXT_OPERATION", taking true branch. -curl-7.60.0/src/tool_getparam.c:2161: cond_true: Condition "operation->url_list", taking true branch. -curl-7.60.0/src/tool_getparam.c:2161: cond_true: Condition "operation->url_list->url", taking true branch. -curl-7.60.0/src/tool_getparam.c:2164: cond_true: Condition "operation->next", taking true branch. -curl-7.60.0/src/tool_getparam.c:2180: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/src/tool_getparam.c:2182: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:2184: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/src/tool_getparam.c:2186: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:2188: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/src/tool_getparam.c:2195: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:2196: loop: Jumping back to the beginning of the loop. -curl-7.60.0/src/tool_getparam.c:2140: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. -curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. -curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. -curl-7.60.0/src/tool_getparam.c:2153: cond_true: Condition "i < argc - 1", taking true branch. -curl-7.60.0/src/tool_getparam.c:2156: cond_true: Condition "result == PARAM_NEXT_OPERATION", taking true branch. -curl-7.60.0/src/tool_getparam.c:2161: cond_false: Condition "operation->url_list", taking false branch. -curl-7.60.0/src/tool_getparam.c:2183: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:2184: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/src/tool_getparam.c:2186: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:2188: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/src/tool_getparam.c:2195: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:2196: loop: Jumping back to the beginning of the loop. -curl-7.60.0/src/tool_getparam.c:2140: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. -curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. -curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. -curl-7.60.0/src/tool_getparam.c:2153: cond_false: Condition "i < argc - 1", taking false branch. -curl-7.60.0/src/tool_getparam.c:2156: cond_false: Condition "result == PARAM_NEXT_OPERATION", taking false branch. -curl-7.60.0/src/tool_getparam.c:2185: else_branch: Reached else branch. -curl-7.60.0/src/tool_getparam.c:2185: cond_true: Condition "!result", taking true branch. -curl-7.60.0/src/tool_getparam.c:2185: cond_false: Condition "passarg", taking false branch. -curl-7.60.0/src/tool_getparam.c:2186: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:2188: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/src/tool_getparam.c:2195: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:2196: loop: Jumping back to the beginning of the loop. -curl-7.60.0/src/tool_getparam.c:2140: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. -curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. -curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. -curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. -curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. -curl-7.60.0/src/tool_getparam.c:2153: cond_false: Condition "i < argc - 1", taking false branch. -curl-7.60.0/src/tool_getparam.c:2153: assign_zero: Assigning: "nextarg" = "NULL". -curl-7.60.0/src/tool_getparam.c:2155: var_deref_model: Passing null pointer "nextarg" to "getparameter", which dereferences it. -curl-7.60.0/src/tool_getparam.c:505:3: cond_true: Condition "'-' != flag[0]", taking true branch. -curl-7.60.0/src/tool_getparam.c:512:5: cond_true: Condition "!strncmp(word, "no-", 3)", taking true branch. -curl-7.60.0/src/tool_getparam.c:518:5: cond_true: Condition "j < 221UL /* sizeof (aliases) / sizeof (aliases[0]) */", taking true branch. -curl-7.60.0/src/tool_getparam.c:519:7: cond_true: Condition "curl_strnequal(aliases[j].lname, word, fnam)", taking true branch. -curl-7.60.0/src/tool_getparam.c:522:9: cond_false: Condition "curl_strequal(aliases[j].lname, word)", taking false branch. -curl-7.60.0/src/tool_getparam.c:527:9: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:531:5: loop: Jumping back to the beginning of the loop. -curl-7.60.0/src/tool_getparam.c:518:5: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/src/tool_getparam.c:518:5: cond_true: Condition "j < 221UL /* sizeof (aliases) / sizeof (aliases[0]) */", taking true branch. -curl-7.60.0/src/tool_getparam.c:519:7: cond_true: Condition "curl_strnequal(aliases[j].lname, word, fnam)", taking true branch. -curl-7.60.0/src/tool_getparam.c:522:9: cond_false: Condition "curl_strequal(aliases[j].lname, word)", taking false branch. -curl-7.60.0/src/tool_getparam.c:527:9: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:531:5: loop: Jumping back to the beginning of the loop. -curl-7.60.0/src/tool_getparam.c:518:5: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/src/tool_getparam.c:518:5: cond_true: Condition "j < 221UL /* sizeof (aliases) / sizeof (aliases[0]) */", taking true branch. -curl-7.60.0/src/tool_getparam.c:519:7: cond_true: Condition "curl_strnequal(aliases[j].lname, word, fnam)", taking true branch. -curl-7.60.0/src/tool_getparam.c:522:9: cond_false: Condition "curl_strequal(aliases[j].lname, word)", taking false branch. -curl-7.60.0/src/tool_getparam.c:527:9: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:531:5: loop: Jumping back to the beginning of the loop. -curl-7.60.0/src/tool_getparam.c:518:5: loop_begin: Jumped back to beginning of loop. -curl-7.60.0/src/tool_getparam.c:518:5: cond_true: Condition "j < 221UL /* sizeof (aliases) / sizeof (aliases[0]) */", taking true branch. -curl-7.60.0/src/tool_getparam.c:519:7: cond_true: Condition "curl_strnequal(aliases[j].lname, word, fnam)", taking true branch. -curl-7.60.0/src/tool_getparam.c:522:9: cond_true: Condition "curl_strequal(aliases[j].lname, word)", taking true branch. -curl-7.60.0/src/tool_getparam.c:526:11: break: Breaking from loop. -curl-7.60.0/src/tool_getparam.c:531:5: loop_end: Reached end of loop. -curl-7.60.0/src/tool_getparam.c:532:5: cond_false: Condition "numhits > 1", taking false branch. -curl-7.60.0/src/tool_getparam.c:535:5: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:536:5: cond_false: Condition "hit < 0", taking false branch. -curl-7.60.0/src/tool_getparam.c:538:5: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:539:3: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/src/tool_getparam.c:544:3: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:549:5: cond_false: Condition "!longopt", taking false branch. -curl-7.60.0/src/tool_getparam.c:553:10: else_branch: Reached else branch. -curl-7.60.0/src/tool_getparam.c:558:5: cond_false: Condition "hit < 0", taking false branch. -curl-7.60.0/src/tool_getparam.c:568:5: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:570:5: cond_false: Condition "aliases[hit].desc == ARG_STRING", taking false branch. -curl-7.60.0/src/tool_getparam.c:581:10: else_branch: Reached else branch. -curl-7.60.0/src/tool_getparam.c:581:10: cond_false: Condition "aliases[hit].desc == ARG_NONE", taking false branch. -curl-7.60.0/src/tool_getparam.c:582:7: if_end: End of if statement. -curl-7.60.0/src/tool_getparam.c:584:5: switch: Switch case value "'*'". -curl-7.60.0/src/tool_getparam.c:585:10: switch_case: Reached case "'*'". -curl-7.60.0/src/tool_getparam.c:586:7: switch: Switch case value "'i'". -curl-7.60.0/src/tool_getparam.c:646:12: switch_case: Reached case "'i'". -curl-7.60.0/src/tool_getparam.c:649:27: deref_parm_in_call: Function "GetSizeParameter" dereferences "nextarg". -curl-7.60.0/src/tool_getparam.c:442:3: deref_parm_in_call: Function "curlx_strtoofft" dereferences "arg". +Error: FORWARD_NULL (CWE-476): [#def37] +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. +curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. +curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. +curl-7.60.0/src/tool_getparam.c:2153: cond_true: Condition "i < argc - 1", taking true branch. +curl-7.60.0/src/tool_getparam.c:2156: cond_false: Condition "result == PARAM_NEXT_OPERATION", taking false branch. +curl-7.60.0/src/tool_getparam.c:2185: else_branch: Reached else branch. +curl-7.60.0/src/tool_getparam.c:2185: cond_true: Condition "!result", taking true branch. +curl-7.60.0/src/tool_getparam.c:2185: cond_true: Condition "passarg", taking true branch. +curl-7.60.0/src/tool_getparam.c:2188: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/src/tool_getparam.c:2195: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:2196: loop: Jumping back to the beginning of the loop. +curl-7.60.0/src/tool_getparam.c:2140: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. +curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. +curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. +curl-7.60.0/src/tool_getparam.c:2153: cond_true: Condition "i < argc - 1", taking true branch. +curl-7.60.0/src/tool_getparam.c:2156: cond_true: Condition "result == PARAM_NEXT_OPERATION", taking true branch. +curl-7.60.0/src/tool_getparam.c:2161: cond_true: Condition "operation->url_list", taking true branch. +curl-7.60.0/src/tool_getparam.c:2161: cond_true: Condition "operation->url_list->url", taking true branch. +curl-7.60.0/src/tool_getparam.c:2164: cond_true: Condition "operation->next", taking true branch. +curl-7.60.0/src/tool_getparam.c:2180: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/src/tool_getparam.c:2182: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:2184: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/src/tool_getparam.c:2186: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:2188: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/src/tool_getparam.c:2195: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:2196: loop: Jumping back to the beginning of the loop. +curl-7.60.0/src/tool_getparam.c:2140: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. +curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. +curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. +curl-7.60.0/src/tool_getparam.c:2153: cond_true: Condition "i < argc - 1", taking true branch. +curl-7.60.0/src/tool_getparam.c:2156: cond_true: Condition "result == PARAM_NEXT_OPERATION", taking true branch. +curl-7.60.0/src/tool_getparam.c:2161: cond_false: Condition "operation->url_list", taking false branch. +curl-7.60.0/src/tool_getparam.c:2183: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:2184: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/src/tool_getparam.c:2186: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:2188: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/src/tool_getparam.c:2195: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:2196: loop: Jumping back to the beginning of the loop. +curl-7.60.0/src/tool_getparam.c:2140: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. +curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. +curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. +curl-7.60.0/src/tool_getparam.c:2153: cond_false: Condition "i < argc - 1", taking false branch. +curl-7.60.0/src/tool_getparam.c:2156: cond_false: Condition "result == PARAM_NEXT_OPERATION", taking false branch. +curl-7.60.0/src/tool_getparam.c:2185: else_branch: Reached else branch. +curl-7.60.0/src/tool_getparam.c:2185: cond_true: Condition "!result", taking true branch. +curl-7.60.0/src/tool_getparam.c:2185: cond_false: Condition "passarg", taking false branch. +curl-7.60.0/src/tool_getparam.c:2186: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:2188: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/src/tool_getparam.c:2195: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:2196: loop: Jumping back to the beginning of the loop. +curl-7.60.0/src/tool_getparam.c:2140: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "i < argc", taking true branch. +curl-7.60.0/src/tool_getparam.c:2140: cond_true: Condition "!result", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "stillflags", taking true branch. +curl-7.60.0/src/tool_getparam.c:2143: cond_true: Condition "'-' == argv[i][0]", taking true branch. +curl-7.60.0/src/tool_getparam.c:2148: cond_false: Condition "!strcmp("--", argv[i])", taking false branch. +curl-7.60.0/src/tool_getparam.c:2152: else_branch: Reached else branch. +curl-7.60.0/src/tool_getparam.c:2153: cond_false: Condition "i < argc - 1", taking false branch. +curl-7.60.0/src/tool_getparam.c:2153: assign_zero: Assigning: "nextarg" = "NULL". +curl-7.60.0/src/tool_getparam.c:2155: var_deref_model: Passing null pointer "nextarg" to "getparameter", which dereferences it. +curl-7.60.0/src/tool_getparam.c:505:3: cond_true: Condition "'-' != flag[0]", taking true branch. +curl-7.60.0/src/tool_getparam.c:512:5: cond_true: Condition "!strncmp(word, "no-", 3)", taking true branch. +curl-7.60.0/src/tool_getparam.c:518:5: cond_true: Condition "j < 221UL /* sizeof (aliases) / sizeof (aliases[0]) */", taking true branch. +curl-7.60.0/src/tool_getparam.c:519:7: cond_true: Condition "curl_strnequal(aliases[j].lname, word, fnam)", taking true branch. +curl-7.60.0/src/tool_getparam.c:522:9: cond_false: Condition "curl_strequal(aliases[j].lname, word)", taking false branch. +curl-7.60.0/src/tool_getparam.c:527:9: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:531:5: loop: Jumping back to the beginning of the loop. +curl-7.60.0/src/tool_getparam.c:518:5: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/src/tool_getparam.c:518:5: cond_true: Condition "j < 221UL /* sizeof (aliases) / sizeof (aliases[0]) */", taking true branch. +curl-7.60.0/src/tool_getparam.c:519:7: cond_true: Condition "curl_strnequal(aliases[j].lname, word, fnam)", taking true branch. +curl-7.60.0/src/tool_getparam.c:522:9: cond_false: Condition "curl_strequal(aliases[j].lname, word)", taking false branch. +curl-7.60.0/src/tool_getparam.c:527:9: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:531:5: loop: Jumping back to the beginning of the loop. +curl-7.60.0/src/tool_getparam.c:518:5: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/src/tool_getparam.c:518:5: cond_true: Condition "j < 221UL /* sizeof (aliases) / sizeof (aliases[0]) */", taking true branch. +curl-7.60.0/src/tool_getparam.c:519:7: cond_true: Condition "curl_strnequal(aliases[j].lname, word, fnam)", taking true branch. +curl-7.60.0/src/tool_getparam.c:522:9: cond_false: Condition "curl_strequal(aliases[j].lname, word)", taking false branch. +curl-7.60.0/src/tool_getparam.c:527:9: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:531:5: loop: Jumping back to the beginning of the loop. +curl-7.60.0/src/tool_getparam.c:518:5: loop_begin: Jumped back to beginning of loop. +curl-7.60.0/src/tool_getparam.c:518:5: cond_true: Condition "j < 221UL /* sizeof (aliases) / sizeof (aliases[0]) */", taking true branch. +curl-7.60.0/src/tool_getparam.c:519:7: cond_true: Condition "curl_strnequal(aliases[j].lname, word, fnam)", taking true branch. +curl-7.60.0/src/tool_getparam.c:522:9: cond_true: Condition "curl_strequal(aliases[j].lname, word)", taking true branch. +curl-7.60.0/src/tool_getparam.c:526:11: break: Breaking from loop. +curl-7.60.0/src/tool_getparam.c:531:5: loop_end: Reached end of loop. +curl-7.60.0/src/tool_getparam.c:532:5: cond_false: Condition "numhits > 1", taking false branch. +curl-7.60.0/src/tool_getparam.c:535:5: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:536:5: cond_false: Condition "hit < 0", taking false branch. +curl-7.60.0/src/tool_getparam.c:538:5: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:539:3: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/src/tool_getparam.c:544:3: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:549:5: cond_false: Condition "!longopt", taking false branch. +curl-7.60.0/src/tool_getparam.c:553:10: else_branch: Reached else branch. +curl-7.60.0/src/tool_getparam.c:558:5: cond_false: Condition "hit < 0", taking false branch. +curl-7.60.0/src/tool_getparam.c:568:5: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:570:5: cond_false: Condition "aliases[hit].desc == ARG_STRING", taking false branch. +curl-7.60.0/src/tool_getparam.c:581:10: else_branch: Reached else branch. +curl-7.60.0/src/tool_getparam.c:581:10: cond_false: Condition "aliases[hit].desc == ARG_NONE", taking false branch. +curl-7.60.0/src/tool_getparam.c:582:7: if_end: End of if statement. +curl-7.60.0/src/tool_getparam.c:584:5: switch: Switch case value "'*'". +curl-7.60.0/src/tool_getparam.c:585:10: switch_case: Reached case "'*'". +curl-7.60.0/src/tool_getparam.c:586:7: switch: Switch case value "'i'". +curl-7.60.0/src/tool_getparam.c:646:12: switch_case: Reached case "'i'". +curl-7.60.0/src/tool_getparam.c:649:27: deref_parm_in_call: Function "GetSizeParameter" dereferences "nextarg". +curl-7.60.0/src/tool_getparam.c:442:3: deref_parm_in_call: Function "curlx_strtoofft" dereferences "arg". curl-7.60.0/lib/strtoofft.c:223:3: deref_parm: Directly dereferencing parameter "str". -# 221| *num = 0; /* clear by default */ -# 222| -# 223|-> while(*str && ISSPACE(*str)) -# 224| str++; -# 225| if('-' == *str) { +# 221| *num = 0; /* clear by default */ +# 222| +# 223|-> while(*str && ISSPACE(*str)) +# 224| str++; +# 225| if('-' == *str) { -Error: STRING_NULL (CWE-170): [#def38] -curl-7.60.0/lib/tftp.c:1110: string_null_argument: Function "recvfrom" does not terminate string "*state->rpacket.data". [Note: The source code implementation of the function has been overridden by a builtin model.] -curl-7.60.0/lib/tftp.c:1116: cond_true: Condition "state->remote_addrlen == 0", taking true branch. -curl-7.60.0/lib/tftp.c:1122: cond_false: Condition "state->rbytes < 4", taking false branch. -curl-7.60.0/lib/tftp.c:1127: else_branch: Reached else branch. -curl-7.60.0/lib/tftp.c:1132: switch: Switch case value "TFTP_EVENT_OACK". -curl-7.60.0/lib/tftp.c:1157: switch_case: Reached case "TFTP_EVENT_OACK". +Error: STRING_NULL (CWE-170): [#def38] +curl-7.60.0/lib/tftp.c:1110: string_null_argument: Function "recvfrom" does not terminate string "*state->rpacket.data". [Note: The source code implementation of the function has been overridden by a builtin model.] +curl-7.60.0/lib/tftp.c:1116: cond_true: Condition "state->remote_addrlen == 0", taking true branch. +curl-7.60.0/lib/tftp.c:1122: cond_false: Condition "state->rbytes < 4", taking false branch. +curl-7.60.0/lib/tftp.c:1127: else_branch: Reached else branch. +curl-7.60.0/lib/tftp.c:1132: switch: Switch case value "TFTP_EVENT_OACK". +curl-7.60.0/lib/tftp.c:1157: switch_case: Reached case "TFTP_EVENT_OACK". curl-7.60.0/lib/tftp.c:1158: string_null: Passing unterminated string "(char const *)state->rpacket.data + 2" to "tftp_parse_option_ack", which expects a null-terminated string. -curl-7.60.0/lib/tftp.c:337:19: var_assign_parm: Assigning: "tmp" = "ptr". They now point to the same thing. -curl-7.60.0/lib/tftp.c:343:3: cond_true: Condition "tmp < ptr + len", taking true branch. -curl-7.60.0/lib/tftp.c:346:5: string_null_sink_lv_call: Passing local "tmp", that points to a parameter, to "tftp_option_get", which expects a null-terminated string. -curl-7.60.0/lib/tftp.c:320:3: cond_false: Condition "loc >= len", taking false branch. -curl-7.60.0/lib/tftp.c:321:5: if_end: End of if statement. -curl-7.60.0/lib/tftp.c:322:3: var_assign_parm: Assigning: "*option" = "buf". -curl-7.60.0/lib/tftp.c:327:3: cond_false: Condition "loc > len", taking false branch. -curl-7.60.0/lib/tftp.c:328:5: if_end: End of if statement. -curl-7.60.0/lib/tftp.c:329:3: string_null_sink_parm_call: Passing parameter "*option" to "strlen" which expects a null-terminated string. -# 1156| break; -# 1157| case TFTP_EVENT_OACK: -# 1158|-> result = tftp_parse_option_ack(state, -# 1159| (const char *)state->rpacket.data + 2, -# 1160| state->rbytes-2); +curl-7.60.0/lib/tftp.c:337:19: var_assign_parm: Assigning: "tmp" = "ptr". They now point to the same thing. +curl-7.60.0/lib/tftp.c:343:3: cond_true: Condition "tmp < ptr + len", taking true branch. +curl-7.60.0/lib/tftp.c:346:5: string_null_sink_lv_call: Passing local "tmp", that points to a parameter, to "tftp_option_get", which expects a null-terminated string. +curl-7.60.0/lib/tftp.c:320:3: cond_false: Condition "loc >= len", taking false branch. +curl-7.60.0/lib/tftp.c:321:5: if_end: End of if statement. +curl-7.60.0/lib/tftp.c:322:3: var_assign_parm: Assigning: "*option" = "buf". +curl-7.60.0/lib/tftp.c:327:3: cond_false: Condition "loc > len", taking false branch. +curl-7.60.0/lib/tftp.c:328:5: if_end: End of if statement. +curl-7.60.0/lib/tftp.c:329:3: string_null_sink_parm_call: Passing parameter "*option" to "strlen" which expects a null-terminated string. +# 1156| break; +# 1157| case TFTP_EVENT_OACK: +# 1158|-> result = tftp_parse_option_ack(state, +# 1159| (const char *)state->rpacket.data + 2, +# 1160| state->rbytes-2); -Error: NEGATIVE_RETURNS (CWE-394): [#def39] -curl-7.60.0/lib/transfer.c:131: cond_true: Condition "data->req.upload_chunky", taking true branch. -curl-7.60.0/lib/transfer.c:144: cond_false: Condition "nread == 268435456", taking false branch. -curl-7.60.0/lib/transfer.c:148: if_end: End of if statement. -curl-7.60.0/lib/transfer.c:149: cond_false: Condition "nread == 268435457", taking false branch. -curl-7.60.0/lib/transfer.c:170: else_branch: Reached else branch. -curl-7.60.0/lib/transfer.c:170: cond_false: Condition "(size_t)nread > buffersize", taking false branch. -curl-7.60.0/lib/transfer.c:175: if_end: End of if statement. -curl-7.60.0/lib/transfer.c:177: cond_true: Condition "!data->req.forbidchunk", taking true branch. -curl-7.60.0/lib/transfer.c:177: cond_true: Condition "data->req.upload_chunky", taking true branch. -curl-7.60.0/lib/transfer.c:198: cond_true: Condition "data->set.prefer_ascii", taking true branch. -curl-7.60.0/lib/transfer.c:206: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/lib/transfer.c:210: if_end: End of if statement. -curl-7.60.0/lib/transfer.c:211: negative_return_fn: Function "curl_msnprintf(hexbuffer, 11UL, "%x%s", nread, endofline_native)" returns a negative number. -curl-7.60.0/lib/mprintf.c:1023:3: negative_return: Calling "curl_mvsnprintf", which might return a negative value. -curl-7.60.0/lib/mprintf.c:1007:3: cond_false: Condition "retcode != -1", taking false branch. -curl-7.60.0/lib/mprintf.c:1014:3: if_end: End of if statement. -curl-7.60.0/lib/mprintf.c:1007:3: var_tested_neg: Variable "retcode" is negative. -curl-7.60.0/lib/mprintf.c:1015:3: return_negative_variable: Explicitly returning negative variable "retcode". -curl-7.60.0/lib/mprintf.c:1023:3: var_assign: Assigning: "retcode" = "curl_mvsnprintf(buffer, maxlength, format, ap_save)", which might be negative. -curl-7.60.0/lib/mprintf.c:1025:3: return_negative_variable: Explicitly returning negative variable "retcode". -curl-7.60.0/lib/transfer.c:211: var_assign: Assigning: signed variable "hexlen" = "curl_msnprintf". +Error: NEGATIVE_RETURNS (CWE-394): [#def39] +curl-7.60.0/lib/transfer.c:131: cond_true: Condition "data->req.upload_chunky", taking true branch. +curl-7.60.0/lib/transfer.c:144: cond_false: Condition "nread == 268435456", taking false branch. +curl-7.60.0/lib/transfer.c:148: if_end: End of if statement. +curl-7.60.0/lib/transfer.c:149: cond_false: Condition "nread == 268435457", taking false branch. +curl-7.60.0/lib/transfer.c:170: else_branch: Reached else branch. +curl-7.60.0/lib/transfer.c:170: cond_false: Condition "(size_t)nread > buffersize", taking false branch. +curl-7.60.0/lib/transfer.c:175: if_end: End of if statement. +curl-7.60.0/lib/transfer.c:177: cond_true: Condition "!data->req.forbidchunk", taking true branch. +curl-7.60.0/lib/transfer.c:177: cond_true: Condition "data->req.upload_chunky", taking true branch. +curl-7.60.0/lib/transfer.c:198: cond_true: Condition "data->set.prefer_ascii", taking true branch. +curl-7.60.0/lib/transfer.c:206: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/lib/transfer.c:210: if_end: End of if statement. +curl-7.60.0/lib/transfer.c:211: negative_return_fn: Function "curl_msnprintf(hexbuffer, 11UL, "%x%s", nread, endofline_native)" returns a negative number. +curl-7.60.0/lib/mprintf.c:1023:3: negative_return: Calling "curl_mvsnprintf", which might return a negative value. +curl-7.60.0/lib/mprintf.c:1007:3: cond_false: Condition "retcode != -1", taking false branch. +curl-7.60.0/lib/mprintf.c:1014:3: if_end: End of if statement. +curl-7.60.0/lib/mprintf.c:1007:3: var_tested_neg: Variable "retcode" is negative. +curl-7.60.0/lib/mprintf.c:1015:3: return_negative_variable: Explicitly returning negative variable "retcode". +curl-7.60.0/lib/mprintf.c:1023:3: var_assign: Assigning: "retcode" = "curl_mvsnprintf(buffer, maxlength, format, ap_save)", which might be negative. +curl-7.60.0/lib/mprintf.c:1025:3: return_negative_variable: Explicitly returning negative variable "retcode". +curl-7.60.0/lib/transfer.c:211: var_assign: Assigning: signed variable "hexlen" = "curl_msnprintf". curl-7.60.0/lib/transfer.c:219: negative_returns: "hexlen" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.] -# 217| -# 218| /* copy the prefix to the buffer, leaving out the NUL */ -# 219|-> memcpy(data->req.upload_fromhere, hexbuffer, hexlen); -# 220| -# 221| /* always append ASCII CRLF to the data */ +# 217| +# 218| /* copy the prefix to the buffer, leaving out the NUL */ +# 219|-> memcpy(data->req.upload_fromhere, hexbuffer, hexlen); +# 220| +# 221| /* always append ASCII CRLF to the data */ -Error: CLANG_WARNING: [#def40] +Error: CLANG_WARNING: [#def40] curl-7.60.0/lib/url.c: internal warning: child 19172 timed out after 30s -Error: CLANG_WARNING: [#def41] +Error: CLANG_WARNING: [#def41] curl-7.60.0/lib/url.c: internal warning: child 31100 timed out after 30s -Error: NEGATIVE_RETURNS (CWE-394): [#def42] -curl-7.60.0/lib/vauth/ntlm.c:541: cond_true: Condition "!user", taking true branch. -curl-7.60.0/lib/vauth/ntlm.c:544: cond_false: Condition "user", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:550: else_branch: Reached else branch. -curl-7.60.0/lib/vauth/ntlm.c:556: cond_false: Condition "Curl_gethostname(host, 1025UL /* sizeof (host) */)", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:560: else_branch: Reached else branch. -curl-7.60.0/lib/vauth/ntlm.c:565: cond_true: Condition "ntlm->target_info_len", taking true branch. -curl-7.60.0/lib/vauth/ntlm.c:571: cond_false: Condition "result", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:572: if_end: End of if statement. -curl-7.60.0/lib/vauth/ntlm.c:575: cond_false: Condition "result", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:576: if_end: End of if statement. -curl-7.60.0/lib/vauth/ntlm.c:580: cond_false: Condition "result", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:581: if_end: End of if statement. -curl-7.60.0/lib/vauth/ntlm.c:586: cond_false: Condition "result", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:587: if_end: End of if statement. -curl-7.60.0/lib/vauth/ntlm.c:592: cond_false: Condition "result", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:593: if_end: End of if statement. -curl-7.60.0/lib/vauth/ntlm.c:596: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/lib/vauth/ntlm.c:662: if_end: End of if statement. -curl-7.60.0/lib/vauth/ntlm.c:664: cond_true: Condition "unicode", taking true branch. -curl-7.60.0/lib/vauth/ntlm.c:681: negative_return_fn: Function "curl_msnprintf((char *)ntlmbuf, 1024UL, "NTLMSSP%c\3%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c", 0, 0, 0, 0, 24, 0, 24, 0, (int)(lmrespoff & 0xff), (int)((lmrespoff >> 8) & 0xff), 0, 0, (int)(ntresplen & 0xffU), (int)((ntresplen >> 8) & 0xffU), (int)(ntresplen & 0xffU), (int)((ntresplen >> 8) & 0xffU), (int)(ntrespoff & 0xff), (int)((ntrespoff >> 8) & 0xff), 0, 0, (int)(domlen & 0xffUL), (int)((domlen >> 8) & 0xffUL), (int)(domlen & 0xffUL), (int)((domlen >> 8) & 0xffUL), (int)(domoff & 0xffUL), (int)((domoff >> 8) & 0xffUL), 0, 0, (int)(userlen & 0xffUL), (int)((userlen >> 8) & 0xffUL), (int)(userlen & 0xffUL), (int)((userlen >> 8) & 0xffUL), (int)(useroff & 0xffUL), (int)((useroff >> 8) & 0xffUL), 0, 0, (int)(hostlen & 0xffUL), (int)((hostlen >> 8) & 0xffUL), (int)(hostlen & 0xffUL), (int)((hostlen >> 8) & 0xffUL), (int)(hostoff & 0xffUL), (int)((hostoff >> 8) & 0xffUL), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, (int)(ntlm->flags & 0xffU), (int)((ntlm->flags >> 8) & 0xffU), (int)((ntlm->flags >> 16) & 0xffU), (int)((ntlm->flags >> 24) & 0xffU))" returns a negative number. -curl-7.60.0/lib/mprintf.c:1023:3: negative_return: Calling "curl_mvsnprintf", which might return a negative value. -curl-7.60.0/lib/mprintf.c:1007:3: cond_false: Condition "retcode != -1", taking false branch. -curl-7.60.0/lib/mprintf.c:1014:3: if_end: End of if statement. -curl-7.60.0/lib/mprintf.c:1007:3: var_tested_neg: Variable "retcode" is negative. -curl-7.60.0/lib/mprintf.c:1015:3: return_negative_variable: Explicitly returning negative variable "retcode". -curl-7.60.0/lib/mprintf.c:1023:3: var_assign: Assigning: "retcode" = "curl_mvsnprintf(buffer, maxlength, format, ap_save)", which might be negative. -curl-7.60.0/lib/mprintf.c:1025:3: return_negative_variable: Explicitly returning negative variable "retcode". -curl-7.60.0/lib/vauth/ntlm.c:681: var_assign: Assigning: unsigned variable "size" = "curl_msnprintf". -curl-7.60.0/lib/vauth/ntlm.c:768: cond_false: Condition "size < 1000UL /* 1024 - 24 */", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:771: if_end: End of if statement. -curl-7.60.0/lib/vauth/ntlm.c:779: cond_false: Condition "size < 1024 - ntresplen", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:783: if_end: End of if statement. -curl-7.60.0/lib/vauth/ntlm.c:803: cond_false: Condition "size + userlen + domlen + hostlen >= 1024", taking false branch. -curl-7.60.0/lib/vauth/ntlm.c:806: if_end: End of if statement. -curl-7.60.0/lib/vauth/ntlm.c:809: cond_true: Condition "unicode", taking true branch. +Error: NEGATIVE_RETURNS (CWE-394): [#def42] +curl-7.60.0/lib/vauth/ntlm.c:541: cond_true: Condition "!user", taking true branch. +curl-7.60.0/lib/vauth/ntlm.c:544: cond_false: Condition "user", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:550: else_branch: Reached else branch. +curl-7.60.0/lib/vauth/ntlm.c:556: cond_false: Condition "Curl_gethostname(host, 1025UL /* sizeof (host) */)", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:560: else_branch: Reached else branch. +curl-7.60.0/lib/vauth/ntlm.c:565: cond_true: Condition "ntlm->target_info_len", taking true branch. +curl-7.60.0/lib/vauth/ntlm.c:571: cond_false: Condition "result", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:572: if_end: End of if statement. +curl-7.60.0/lib/vauth/ntlm.c:575: cond_false: Condition "result", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:576: if_end: End of if statement. +curl-7.60.0/lib/vauth/ntlm.c:580: cond_false: Condition "result", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:581: if_end: End of if statement. +curl-7.60.0/lib/vauth/ntlm.c:586: cond_false: Condition "result", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:587: if_end: End of if statement. +curl-7.60.0/lib/vauth/ntlm.c:592: cond_false: Condition "result", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:593: if_end: End of if statement. +curl-7.60.0/lib/vauth/ntlm.c:596: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/lib/vauth/ntlm.c:662: if_end: End of if statement. +curl-7.60.0/lib/vauth/ntlm.c:664: cond_true: Condition "unicode", taking true branch. +curl-7.60.0/lib/vauth/ntlm.c:681: negative_return_fn: Function "curl_msnprintf((char *)ntlmbuf, 1024UL, "NTLMSSP%c\3%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c", 0, 0, 0, 0, 24, 0, 24, 0, (int)(lmrespoff & 0xff), (int)((lmrespoff >> 8) & 0xff), 0, 0, (int)(ntresplen & 0xffU), (int)((ntresplen >> 8) & 0xffU), (int)(ntresplen & 0xffU), (int)((ntresplen >> 8) & 0xffU), (int)(ntrespoff & 0xff), (int)((ntrespoff >> 8) & 0xff), 0, 0, (int)(domlen & 0xffUL), (int)((domlen >> 8) & 0xffUL), (int)(domlen & 0xffUL), (int)((domlen >> 8) & 0xffUL), (int)(domoff & 0xffUL), (int)((domoff >> 8) & 0xffUL), 0, 0, (int)(userlen & 0xffUL), (int)((userlen >> 8) & 0xffUL), (int)(userlen & 0xffUL), (int)((userlen >> 8) & 0xffUL), (int)(useroff & 0xffUL), (int)((useroff >> 8) & 0xffUL), 0, 0, (int)(hostlen & 0xffUL), (int)((hostlen >> 8) & 0xffUL), (int)(hostlen & 0xffUL), (int)((hostlen >> 8) & 0xffUL), (int)(hostoff & 0xffUL), (int)((hostoff >> 8) & 0xffUL), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, (int)(ntlm->flags & 0xffU), (int)((ntlm->flags >> 8) & 0xffU), (int)((ntlm->flags >> 16) & 0xffU), (int)((ntlm->flags >> 24) & 0xffU))" returns a negative number. +curl-7.60.0/lib/mprintf.c:1023:3: negative_return: Calling "curl_mvsnprintf", which might return a negative value. +curl-7.60.0/lib/mprintf.c:1007:3: cond_false: Condition "retcode != -1", taking false branch. +curl-7.60.0/lib/mprintf.c:1014:3: if_end: End of if statement. +curl-7.60.0/lib/mprintf.c:1007:3: var_tested_neg: Variable "retcode" is negative. +curl-7.60.0/lib/mprintf.c:1015:3: return_negative_variable: Explicitly returning negative variable "retcode". +curl-7.60.0/lib/mprintf.c:1023:3: var_assign: Assigning: "retcode" = "curl_mvsnprintf(buffer, maxlength, format, ap_save)", which might be negative. +curl-7.60.0/lib/mprintf.c:1025:3: return_negative_variable: Explicitly returning negative variable "retcode". +curl-7.60.0/lib/vauth/ntlm.c:681: var_assign: Assigning: unsigned variable "size" = "curl_msnprintf". +curl-7.60.0/lib/vauth/ntlm.c:768: cond_false: Condition "size < 1000UL /* 1024 - 24 */", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:771: if_end: End of if statement. +curl-7.60.0/lib/vauth/ntlm.c:779: cond_false: Condition "size < 1024 - ntresplen", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:783: if_end: End of if statement. +curl-7.60.0/lib/vauth/ntlm.c:803: cond_false: Condition "size + userlen + domlen + hostlen >= 1024", taking false branch. +curl-7.60.0/lib/vauth/ntlm.c:806: if_end: End of if statement. +curl-7.60.0/lib/vauth/ntlm.c:809: cond_true: Condition "unicode", taking true branch. curl-7.60.0/lib/vauth/ntlm.c:810: negative_returns: Using variable "size" as an index to array "ntlmbuf". -# 808| DEBUGASSERT(size == domoff); -# 809| if(unicode) -# 810|-> unicodecpy(&ntlmbuf[size], domain, domlen / 2); -# 811| else -# 812| memcpy(&ntlmbuf[size], domain, domlen); +# 808| DEBUGASSERT(size == domoff); +# 809| if(unicode) +# 810|-> unicodecpy(&ntlmbuf[size], domain, domlen / 2); +# 811| else +# 812| memcpy(&ntlmbuf[size], domain, domlen); -Error: DEADCODE (CWE-561): [#def43] -curl-7.60.0/lib/vauth/ntlm.c:833: assignment: Assigning: "result" = "((void)data) , CURLE_OK". -curl-7.60.0/lib/vauth/ntlm.c:835: const: At condition "result", the value of "result" must be equal to 0. -curl-7.60.0/lib/vauth/ntlm.c:835: dead_error_condition: The condition "result" cannot be true. +Error: DEADCODE (CWE-561): [#def43] +curl-7.60.0/lib/vauth/ntlm.c:833: assignment: Assigning: "result" = "((void)data) , CURLE_OK". +curl-7.60.0/lib/vauth/ntlm.c:835: const: At condition "result", the value of "result" must be equal to 0. +curl-7.60.0/lib/vauth/ntlm.c:835: dead_error_condition: The condition "result" cannot be true. curl-7.60.0/lib/vauth/ntlm.c:836: dead_error_line: Execution cannot reach this statement: "return CURLE_CONV_FAILED;". -# 834| size - domoff); -# 835| if(result) -# 836|-> return CURLE_CONV_FAILED; -# 837| -# 838| /* Return with binary blob encoded into base64 */ +# 834| size - domoff); +# 835| if(result) +# 836|-> return CURLE_CONV_FAILED; +# 837| +# 838| /* Return with binary blob encoded into base64 */ -Error: COMPILER_WARNING: [#def44] -curl-7.60.0/lib/vtls/openssl.c: scope_hint: In function 'ossl_connect_step1' +Error: COMPILER_WARNING: [#def44] +curl-7.60.0/lib/vtls/openssl.c: scope_hint: In function 'ossl_connect_step1' curl-7.60.0/lib/vtls/openssl.c:2217:5: warning[-Wdeprecated-declarations]: 'SSLv3_client_method' is deprecated -# req_method = SSLv3_client_method(); -# ^~~~~~~~~~ -/usr/include/openssl/opensslconf.h:42: included_from: Included from here. -/usr/include/openssl/ct.h:13: included_from: Included from here. -/usr/include/openssl/ssl.h:61: included_from: Included from here. -curl-7.60.0/lib/vtls/openssl.c:52: included_from: Included from here. -/usr/include/openssl/ssl.h:1619:1: note: declared here -# DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) /* SSLv3 */ -# ^~~~~~~~~~~~~~~~~~ -# 2215| return CURLE_SSL_CONNECT_ERROR; -# 2216| #endif -# 2217|-> req_method = SSLv3_client_method(); -# 2218| use_sni(FALSE); -# 2219| break; +# req_method = SSLv3_client_method(); +# ^~~~~~~~~~ +/usr/include/openssl/opensslconf.h:42: included_from: Included from here. +/usr/include/openssl/ct.h:13: included_from: Included from here. +/usr/include/openssl/ssl.h:61: included_from: Included from here. +curl-7.60.0/lib/vtls/openssl.c:52: included_from: Included from here. +/usr/include/openssl/ssl.h:1619:1: note: declared here +# DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) /* SSLv3 */ +# ^~~~~~~~~~~~~~~~~~ +# 2215| return CURLE_SSL_CONNECT_ERROR; +# 2216| #endif +# 2217|-> req_method = SSLv3_client_method(); +# 2218| use_sni(FALSE); +# 2219| break; -Error: DEADCODE (CWE-561): [#def45] -curl-7.60.0/lib/vtls/openssl.c:2214: cond_cannot_single: Condition "ssl_authtype == CURL_TLSAUTH_SRP", taking false branch. Now the value of "ssl_authtype" cannot be equal to 1. -curl-7.60.0/lib/vtls/openssl.c:2309: cannot_single: At condition "ssl_authtype == CURL_TLSAUTH_SRP", the value of "ssl_authtype" cannot be equal to 1. -curl-7.60.0/lib/vtls/openssl.c:2309: dead_error_condition: The condition "ssl_authtype == CURL_TLSAUTH_SRP" cannot be true. +Error: DEADCODE (CWE-561): [#def45] +curl-7.60.0/lib/vtls/openssl.c:2214: cond_cannot_single: Condition "ssl_authtype == CURL_TLSAUTH_SRP", taking false branch. Now the value of "ssl_authtype" cannot be equal to 1. +curl-7.60.0/lib/vtls/openssl.c:2309: cannot_single: At condition "ssl_authtype == CURL_TLSAUTH_SRP", the value of "ssl_authtype" cannot be equal to 1. +curl-7.60.0/lib/vtls/openssl.c:2309: dead_error_condition: The condition "ssl_authtype == CURL_TLSAUTH_SRP" cannot be true. curl-7.60.0/lib/vtls/openssl.c:2310: dead_error_line: Execution cannot reach this statement: "Curl_infof(data, "Set versi...". -# 2308| #ifdef USE_TLS_SRP -# 2309| if(ssl_authtype == CURL_TLSAUTH_SRP) { -# 2310|-> infof(data, "Set version TLSv1.x for SRP authorisation\n"); -# 2311| } -# 2312| #endif +# 2308| #ifdef USE_TLS_SRP +# 2309| if(ssl_authtype == CURL_TLSAUTH_SRP) { +# 2310|-> infof(data, "Set version TLSv1.x for SRP authorisation\n"); +# 2311| } +# 2312| #endif -Error: DEADCODE (CWE-561): [#def46] -curl-7.60.0/lib/vtls/openssl.c:2181: equality_cond: Jumping to case "CURL_SSLVERSION_DEFAULT". -curl-7.60.0/lib/vtls/openssl.c:2182: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1". -curl-7.60.0/lib/vtls/openssl.c:2183: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_0". -curl-7.60.0/lib/vtls/openssl.c:2184: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_1". -curl-7.60.0/lib/vtls/openssl.c:2185: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_2". -curl-7.60.0/lib/vtls/openssl.c:2186: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_3". -curl-7.60.0/lib/vtls/openssl.c:2208: equality_cond: Jumping to case "CURL_SSLVERSION_SSLv3". -curl-7.60.0/lib/vtls/openssl.c:2306: intervals: When switching on "ssl_version", the value of "ssl_version" must be in one of the following intervals: {[0,1], [3,7]}. -curl-7.60.0/lib/vtls/openssl.c:2339: dead_error_condition: The switch value "ssl_version" cannot be "CURL_SSLVERSION_SSLv2". +Error: DEADCODE (CWE-561): [#def46] +curl-7.60.0/lib/vtls/openssl.c:2181: equality_cond: Jumping to case "CURL_SSLVERSION_DEFAULT". +curl-7.60.0/lib/vtls/openssl.c:2182: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1". +curl-7.60.0/lib/vtls/openssl.c:2183: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_0". +curl-7.60.0/lib/vtls/openssl.c:2184: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_1". +curl-7.60.0/lib/vtls/openssl.c:2185: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_2". +curl-7.60.0/lib/vtls/openssl.c:2186: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_3". +curl-7.60.0/lib/vtls/openssl.c:2208: equality_cond: Jumping to case "CURL_SSLVERSION_SSLv3". +curl-7.60.0/lib/vtls/openssl.c:2306: intervals: When switching on "ssl_version", the value of "ssl_version" must be in one of the following intervals: {[0,1], [3,7]}. +curl-7.60.0/lib/vtls/openssl.c:2339: dead_error_condition: The switch value "ssl_version" cannot be "CURL_SSLVERSION_SSLv2". curl-7.60.0/lib/vtls/openssl.c:2339: dead_error_begin: Execution cannot reach this statement: "case CURL_SSLVERSION_SSLv2:". -# 2337| break; -# 2338| -# 2339|-> case CURL_SSLVERSION_SSLv2: -# 2340| #ifndef OPENSSL_NO_SSL2 -# 2341| ctx_options |= SSL_OP_NO_SSLv3; +# 2337| break; +# 2338| +# 2339|-> case CURL_SSLVERSION_SSLv2: +# 2340| #ifndef OPENSSL_NO_SSL2 +# 2341| ctx_options |= SSL_OP_NO_SSLv3; -Error: DEADCODE (CWE-561): [#def47] -curl-7.60.0/lib/vtls/openssl.c:2181: equality_cond: Jumping to case "CURL_SSLVERSION_DEFAULT". -curl-7.60.0/lib/vtls/openssl.c:2182: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1". -curl-7.60.0/lib/vtls/openssl.c:2183: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_0". -curl-7.60.0/lib/vtls/openssl.c:2184: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_1". -curl-7.60.0/lib/vtls/openssl.c:2185: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_2". -curl-7.60.0/lib/vtls/openssl.c:2186: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_3". -curl-7.60.0/lib/vtls/openssl.c:2208: equality_cond: Jumping to case "CURL_SSLVERSION_SSLv3". -curl-7.60.0/lib/vtls/openssl.c:2306: intervals: When switching on "ssl_version", the value of "ssl_version" must be in one of the following intervals: {[0,1], [3,7]}. -curl-7.60.0/lib/vtls/openssl.c:2306: dead_error_condition: The switch value "ssl_version" cannot reach the default case. +Error: DEADCODE (CWE-561): [#def47] +curl-7.60.0/lib/vtls/openssl.c:2181: equality_cond: Jumping to case "CURL_SSLVERSION_DEFAULT". +curl-7.60.0/lib/vtls/openssl.c:2182: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1". +curl-7.60.0/lib/vtls/openssl.c:2183: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_0". +curl-7.60.0/lib/vtls/openssl.c:2184: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_1". +curl-7.60.0/lib/vtls/openssl.c:2185: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_2". +curl-7.60.0/lib/vtls/openssl.c:2186: equality_cond: Jumping to case "CURL_SSLVERSION_TLSv1_3". +curl-7.60.0/lib/vtls/openssl.c:2208: equality_cond: Jumping to case "CURL_SSLVERSION_SSLv3". +curl-7.60.0/lib/vtls/openssl.c:2306: intervals: When switching on "ssl_version", the value of "ssl_version" must be in one of the following intervals: {[0,1], [3,7]}. +curl-7.60.0/lib/vtls/openssl.c:2306: dead_error_condition: The switch value "ssl_version" cannot reach the default case. curl-7.60.0/lib/vtls/openssl.c:2356: dead_error_begin: Execution cannot reach this statement: "default:". -# 2354| #endif -# 2355| -# 2356|-> default: -# 2357| failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); -# 2358| return CURLE_SSL_CONNECT_ERROR; +# 2354| #endif +# 2355| +# 2356|-> default: +# 2357| failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); +# 2358| return CURLE_SSL_CONNECT_ERROR; -Error: TOCTOU (CWE-367): [#def48] -curl-7.60.0/src/tool_dirhie.c:113: cond_false: Condition "!outdup", taking false branch. -curl-7.60.0/src/tool_dirhie.c:114: if_end: End of if statement. -curl-7.60.0/src/tool_dirhie.c:117: cond_false: Condition "!dirbuildup", taking false branch. -curl-7.60.0/src/tool_dirhie.c:120: if_end: End of if statement. -curl-7.60.0/src/tool_dirhie.c:127: cond_true: Condition "tempdir != NULL", taking true branch. -curl-7.60.0/src/tool_dirhie.c:131: cond_true: Condition "tempdir2 != NULL", taking true branch. -curl-7.60.0/src/tool_dirhie.c:133: cond_true: Condition "dlen", taking true branch. -curl-7.60.0/src/tool_dirhie.c:134: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/src/tool_dirhie.c:141: if_end: End of if statement. -curl-7.60.0/src/tool_dirhie.c:142: fs_check_call: Calling function "access" to perform check on "dirbuildup". -curl-7.60.0/src/tool_dirhie.c:142: cond_true: Condition "access(dirbuildup, 0) == -1", taking true branch. +Error: TOCTOU (CWE-367): [#def48] +curl-7.60.0/src/tool_dirhie.c:113: cond_false: Condition "!outdup", taking false branch. +curl-7.60.0/src/tool_dirhie.c:114: if_end: End of if statement. +curl-7.60.0/src/tool_dirhie.c:117: cond_false: Condition "!dirbuildup", taking false branch. +curl-7.60.0/src/tool_dirhie.c:120: if_end: End of if statement. +curl-7.60.0/src/tool_dirhie.c:127: cond_true: Condition "tempdir != NULL", taking true branch. +curl-7.60.0/src/tool_dirhie.c:131: cond_true: Condition "tempdir2 != NULL", taking true branch. +curl-7.60.0/src/tool_dirhie.c:133: cond_true: Condition "dlen", taking true branch. +curl-7.60.0/src/tool_dirhie.c:134: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/src/tool_dirhie.c:141: if_end: End of if statement. +curl-7.60.0/src/tool_dirhie.c:142: fs_check_call: Calling function "access" to perform check on "dirbuildup". +curl-7.60.0/src/tool_dirhie.c:142: cond_true: Condition "access(dirbuildup, 0) == -1", taking true branch. curl-7.60.0/src/tool_dirhie.c:143: toctou: Calling function "mkdir" that uses "dirbuildup" after a check function. This can cause a time-of-check, time-of-use race condition. -# 141| } -# 142| if(access(dirbuildup, F_OK) == -1) { -# 143|-> if(-1 == mkdir(dirbuildup, (mode_t)0000750)) { -# 144| show_dir_errno(errors, dirbuildup); -# 145| result = CURLE_WRITE_ERROR; +# 141| } +# 142| if(access(dirbuildup, F_OK) == -1) { +# 143|-> if(-1 == mkdir(dirbuildup, (mode_t)0000750)) { +# 144| show_dir_errno(errors, dirbuildup); +# 145| result = CURLE_WRITE_ERROR; -Error: COPY_PASTE_ERROR (CWE-398): [#def49] -curl-7.60.0/tests/python_dependencies/impacket/ntlm.py:595: original: "user.decode" looks like the original copy. +Error: COPY_PASTE_ERROR (CWE-398): [#def49] +curl-7.60.0/tests/python_dependencies/impacket/ntlm.py:595: original: "user.decode" looks like the original copy. curl-7.60.0/tests/python_dependencies/impacket/ntlm.py:603: copy_paste_error: "user" in "user.decode" looks like a copy-paste error. -curl-7.60.0/tests/python_dependencies/impacket/ntlm.py:603: remediation: Should it say "domain" instead? -# 601| domain.encode('utf-16le') -# 602| except: -# 603|-> domain = user.decode(encoding) -# 604| -# 605| ntlmChallenge = NTLMAuthChallenge(type2) +curl-7.60.0/tests/python_dependencies/impacket/ntlm.py:603: remediation: Should it say "domain" instead? +# 601| domain.encode('utf-16le') +# 602| except: +# 603|-> domain = user.decode(encoding) +# 604| +# 605| ntlmChallenge = NTLMAuthChallenge(type2) -Error: FORWARD_NULL (CWE-476): [#def50] -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3504: assign_undefined: Assigning: "readAndX" = "undefined". -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3504: cond_true: Condition "!max_size", taking true branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3505: cond_true: Condition "self._dialects_parameters["Capabilities"] & SMB.CAP_LARGE_READX", taking true branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3505: cond_true: Condition "self._SignatureEnabled === False", taking true branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3505: cond_true: Condition "(self._dialects_parameters["Capabilities"] & SMB.CAP_LARGE_READX) && (self._SignatureEnabled === False)", taking true branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3506: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3508: if_end: End of if statement. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3512: cond_false: Condition "smb_packet === None", taking false branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3523: else_branch: Reached else branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3525: cond_true: Condition "wait_answer", taking true branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3527: cond_true: Condition "1", taking true branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3531: cond_true: Condition "ans.isValidAnswer(SMB.SMB_COM_READ_ANDX)", taking true branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3539: cond_false: Condition "!ans.isMoreData()", taking false branch. -curl-7.60.0/tests/python_dependencies/impacket/smb.py:3540: if_end: End of if statement. +Error: FORWARD_NULL (CWE-476): [#def50] +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3504: assign_undefined: Assigning: "readAndX" = "undefined". +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3504: cond_true: Condition "!max_size", taking true branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3505: cond_true: Condition "self._dialects_parameters["Capabilities"] & SMB.CAP_LARGE_READX", taking true branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3505: cond_true: Condition "self._SignatureEnabled === False", taking true branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3505: cond_true: Condition "(self._dialects_parameters["Capabilities"] & SMB.CAP_LARGE_READX) && (self._SignatureEnabled === False)", taking true branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3506: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3508: if_end: End of if statement. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3512: cond_false: Condition "smb_packet === None", taking false branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3523: else_branch: Reached else branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3525: cond_true: Condition "wait_answer", taking true branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3527: cond_true: Condition "1", taking true branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3531: cond_true: Condition "ans.isValidAnswer(SMB.SMB_COM_READ_ANDX)", taking true branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3539: cond_false: Condition "!ans.isMoreData()", taking false branch. +curl-7.60.0/tests/python_dependencies/impacket/smb.py:3540: if_end: End of if statement. curl-7.60.0/tests/python_dependencies/impacket/smb.py:3542: property_access: Accessing a property of null-like value "readAndX". -# 3540| return answer -# 3541| max_size = min(max_size, readAndXParameters['Remaining']) -# 3542|-> readAndX['Parameters']['Offset'] += count # XXX Offset is not important (apparently) -# 3543| else: -# 3544| self.sendSMB(smb) +# 3540| return answer +# 3541| max_size = min(max_size, readAndXParameters['Remaining']) +# 3542|-> readAndX['Parameters']['Offset'] += count # XXX Offset is not important (apparently) +# 3543| else: +# 3544| self.sendSMB(smb) -Error: IDENTICAL_BRANCHES: [#def51] +Error: IDENTICAL_BRANCHES: [#def51] curl-7.60.0/tests/python_dependencies/impacket/smb.py:3775: identical_branches: Ternary expression on condition "self.__flags2 & SMB.FLAGS2_UNICODE" has identical then and else expressions: """". Should one of the expressions be modified, or the entire ternary expression replaced? -# 3773| findFirstParameter['InformationLevel'] = SMB_FIND_FILE_BOTH_DIRECTORY_INFO -# 3774| findFirstParameter['SearchStorageType'] = 0 -# 3775|-> findFirstParameter['FileName'] = path + ('\x00\x00' if self.__flags2 & SMB.FLAGS2_UNICODE else '\x00') -# 3776| self.send_trans2(tid, SMB.TRANS2_FIND_FIRST2, '\x00', findFirstParameter, '') -# 3777| files = [ ] +# 3773| findFirstParameter['InformationLevel'] = SMB_FIND_FILE_BOTH_DIRECTORY_INFO +# 3774| findFirstParameter['SearchStorageType'] = 0 +# 3775|-> findFirstParameter['FileName'] = path + ('\x00\x00' if self.__flags2 & SMB.FLAGS2_UNICODE else '\x00') +# 3776| self.send_trans2(tid, SMB.TRANS2_FIND_FIRST2, '\x00', findFirstParameter, '') +# 3777| files = [ ] -Error: IDENTICAL_BRANCHES: [#def52] +Error: IDENTICAL_BRANCHES: [#def52] curl-7.60.0/tests/python_dependencies/impacket/smb.py:3818: identical_branches: Ternary expression on condition "self.__flags2 & SMB.FLAGS2_UNICODE" has identical then and else expressions: """". Should one of the expressions be modified, or the entire ternary expression replaced? -# 3816| findNextParameter['ResumeKey'] = 0 -# 3817| findNextParameter['Flags'] = SMB_FIND_RETURN_RESUME_KEYS | SMB_FIND_CLOSE_AT_EOS -# 3818|-> findNextParameter['FileName'] = resume_filename + ('\x00\x00' if self.__flags2 & SMB.FLAGS2_UNICODE else '\x00') -# 3819| self.send_trans2(tid, SMB.TRANS2_FIND_NEXT2, '\x00', findNextParameter, '') -# 3820| findData = '' +# 3816| findNextParameter['ResumeKey'] = 0 +# 3817| findNextParameter['Flags'] = SMB_FIND_RETURN_RESUME_KEYS | SMB_FIND_CLOSE_AT_EOS +# 3818|-> findNextParameter['FileName'] = resume_filename + ('\x00\x00' if self.__flags2 & SMB.FLAGS2_UNICODE else '\x00') +# 3819| self.send_trans2(tid, SMB.TRANS2_FIND_NEXT2, '\x00', findNextParameter, '') +# 3820| findData = '' -Error: FORWARD_NULL (CWE-476): [#def53] -curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2066: assign_undefined: Assigning: "mode" = "undefined". -curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2077: cond_false: Condition "connData["ConnectedShares"].has_key(recvPacket["Tid"])", taking false branch. -curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2085: else_branch: Reached else branch. -curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2087: cond_true: Condition "errorCode == STATUS_SUCCESS", taking true branch. -curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2090: cond_true: Condition "len(connData["OpenedFiles"]) == 0", taking true branch. -curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2091: if_fallthrough: Falling through to end of if statement. -curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2093: if_end: End of if statement. +Error: FORWARD_NULL (CWE-476): [#def53] +curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2066: assign_undefined: Assigning: "mode" = "undefined". +curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2077: cond_false: Condition "connData["ConnectedShares"].has_key(recvPacket["Tid"])", taking false branch. +curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2085: else_branch: Reached else branch. +curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2087: cond_true: Condition "errorCode == STATUS_SUCCESS", taking true branch. +curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2090: cond_true: Condition "len(connData["OpenedFiles"]) == 0", taking true branch. +curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2091: if_fallthrough: Falling through to end of if statement. +curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2093: if_end: End of if statement. curl-7.60.0/tests/python_dependencies/impacket/smbserver.py:2095: invalid_operation: Invalid operation on null-like value "mode". -# 2093| fid = connData['OpenedFiles'].keys()[-1] + 1 -# 2094| respParameters['Fid'] = fid -# 2095|-> if mode & os.O_CREAT: -# 2096| # File did not exist and was created -# 2097| respParameters['Action'] = 0x2 +# 2093| fid = connData['OpenedFiles'].keys()[-1] + 1 +# 2094| respParameters['Fid'] = fid +# 2095|-> if mode & os.O_CREAT: +# 2096| # File did not exist and was created +# 2097| respParameters['Action'] = 0x2Scan Properties
--
- analyzer-version-clang 6.0.0 - analyzer-version-coverity 2017.07-SP2 - analyzer-version-cppcheck 1.80 - analyzer-version-gcc 8.1.1 - analyzer-version-shellcheck 0.4.7 - cov-compilation-unit-count 193 - cov-compilation-unit-ratio 100 - cov-lines-processed 174359 - cov-time-elapsed-analysis 00:01:55 - exit-code 0 - host cov01.lab.eng.brq.redhat.com - mock-config rhel-8.0-x86_64 - project-name curl-7.60.0-1.el8+7 - store-results-to /tmp/tmpteasee/curl-7.60.0-1.el8+7.tar.xz - time-created 2018-06-28 01:26:37 - time-finished 2018-06-28 01:47:28 - tool csmock - tool-args '/usr/bin/csmock' '-t' 'cppcheck,gcc,shellcheck,clang,coverity' '-o' '/tmp/tmpteasee/curl-7.60.0-1.el8+7.tar.xz' '-r' 'rhel-8.0-x86_64' '--cov-analyze-java' '--cov-analyze-opts=--security --concurrency' '--cov-use-version' 'cov-sa-2017.07' '--cov-fs-capture' '--use-host-cppcheck' '/tmp/tmpteasee/curl-7.60.0-1.el8+7.src.rpm' + tool-version csmock-2.1.1.20180627.142826.g96a4a75-1.el6 +
+ analyzer-version-clang 6.0.0 + analyzer-version-coverity 2017.07-SP2 + analyzer-version-cppcheck 1.80 + analyzer-version-gcc 8.1.1 + analyzer-version-shellcheck 0.4.7 + cov-compilation-unit-count 193 + cov-compilation-unit-ratio 100 + cov-lines-processed 174359 + cov-time-elapsed-analysis 00:01:55 + exit-code 0 + host cov01.lab.eng.brq.redhat.com + mock-config rhel-8.0-x86_64 + project-name curl-7.60.0-1.el8+7 + store-results-to /tmp/tmpteasee/curl-7.60.0-1.el8+7.tar.xz + time-created 2018-06-28 01:26:37 + time-finished 2018-06-28 01:47:28 + tool csmock + tool-args '/usr/bin/csmock' '-t' 'cppcheck,gcc,shellcheck,clang,coverity' '-o' '/tmp/tmpteasee/curl-7.60.0-1.el8+7.tar.xz' '-r' 'rhel-8.0-x86_64' '--cov-analyze-java' '--cov-analyze-opts=--security --concurrency' '--cov-use-version' 'cov-sa-2017.07' '--cov-fs-capture' '--use-host-cppcheck' '/tmp/tmpteasee/curl-7.60.0-1.el8+7.src.rpm' tool-version csmock-2.1.1.20180627.142826.g96a4a75-1.el6