[jason@moocow romjudge]$ make
cc -Wall -Og -ggdb -std=c99 -fanalyzer -c -o romjudge.o romjudge.c
cc -Wall -Og -ggdb -std=c99 -fanalyzer -c -o grader.o grader.c
grader.c: In function ‘perm_iterator_init’:
grader.c:128:5: warning: leak of ‘’ [CWE-401] [-Wanalyzer-malloc-leak]
128 | if (!p->order || !p->direction)
| ^
‘grade’: events 1-2
|
| 472 | void grade(struct romGrade *rg, uint8_t * rom, size_t len)
| | ^~~~~
| | |
| | (1) entry to ‘grade’
| 473 | {
| 474 | grade_size(rg, rom, len);
| | ~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling ‘grade_size’ from ‘grade’
|
+--> ‘grade_size’: events 3-5
|
| 269 | void grade_size(struct romGrade *rg, uint8_t * rom, size_t len)
| | ^~~~~~~~~~
| | |
| | (3) entry to ‘grade_size’
|......
| 272 | if (rg->fileSize < 0x101000) {
| | ~
| | |
| | (4) following ‘false’ branch...
|......
| 276 | switch (rg->fileSize) {
| | ~~~~~~
| | |
| | (5) ...to here
|
<------+
|
‘grade’: events 6-9
|
| 474 | grade_size(rg, rom, len);
| | ^~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) returning to ‘grade’ from ‘grade_size’
| 475 | if (rg->fileSizeGrade == GRADE_ERROR)
| | ~
| | |
| | (7) following ‘false’ branch...
|......
| 478 | grade_byte_order(rg, rom, len); // also grades ipl3
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (8) ...to here
| | (9) calling ‘grade_byte_order’ from ‘grade’
|
+--> ‘grade_byte_order’: events 10-11
|
| 296 | void grade_byte_order(struct romGrade *rg, uint8_t * rom, size_t len)
| | ^~~~~~~~~~~~~~~~
| | |
| | (10) entry to ‘grade_byte_order’
|......
| 302 | perm_iterator_init(&p, 4);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (11) calling ‘perm_iterator_init’ from ‘grade_byte_order’
|
+--> ‘perm_iterator_init’: events 12-16
|
| 119 | int perm_iterator_init(struct perm_iterator *p, int n)
| | ^~~~~~~~~~~~~~~~~~
| | |
| | (12) entry to ‘perm_iterator_init’
| 120 | {
| 121 | if (n < 1)
| | ~
| | |
| | (13) following ‘false’ branch (when ‘n > 0’)...
|......
| 124 | p->num_elements = n;
| | ~
| | |
| | (14) ...to here
| 125 | p->order = calloc(n, sizeof(int));
| 126 | p->direction = calloc(n, sizeof(char));
| | ~
| | |
| | (15) allocated here
| 127 |
| 128 | if (!p->order || !p->direction)
| | ~
| | |
| | (16) following ‘true’ branch...
|
‘perm_iterator_init’: event 17
|
|cc1:
| (17): ...to here
|
‘perm_iterator_init’: event 18
|
| 128 | if (!p->order || !p->direction)
| | ^
| | |
| | (18) ‘’ leaks here; was allocated at (15)
|
grader.c: In function ‘grade_byte_order’:
grader.c:307:26: warning: dereference of NULL ‘p.order’ [CWE-690] [-Wanalyzer-null-dereference]
307 | b[0] = rom[i + p.order[0]];
| ~~~~~~~^~~
‘grade’: events 1-2
|
| 472 | void grade(struct romGrade *rg, uint8_t * rom, size_t len)
| | ^~~~~
| | |
| | (1) entry to ‘grade’
| 473 | {
| 474 | grade_size(rg, rom, len);
| | ~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling ‘grade_size’ from ‘grade’
|
+--> ‘grade_size’: events 3-5
|
| 269 | void grade_size(struct romGrade *rg, uint8_t * rom, size_t len)
| | ^~~~~~~~~~
| | |
| | (3) entry to ‘grade_size’
|......
| 272 | if (rg->fileSize < 0x101000) {
| | ~
| | |
| | (4) following ‘false’ branch...
|......
| 276 | switch (rg->fileSize) {
| | ~~~~~~
| | |
| | (5) ...to here
|
<------+
|
‘grade’: events 6-9
|
| 474 | grade_size(rg, rom, len);
| | ^~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) returning to ‘grade’ from ‘grade_size’
| 475 | if (rg->fileSizeGrade == GRADE_ERROR)
| | ~
| | |
| | (7) following ‘false’ branch...
|......
| 478 | grade_byte_order(rg, rom, len); // also grades ipl3
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (8) ...to here
| | (9) calling ‘grade_byte_order’ from ‘grade’
|
+--> ‘grade_byte_order’: events 10-11
|
| 296 | void grade_byte_order(struct romGrade *rg, uint8_t * rom, size_t len)
| | ^~~~~~~~~~~~~~~~
| | |
| | (10) entry to ‘grade_byte_order’
|......
| 302 | perm_iterator_init(&p, 4);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (11) calling ‘perm_iterator_init’ from ‘grade_byte_order’
|
+--> ‘perm_iterator_init’: events 12-20
|
| 119 | int perm_iterator_init(struct perm_iterator *p, int n)
| | ^~~~~~~~~~~~~~~~~~
| | |
| | (12) entry to ‘perm_iterator_init’
| 120 | {
| 121 | if (n < 1)
| | ~
| | |
| | (13) following ‘false’ branch (when ‘n > 0’)...
|......
| 124 | p->num_elements = n;
| | ~
| | |
| | (14) ...to here
| 125 | p->order = calloc(n, sizeof(int));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (15) allocated here
| 126 | p->direction = calloc(n, sizeof(char));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (17) allocated here
| | (16) allocated here
| 127 |
| 128 | if (!p->order || !p->direction)
| | ~~ ~
| | | |
| | | (19) ‘p.order’ is NULL
| | | (20) following ‘true’ branch...
| | (18) allocated here
|
‘perm_iterator_init’: event 21
|
|cc1:
| (21): ...to here
|
‘perm_iterator_init’: event 22
|
|cc1:
| (22): ‘p.order’ is NULL
|
‘perm_iterator_init’: event 23
|
|cc1:
| (23): ‘p.order’ is NULL
|
<------+
|
‘grade_byte_order’: events 24-27
|
| 302 | perm_iterator_init(&p, 4);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (24) returning to ‘grade_byte_order’ from ‘perm_iterator_init’
|......
| 306 | for (i = 0x40; i < 0x1000; i += 4) {
| | ~~~
| | |
| | (25) following ‘true’ branch (when ‘i <= 4095’)...
| 307 | b[0] = rom[i + p.order[0]];
| | ~ ~~~~~~~~~~
| | | |
| | | (27) dereference of NULL ‘p.order’
| | (26) ...to here
|
grader.c:342:1: warning: leak of ‘p.direction’ [CWE-401] [-Wanalyzer-malloc-leak]
342 | }
| ^
‘grade’: events 1-2
|
| 472 | void grade(struct romGrade *rg, uint8_t * rom, size_t len)
| | ^~~~~
| | |
| | (1) entry to ‘grade’
| 473 | {
| 474 | grade_size(rg, rom, len);
| | ~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling ‘grade_size’ from ‘grade’
|
+--> ‘grade_size’: events 3-5
|
| 269 | void grade_size(struct romGrade *rg, uint8_t * rom, size_t len)
| | ^~~~~~~~~~
| | |
| | (3) entry to ‘grade_size’
|......
| 272 | if (rg->fileSize < 0x101000) {
| | ~
| | |
| | (4) following ‘false’ branch...
|......
| 276 | switch (rg->fileSize) {
| | ~~~~~~
| | |
| | (5) ...to here
|
<------+
|
‘grade’: events 6-9
|
| 474 | grade_size(rg, rom, len);
| | ^~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) returning to ‘grade’ from ‘grade_size’
| 475 | if (rg->fileSizeGrade == GRADE_ERROR)
| | ~
| | |
| | (7) following ‘false’ branch...
|......
| 478 | grade_byte_order(rg, rom, len); // also grades ipl3
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (8) ...to here
| | (9) calling ‘grade_byte_order’ from ‘grade’
|
+--> ‘grade_byte_order’: events 10-11
|
| 296 | void grade_byte_order(struct romGrade *rg, uint8_t * rom, size_t len)
| | ^~~~~~~~~~~~~~~~
| | |
| | (10) entry to ‘grade_byte_order’
|......
| 302 | perm_iterator_init(&p, 4);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (11) calling ‘perm_iterator_init’ from ‘grade_byte_order’
|
+--> ‘perm_iterator_init’: events 12-18
|
| 119 | int perm_iterator_init(struct perm_iterator *p, int n)
| | ^~~~~~~~~~~~~~~~~~
| | |
| | (12) entry to ‘perm_iterator_init’
| 120 | {
| 121 | if (n < 1)
| | ~
| | |
| | (13) following ‘false’ branch (when ‘n > 0’)...
|......
| 124 | p->num_elements = n;
| | ~
| | |
| | (14) ...to here
| 125 | p->order = calloc(n, sizeof(int));
| 126 | p->direction = calloc(n, sizeof(char));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (15) allocated here
| 127 |
| 128 | if (!p->order || !p->direction)
| | ~~ ~
| | | |
| | | (17) allocated here
| | | (18) following ‘true’ branch...
| | (16) allocated here
|
‘perm_iterator_init’: event 19
|
|cc1:
| (19): ...to here
|
‘perm_iterator_init’: event 20
|
|cc1:
| (20): allocated here
|
‘perm_iterator_init’: event 21
|
|cc1:
| (21): allocated here
|
<------+
|
‘grade_byte_order’: events 22-27
|
| 302 | perm_iterator_init(&p, 4);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (22) returning to ‘grade_byte_order’ from ‘perm_iterator_init’
|......
| 306 | for (i = 0x40; i < 0x1000; i += 4) {
| | ~~~
| | |
| | (23) following ‘true’ branch (when ‘i <= 4095’)...
| | (25) following ‘false’ branch (when ‘i > 4095’)...
| 307 | b[0] = rom[i + p.order[0]];
| | ~
| | |
| | (24) ...to here
|......
| 316 | rg->ipl3 = identify_ipl3(a + 0x40);
| | ~~ ~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (27) calling ‘identify_ipl3’ from ‘grade_byte_order’
| | (26) ...to here
|
+--> ‘identify_ipl3’: events 28-30
|
| 197 | int identify_ipl3(uint8_t * ipl3)
| | ^~~~~~~~~~~~~
| | |
| | (28) entry to ‘identify_ipl3’
| 198 | {
| 199 | uint8_t sha1sum[SHA1_DIGEST_SIZE];
| | ~~~~~~~
| | |
| | (29) allocated here
|......
| 205 | while (cics[cicIndex].type != 0) {
| | ~~~~~
| | |
| | (30) allocated here
|
‘identify_ipl3’: event 31
|
|cc1:
| (31): allocated here
|
‘identify_ipl3’: events 32-39
|
| 205 | while (cics[cicIndex].type != 0) {
| | ^
| | |
| | (32) allocated here
| | (33) allocated here
| | (34) following ‘true’ branch...
| 206 | if (!memcmp(cics[cicIndex].signature, sha1sum,
| | ~~ ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | | |
| | | | (37) allocated here
| | | (38) allocated here
| | | (39) following ‘true’ branch...
| | (35) ...to here
| | (36) allocated here
| 207 | SHA1_DIGEST_SIZE)) {
| | ~~~~~~~~~~~~~~~~~
|
‘identify_ipl3’: event 40
|
|cc1:
| (40): ...to here
|
‘identify_ipl3’: event 41
|
|cc1:
| (41): allocated here
|
‘identify_ipl3’: event 42
|
|cc1:
| (42): allocated here
|
<------+
|
‘grade_byte_order’: events 43-44
|
| 316 | rg->ipl3 = identify_ipl3(a + 0x40);
| | ^~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (43) returning to ‘grade_byte_order’ from ‘identify_ipl3’
| 317 | if (rg->ipl3 != -1)
| | ~
| | |
| | (44) following ‘true’ branch...
|
‘grade_byte_order’: event 45
|
|cc1:
| (45): ...to here
|
‘grade_byte_order’: events 46-52
|
| 321 | if (rg->ipl3 != -1) {
| | ^
| | |
| | (46) following ‘true’ branch...
| 322 | rg->ipl3Grade = GRADE_OK;
| | ~~
| | |
| | (47) ...to here
|......
| 330 | switch (rg->byteOrder) {
| | ~~~~~~
| | |
| | (48) following ‘false’ branch...
|......
| 334 | default:
| | ~~~~~~~
| | |
| | (49) ...to here
| 335 | if (rg->fix)
| | ~
| | |
| | (50) following ‘true’ branch...
| 336 | rg->byteOrderGrade = GRADE_FIXED;
| | ~~
| | |
| | (51) ...to here
|......
| 341 | perm_iterator_destroy(&p);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (52) calling ‘perm_iterator_destroy’ from ‘grade_byte_order’
|
+--> ‘perm_iterator_destroy’: events 53-58
|
| 141 | void perm_iterator_destroy(struct perm_iterator *p)
| | ^~~~~~~~~~~~~~~~~~~~~
| | |
| | (53) entry to ‘perm_iterator_destroy’
| 142 | {
| 143 | free(p->order);
| | ~~~~
| | |
| | (54) allocated here
| 144 | free(p->direction);
| | ~~~~
| | |
| | (55) state of ‘p.direction’: ‘start’ -> ‘freed’ (origin: NULL)
| | (56) allocated here
| 145 | }
| | ~
| | |
| | (57) allocated here
| | (58) allocated here
|
<------+
|
‘grade_byte_order’: events 59-60
|
| 341 | perm_iterator_destroy(&p);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (59) returning to ‘grade_byte_order’ from ‘perm_iterator_destroy’
| 342 | }
| | ~
| | |
| | (60) ‘p.direction’ leaks here; was allocated at (58)
|
cc -Wall -Og -ggdb -std=c99 -fanalyzer -c -o sha1.o sha1.c
cc -Wall -Og -ggdb -std=c99 -fanalyzer -c -o mapfile-posix.o mapfile-posix.c
cc -Wall -Og -ggdb -std=c99 -fanalyzer -c -o mapfile-windows.o mapfile-windows.c
cc romjudge.o grader.o sha1.o mapfile-posix.o mapfile-windows.o -o romjudge