Skip to content

Commit 5878758

Browse files
siteshwarsiteshwar
committed
xz: add known false positives
Related: tukaani-project/xz#174 (comment) Resolves: #12 Signed-off-by: Siteshwar Vashisht <[email protected]>
1 parent edc123e commit 5878758

File tree

1 file changed

+176
-0
lines changed

1 file changed

+176
-0
lines changed

xz/ignore.err

Lines changed: 176 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,176 @@
1+
Error: SHELLCHECK_WARNING (CWE-569):
2+
/usr/bin/xzdiff:66:25: warning[SC2188]: This redirection doesn't have a command. Move to its command (or use 'true' as no-op).
3+
# 64|
4+
# 65| for file; do
5+
# 66|-> test "X$file" = X- || <"$file" || exit 2
6+
# 67| done
7+
# 68|
8+
# Upstream coding style.
9+
10+
Error: SHELLCHECK_WARNING (CWE-563):
11+
/usr/bin/xzdiff:103:7: warning[SC2034]: FILE appears unused. Verify use (or export if used externally).
12+
# 101| FILE=`expr "X$1" : 'X\(.*[-.]t\)zo$'`ar;;
13+
# 102| *.tzst)
14+
# 103|-> FILE=`expr "X$1" : 'X\(.*[-.]t\)zst$'`ar;;
15+
# 104| esac
16+
# 105| xz_status=$(
17+
# Shellcheck cannot see that $FILE is used in an eval command. Nothing to fix here.
18+
19+
Error: SHELLCHECK_WARNING (CWE-569):
20+
/usr/bin/xzless:48:30: warning[SC2089]: Quotes/backslashes will be treated literally. Rewrite using set/"$@" or functions.
21+
# 46| nl='
22+
# 47| '
23+
# 48|-> LESSMETACHARS="$space$tab$nl'"';*?"()<>[|&^`#\$%=~'
24+
# 49| fi
25+
# 50|
26+
# Code does what it's supposed to do.
27+
28+
Error: SHELLCHECK_WARNING (CWE-569):
29+
/usr/bin/xzless:72:8: warning[SC2090]: Quotes/backslashes in this variable will not be respected.
30+
# 70| fi
31+
# 71|
32+
# 72|-> export LESSMETACHARS LESSOPEN
33+
# 73|
34+
# 74| exec less $SHOW_PREPROC_ERRORS "$@"
35+
# Code does what it's supposed to do.
36+
37+
Error: SHELLCHECK_WARNING (CWE-398):
38+
/usr/bin/xzmore:47:46: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
39+
# 45| fi
40+
# 46| if test $? -eq 0 && test -n "$oldtty"; then
41+
# 47|-> trap 'stty $oldtty 2>/dev/null; exit' 0 2 3 5 10 13 15
42+
# 48| else
43+
# 49| trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15
44+
# Avoid fixing them to be cautious that a fix won't introduce a new compatibility issue on other operating systems.
45+
46+
Error: SHELLCHECK_WARNING (CWE-398):
47+
/usr/bin/xzmore:47:48: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
48+
# 45| fi
49+
# 46| if test $? -eq 0 && test -n "$oldtty"; then
50+
# 47|-> trap 'stty $oldtty 2>/dev/null; exit' 0 2 3 5 10 13 15
51+
# 48| else
52+
# 49| trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15
53+
# Avoid fixing them to be cautious that a fix won't introduce a new compatibility issue on other operating systems.
54+
55+
Error: SHELLCHECK_WARNING (CWE-398):
56+
/usr/bin/xzmore:47:51: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
57+
# 45| fi
58+
# 46| if test $? -eq 0 && test -n "$oldtty"; then
59+
# 47|-> trap 'stty $oldtty 2>/dev/null; exit' 0 2 3 5 10 13 15
60+
# 48| else
61+
# 49| trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15
62+
# Avoid fixing them to be cautious that a fix won't introduce a new compatibility issue on other operating systems.
63+
64+
Error: SHELLCHECK_WARNING (CWE-398):
65+
/usr/bin/xzmore:49:48: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
66+
# 47| trap 'stty $oldtty 2>/dev/null; exit' 0 2 3 5 10 13 15
67+
# 48| else
68+
# 49|-> trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15
69+
# 50| fi
70+
# 51|
71+
# Avoid fixing them to be cautious that a fix won't introduce a new compatibility issue on other operating systems.
72+
73+
Error: SHELLCHECK_WARNING (CWE-398):
74+
/usr/bin/xzmore:49:50: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
75+
# 47| trap 'stty $oldtty 2>/dev/null; exit' 0 2 3 5 10 13 15
76+
# 48| else
77+
# 49|-> trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15
78+
# 50| fi
79+
# 51|
80+
# Avoid fixing them to be cautious that a fix won't introduce a new compatibility issue on other operating systems.
81+
82+
Error: SHELLCHECK_WARNING (CWE-398):
83+
/usr/bin/xzmore:49:53: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
84+
# 47| trap 'stty $oldtty 2>/dev/null; exit' 0 2 3 5 10 13 15
85+
# 48| else
86+
# 49|-> trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15
87+
# 50| fi
88+
# 51|
89+
# Avoid fixing them to be cautious that a fix won't introduce a new compatibility issue on other operating systems.
90+
91+
Error: SHELLCHECK_WARNING (CWE-569):
92+
/usr/bin/xzmore:61:3: warning[SC2188]: This redirection doesn't have a command. Move to its command (or use 'true' as no-op).
93+
# 59| FIRST=1
94+
# 60| for FILE; do
95+
# 61|-> < "$FILE" || continue
96+
# 62| if test $FIRST -eq 0; then
97+
# 63| printf "%s--More--(Next file: %s)" "" "$FILE"
98+
# Upstream coding style.
99+
100+
Error: GCC_ANALYZER_WARNING (CWE-476):
101+
xz-5.8.1/src/liblzma/common/index.c:318:32: warning[-Wanalyzer-null-dereference]: dereference of NULL 'result'
102+
xz-5.8.1/src/liblzma/common/index.c:1228:1: enter_function: entry to 'lzma_index_iter_locate'
103+
xz-5.8.1/src/liblzma/common/index.c:1233:12: branch_false: following 'false' branch...
104+
xz-5.8.1/src/liblzma/common/index.c:1237:38: call_function: inlined call to 'index_tree_locate' from 'lzma_index_iter_locate'
105+
xz-5.8.1/src/liblzma/common/index.c:1242:36: call_function: inlined call to 'index_tree_locate' from 'lzma_index_iter_locate'
106+
# 316| {
107+
# 317| const index_tree_node *result = NULL;
108+
# 318|-> const index_tree_node *node = tree->root;
109+
# 319|
110+
# 320| assert(tree->leftmost == NULL
111+
# False positives because the code won't go past index.c:1233 if those pointers are NULL.
112+
113+
Error: GCC_ANALYZER_WARNING (CWE-476):
114+
xz-5.8.1/src/liblzma/common/index.c:1251:16: warning[-Wanalyzer-null-dereference]: dereference of NULL 'result'
115+
xz-5.8.1/src/liblzma/common/index.c:1228:1: enter_function: entry to 'lzma_index_iter_locate'
116+
xz-5.8.1/src/liblzma/common/index.c:1233:12: branch_false: following 'false' branch...
117+
xz-5.8.1/src/liblzma/common/index.c:1237:38: call_function: inlined call to 'index_tree_locate' from 'lzma_index_iter_locate'
118+
xz-5.8.1/src/liblzma/common/index.c:1251:16: danger: dereference of NULL 'result'
119+
# 1249| // we don't want to return them.
120+
# 1250| size_t left = 0;
121+
# 1251|-> size_t right = group->last;
122+
# 1252|
123+
# 1253| while (left < right) {
124+
# False positives because the code won't go past index.c:1233 if those pointers are NULL.
125+
126+
Error: CPPCHECK_WARNING (CWE-457):
127+
xz-5.8.1/src/liblzma/common/stream_decoder.c:217: error[uninitvar]: Uninitialized variable: filters
128+
# 215|
129+
# 216| // Check the memory usage limit.
130+
# 217|-> const uint64_t memusage = lzma_raw_decoder_memusage(filters);
131+
# 218| lzma_ret ret;
132+
# 219|
133+
# `filters` has been initialized by `lzma_block_header_decode`.
134+
135+
Error: GCC_ANALYZER_WARNING (CWE-775):
136+
xz-5.8.1/src/xz/../common/tuklib_open_stdxxx.c:40:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", <unknown>)’
137+
xz-5.8.1/src/xz/../common/tuklib_open_stdxxx.c:30:25: branch_true: following ‘true’ branch (when ‘i != 3’)...
138+
xz-5.8.1/src/xz/../common/tuklib_open_stdxxx.c:32:21: branch_true: ...to here
139+
xz-5.8.1/src/xz/../common/tuklib_open_stdxxx.c:32:20: branch_true: following ‘true’ branch...
140+
xz-5.8.1/src/xz/../common/tuklib_open_stdxxx.c:37:40: branch_true: following ‘true’ branch (when ‘i == 0’)...
141+
xz-5.8.1/src/xz/../common/tuklib_open_stdxxx.c:37:40: branch_true: ...to here
142+
xz-5.8.1/src/xz/../common/tuklib_open_stdxxx.c:37:40: acquire_resource: opened here
143+
xz-5.8.1/src/xz/../common/tuklib_open_stdxxx.c:40:28: danger: ‘open("/dev/null", <unknown>)’ leaks here; was opened at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
144+
# 38| | (i == 0 ? O_WRONLY : O_RDONLY));
145+
# 39|
146+
# 40|-> if (fd != i) {
147+
# 41| if (fd != -1)
148+
# 42| (void)close(fd);
149+
# Code is to ensure that file descriptors 0, 1, and 2 are open before creating more file descriptors.
150+
151+
Error: CPPCHECK_WARNING (CWE-562):
152+
xz-5.8.1/src/xzdec/xzdec.c:192: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
153+
# 190|
154+
# 191| strm->avail_in = 0;
155+
# 192|-> strm->next_out = out_buf;
156+
# 193| strm->avail_out = BUFSIZ;
157+
# 194|
158+
# Analyzer fears that the pointer will be used even after the local variable is out of scope. This is not the case, so these are false alarms.
159+
160+
Error: CPPCHECK_WARNING (CWE-562):
161+
xz-5.8.1/src/xzdec/xzdec.c:199: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
162+
# 197| while (true) {
163+
# 198| if (strm->avail_in == 0) {
164+
# 199|-> strm->next_in = in_buf;
165+
# 200| strm->avail_in = fread(in_buf, 1, BUFSIZ, file);
166+
# 201|
167+
# Analyzer fears that the pointer will be used even after the local variable is out of scope. This is not the case, so these are false alarms.
168+
169+
Error: CPPCHECK_WARNING (CWE-562):
170+
xz-5.8.1/src/xzdec/xzdec.c:247: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
171+
# 245| }
172+
# 246|
173+
# 247|-> strm->next_out = out_buf;
174+
# 248| strm->avail_out = BUFSIZ;
175+
# 249| }
176+
# Analyzer fears that the pointer will be used even after the local variable is out of scope. This is not the case, so these are false alarms.

0 commit comments

Comments
 (0)